proszę o sprawdzenie loga.

[D3N]

Tym razem wklejam loga znajomego - powód? częste błędy wyskakujące, baaardzo długie wczytywanie komputera, alerty od antywirusa, że komputter jest zainfekowany, a on sobie poprostu z nimi nie radzi. Nie mógł odpalić Hijackthis.exe bo poprostu się wieszał, spróbował z com i udało się. Bardzo prosi o pomoc - nie chce formatować systemu.

Kod: Zaznacz wszystko

   1.  Logfile of Trend Micro HijackThis v2.0.2
   2. Scan saved at 23:43:59, on 2008-03-07
   3. Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
   4. MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
   5. Boot mode: Normal
   6. 
   7. Running processes:
   8. C:\WINDOWS\System32\smss.exe
   9. C:\WINDOWS\system32\winlogon.exe
  10. C:\WINDOWS\system32\services.exe
  11. C:\WINDOWS\system32\lsass.exe
  12. C:\WINDOWS\system32\Ati2evxx.exe
  13. C:\WINDOWS\system32\svchost.exe
  14. C:\WINDOWS\System32\svchost.exe
  15. C:\WINDOWS\system32\spoolsv.exe
  16. C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
  17. C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
  18. C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
  19. C:\WINDOWS\system32\HPZipm12.exe
  20. C:\WINDOWS\system32\Ati2evxx.exe
  21. C:\WINDOWS\Explorer.EXE
  22. C:\WINDOWS\system32\PnkBstrA.exe
  23. C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
  24. C:\WINDOWS\system32\svchost.exe
  25. C:\WINDOWS\SOUNDMAN.EXE
  26. C:\Program Files\D-Tools\daemon.exe
  27. C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
  28. C:\program files\powerstrip\pstrip.exe
  29. C:\Program Files\Winamp\winampa.exe
  30. C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
  31. C:\WINDOWS\system32\ctfmon.exe
  32. C:\Program Files\Skype\Phone\Skype.exe
  33. C:\Program Files\HDD Thermometer\HDD Thermometer.exe
  34. C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
  35. C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
  36. C:\Program Files\USB all-in-one game controller\SK_DevUpdate.exe
  37. C:\Program Files\Skype\Plugin Manager\SkypePM.exe
  38. C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
  39. c:\program files\avira\antivir personaledition classic\avscan.exe
  40. C:\Program Files\Konnekt\konnekt.exe
  41. C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
  42. C:\Program Files\Mozilla Firefox\firefox.exe
  43. C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
  44. C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
  45. 
  46. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/
  47. R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
  48. O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  49. O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
  50. O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
  51. O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
  52. O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb106\Dealio.dll
  53. O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll (file missing)
  54. O2 - BHO: (no name) - {9036e9d0-d6a4-474e-8f90-3f7feaddf22b} - C:\WINDOWS\system32\c_2idq.dll (file missing)
  55. O2 - BHO: (no name) - {DEBEB52F-CFA6-4647-971F-3EDB75B63AFA} - C:\WINDOWS\system32\tmp261.tmp.dll (file missing)
  56. O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
  57. O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - (no file)
  58. O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll
  59. O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
  60. O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
  61. O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
  62. O4 - HKLM\..\Run: [clcl11] C:\WINDOWS\system32\clcl11.exe
  63. O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
  64. O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
  65. O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
  66. O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
  67. O4 - HKLM\..\Run: [SoftickPPP] "C:\Program Files\Softick\PPP\Bin\PPPGate.exe"
  68. O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
  69. O4 - HKLM\..\Run: [GXIF Agent] C:\WINDOWS\system32\28463\GXIF.exe
  70. O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  71. O4 - HKCU\..\Run: [Steam] D:\Valve\Steam\Steam.exe -silent
  72. O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  73. O4 - HKCU\..\Run: [RSD_HDDThermo] C:\Program Files\HDD Thermometer\HDD Thermometer.exe
  74. O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
  75. O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
  76. O4 - HKUS\S-1-5-21-1409082233-1844823847-725345543-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
  77. O4 - HKUS\S-1-5-21-1409082233-1844823847-725345543-1003\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
  78. O4 - HKUS\S-1-5-21-1409082233-1844823847-725345543-1003\..\Run: [RSD_HDDThermo] C:\Program Files\HDD Thermometer\HDD Thermometer.exe (User '?')
  79. O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
  80. O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  81. O4 - S-1-5-21-1409082233-1844823847-725345543-1003 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
  82. O4 - S-1-5-21-1409082233-1844823847-725345543-1003 Startup: SK_DevUpdate.lnk = C:\Program Files\USB all-in-one game controller\SK_DevUpdate.exe (User '?')
  83. O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  84. O4 - Startup: SK_DevUpdate.lnk = C:\Program Files\USB all-in-one game controller\SK_DevUpdate.exe
  85. O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  86. O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
  87. O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?
  88. O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
  89. O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
  90. O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html
  91. O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  92. O8 - Extra context menu item: Pobierz z &BitSpirit - D:\BitSpirit\bsurl.htm
  93. O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
  94. O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
  95. O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
  96. O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
  97. O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
  98. O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
  99. O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll
100. O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
101. O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
102. O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
103. O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
104. O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
105. O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c24.cab?fd7767a287b2d2f76c0a
95f8bda2e136957473c550bfb81e49252734af6867d26a66ecec618633058da45cb1addd0a416
7fc5f33e0c071476677bb6fc6:190950799eb876e613008c54b810aed3
106. O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} - http://www.clickteam.com/vitalize3/vitalize.cab
107. O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
108. O20 - AppInit_DLLs:
109. O20 - Winlogon Notify: c_2idq - c_2idq.dll (file missing)
110. O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
111. O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
112. O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
113. O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
114. O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
115. O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
116. O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
117. O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
118. O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
119. O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
120. O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
121. O24 - Desktop Component 0: (no name) - About:Home
122. 
123. --
124. End of file - 10015 bytes
125. 


PS. Sorry za podzielenie loga w pewnym miejscu, był tak długi że rozwalał całe forum.

[Lukesh]

Zastosuj sie do wskazowek z tematu: http://forum.programosy.pl/bad-generic-host-process-for-win32-services-vt79489.html
Zrob skan on-line www.ewido.com
Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

zastosuj:
SDFix

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt

Pokaz log z ComboFix: http://www.programosy.pl/program,combofix.html
na sam koniec wstaw logi z HJ.