Zahltenie RAM-ky pri starte win xp

[Putcha]

Dobry den

Mam RAM 256MB. Od urcitej doby (cca 2 tyzdne) sa mi prudko zvysili naroky procesov pri logovani a to az tak ze mi ostane 10MB volnych na RAM. Predtym to nerobilo, bralo si to max polovicku RAM. Ciastocne som to vyriesil programom RAM Booster (po pouziti mam volne cca polovicku RAM), ale chcel by som to vyriest natrvalo. S malware problemy nemam.

Prikladam aktualny log z HJT:
aktualna volna RAM-60MB

Logfile of HijackThis v1.99.1
Scan saved at 17:46:40, on 17. 4. 2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\My Programs\Foxie Suite\Firewall.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\My Programs\RamBooster 2.0\Rambooster.exe
C:\My Programs\BitComet\BitComet.exe
C:\My Programs\ObjectDock\ObjectDock.exe
C:\My Programs\Xfire\Xfire.exe
C:\My Programs\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\My Programs\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\My Programs\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\My Programs\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\My Programs\SuperCleaner\SuperCleaner.exe
C:\My Programs\ICQLite\ICQLite.exe
C:\My Programs\Total Commander XP\TOTALCMD.EXE
C:\My Programs\Opera\Opera.exe
C:\My Programs\Winamp\winamp.exe
C:\Documents and Settings\Oliver\Desktop\HijackThis.exe

O1 - Hosts: 82.209.26.196 L2authd.lineage2.com
O1 - Hosts: 82.209.26.196 L2testauthd.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\My Programs\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: FoxieToolbar Class - {432CAE3B-690F-4C3B-BD97-070EBDA210D5} - C:\My Programs\Foxie Suite\foxietoolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\MYPROG~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: FoxieSecurityModule Class - {C65185B1-D52B-44A9-861F-8201B50D1F37} - C:\My Programs\Foxie Suite\foxiecoreu.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\MYPROG~1\PCTRAN~1\webie.dll
O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\My Programs\Foxie Suite\foxiecoreu.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Foxie Firewall] C:\\My Programs\\Foxie Suite\\Firewall.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [RamBooster] C:\My Programs\RamBooster 2.0\Rambooster.exe
O4 - HKCU\..\Run: [BitComet] "C:\My Programs\BitComet\BitComet.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\My Programs\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Stardock ObjectDock.lnk = C:\My Programs\ObjectDock\ObjectDock.exe
O4 - Startup: Xfire.lnk = C:\My Programs\Xfire\Xfire.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\MYPROG~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\My Programs\Foxie Suite\Resources\HTML\Desktop.htm
O9 - Extra 'Tools' menuitem: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\My Programs\Foxie Suite\Resources\HTML\Desktop.htm
O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\My Programs\Foxie Suite\Cleaner.exe
O9 - Extra 'Tools' menuitem: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\My Programs\Foxie Suite\Cleaner.exe
O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\My Programs\Foxie Suite\Sweeper.exe
O9 - Extra 'Tools' menuitem: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\My Programs\Foxie Suite\Sweeper.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\My Programs\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\My Programs\ICQLite\ICQLite.exe
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\MYPROG~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\MYPROG~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\MYPROG~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\MYPROG~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\MYPROG~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\MYPROG~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\MYPROG~1\PCTRAN~1\webie.dll
O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\My Programs\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra 'Tools' menuitem: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\My Programs\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\My Programs\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\My Programs\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe


Za pomoc dakujem.

[Reklama]

[mijaja]

V první řadě si zkontroluj na Jottiscanu soubor

C:\My Programs\Foxie Suite\Firewall.exe
Jednak o něm nejsou dobré refernce, jednak máš Kerio a dva firewally nejsou dobré řešení. Jelikož máš i NODa a Spybot, tak bych celý Foxie Suite odinstaloval.

Takže v Taskmanageru dej zastavit proces firewall.exe - po odinstalaci Foxie suite tam už možná nebude a to samé platí o některých řádcích, které ti píšu, abys fixnul v Hijackthisu. Pokud tam, ale některé ještě zůstanou, tak po fixnutí je najdi a vymaž

Potom fixni v HijackThisu:
O2 - BHO: FoxieToolbar Class - {432CAE3B-690F-4C3B-BD97-070EBDA210D5} - C:\My Programs\Foxie Suite\foxietoolbaru.dll
O2 - BHO: FoxieSecurityModule Class - {C65185B1-D52B-44A9-861F-8201B50D1F37} - C:\My Programs\Foxie Suite\foxiecoreu.dll
O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\My Programs\Foxie Suite\foxiecoreu.dll
O4 - HKLM\