
Mam nielada problem z moim systemem.
1.Wyskakuje błąd programu - avchost.exe
2.Kilka krotnie juz pojawiło sie ostrzezenie , ze brakuje pamięci wirualnej dla systemu.
3.Bardzo wolna otwierają sie strony.
4.Okna windowsa równiez sie b. wolno otwierają a jeśli chodzi o zamykanie ich to sie tak zwijają powoli a nie znikają.
Przeskanowałem system ewido - coś tam znalazł ale usunął.
Chciałem przeskanować mks'em ale sie poprostu nie dało i nie wiem dlaczego - pojawiła sie jedynie pusta strona internetowa.
Prosiłbym bardzo o pomoc, praca na tym kompie jest poprostu niemożliwa a tak bardo niechciałbym formatować systemu.
Bardzo dziękuję!.
oto logi z hijack i silent
hijack:
- Kod: Zaznacz wszystko
- Logfile of HijackThis v1.99.1
 Scan saved at 17:26:58, on 2006-12-09
 Platform: Windows 2000 (WinNT 5.00.2195)
 MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
 Running processes:
 C:\WINNT\System32\smss.exe
 C:\WINNT\system32\winlogon.exe
 C:\WINNT\system32\services.exe
 C:\WINNT\system32\lsass.exe
 C:\WINNT\system32\svchost.exe
 C:\WINNT\system32\LEXBCES.EXE
 C:\WINNT\system32\spoolsv.exe
 C:\WINNT\system32\LEXPPS.EXE
 C:\WINNT\System32\svchost.exe
 C:\Program Files\ewido anti-malware\ewidoctrl.exe
 C:\WINNT\System32\nvsvc32.exe
 C:\WINNT\system32\regsvc.exe
 C:\WINNT\system32\MSTask.exe
 C:\WINNT\explorer.exe
 C:\WINNT\system32\stisvc.exe
 C:\WINNT\System32\WBEM\WinMgmt.exe
 C:\WINNT\System32\mspmspsv.exe
 C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
 C:\WINNT\System32\WF2K.EXE
 C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
 C:\Program Files\QuickTime\qttask.exe
 C:\WINNT\System32\internat.exe
 C:\Program Files\Skype\Phone\Skype.exe
 C:\WINNT\System32\svchost.exe
 C:\Program Files\Internet Explorer\iexplore.exe
 C:\Program Files\Internet Explorer\iexplore.exe
 C:\WINNT\System32\WScript.exe
 E:\HijackThis\HijackThis.exe
 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
 F2 - REG:system.ini: UserInit=userinit.exe
 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
 O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
 O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
 O4 - HKLM\..\Run: [WinFoxV2] C:\WINNT\System32\WF2K.EXE
 O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
 O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
 O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
 O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
 O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
 O4 - HKCU\..\Run: [internat.exe] internat.exe
 O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
 O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\File Sharing Revolution\Shareaza.exe" -tray
 O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
 O4 - Global Startup: Przyspieszenie uruchomienia programu AutoCAD.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
 O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
 O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
 O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
 O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
 O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
 O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
 O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
 O20 - Winlogon Notify: rpcc - C:\WINNT\System32\rpcc.dll
 O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
 O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
 O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
 O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
 O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
silent :
- Kod: Zaznacz wszystko
- "Silent Runners.vbs", revision 45, http://www.silentrunners.org/
 Operating System: Windows 2000
 Output limited to non-default values, except where indicated by "{++}"
 Startup items buried in registry:
 ---------------------------------
 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
 "internat.exe" = "internat.exe" [MS]
 "Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
 "Shareaza" = ""C:\Program Files\File Sharing Revolution\Shareaza.exe" -tray" ["File Sharing Revolution Development Team"]
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
 "WinFast Schedule" = "C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" ["Leadtek Research Inc."]
 "WinFoxV2" = "C:\WINNT\System32\WF2K.EXE" ["Leadtek Research Inc."]
 "WinFast2KLoadDefault" = "rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings" [MS]
 "PrinTray" = "C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe" ["Lexmark"]
 "Resume copy" = "copyfstq.exe /startup" [null data]
 "CloneCDTray" = ""C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."]
 "NeroFilterCheck" = "C:\WINNT\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
 "Synchronization Manager" = "mobsync.exe /logon" [MS]
 "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\ {++}
 "Flag" = 2
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
 {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
 -> {HKLM...CLSID} = "AcroIEHlprObj Class"
 \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
 {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
 -> {HKLM...CLSID} = "Google Toolbar Helper"
 \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
 HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
 "{CCA60260-A2C9-11D2-BA62-0020188191B2}" = "Registrar Registry Manager SHell Extension"
 -> {HKLM...CLSID} = "Registrar Registry Manager SHell Extension"
 \InProcServer32\(Default) = "rrShellX.dll" [file not found]
 "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
 -> {HKLM...CLSID} = "WinZip"
 \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
 "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
 -> {HKLM...CLSID} = "WinZip"
 \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
 "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
 -> {HKLM...CLSID} = "WinZip"
 \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
 "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
 -> {HKLM...CLSID} = "WinZip"
 \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
 INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
 -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
 \InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]
 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
 INFECTION WARNING! rpcc\DLLName = "C:\WINNT\System32\rpcc.dll" [null data]
 HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
 ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
 -> {HKLM...CLSID} = "Ctest Object"
 \InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]
 WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
 -> {HKLM...CLSID} = "WinRAR"
 \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
 WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
 -> {HKLM...CLSID} = "WinZip"
 \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
 HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
 ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
 -> {HKLM...CLSID} = "Ctest Object"
 \InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]
 WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
 -> {HKLM...CLSID} = "WinRAR"
 \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
 WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
 -> {HKLM...CLSID} = "WinZip"
 \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
 HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
 WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
 -> {HKLM...CLSID} = "WinRAR"
 \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
 WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
 -> {HKLM...CLSID} = "WinZip"
 \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
 Default executables:
 --------------------
 HKCU\Software\Classes\.scr\(Default) = "AutoCADScriptFile"
 HKCU\Software\Classes\AutoCADScriptFile\shell\open\command\(Default) = ""C:\WINNT\notepad.exe" "%1"" [MS]
 Active Desktop and Wallpaper:
 -----------------------------
 Active Desktop is disabled at this entry:
 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
 HKCU\Control Panel\Desktop\
 "Wallpaper" = "C:\WINNT\ACD Wallpaper.cmp"
 Enabled Screen Saver:
 ---------------------
 HKCU\Control Panel\Desktop\
 "SCRNSAVE.EXE" = "(BRAK)" [file not found]
 Startup items in "Administrator" & "All Users" startup folders:
 ---------------------------------------------------------------
 C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
 "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
 "Przyspieszenie uruchomienia programu AutoCAD" -> shortcut to: "C:\Program Files\Common Files\Autodesk Shared\acstart16.exe" [null data]
 Winsock2 Service Provider DLLs:
 -------------------------------
 Namespace Service Providers
 HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
 000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS]
 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
 000000000003\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]
 Transport Service Providers
 HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
 %SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 45
 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
 Toolbars, Explorer Bars, Extensions:
 ------------------------------------
 Toolbars
 HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
 "{014DA6C9-189F-421A-88CD-07CFE51CFF10}"
 -> {HKLM...CLSID} = "My Search Bar"
 \InProcServer32\(Default) = "C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL" [file not found]
 "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
 -> {HKLM...CLSID} = "&Google"
 \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
 HKLM\Software\Microsoft\Internet Explorer\Toolbar\
 "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
 -> {HKLM...CLSID} = "&Google"
 \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
 Explorer Bars
 Dormant Explorer Bars in "View, Explorer Bar" menu
 HKLM\Software\Classes\CLSID\{014DA6CE-189F-421A-88CD-07CFE51CFF10}\(Default) = "My Search Bar Quick View"
 Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
 InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [MS]
 Running Services (Display Name, Service Name, Path {Service DLL}):
 ------------------------------------------------------------------
 ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]
 LexBce Server, LexBceS, "C:\WINNT\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
 NVIDIA Driver Helper Service, NVSvc, "C:\WINNT\System32\nvsvc32.exe" ["NVIDIA Corporation"]
 System zdarzeń COM+, EventSystem, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\es.dll" [null data]}
 Print Monitors:
 ---------------
 HKLM\System\CurrentControlSet\Control\Print\Monitors\
 Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]
 Port sieciowy Hewlett-Packard\Driver = "hpmon.dll" [MS]
 Urządzenia drukujące AppleTalk\Driver = "sfmmon.dll" [MS]
 ----------
 + This report excludes default entries except where indicated.
 + To see *everywhere* the script checks and *everything* it finds,
 launch it from a command prompt or a shortcut with the -all parameter.
 + The search for DESKTOP.INI DLL launch points on all local fixed drives
 took 22 seconds.
 + The search for all Registry CLSIDs containing dormant Explorer Bars
 took 6 seconds.
 ---------- (total run time: 42 seconds)

 
	
 
	
 
  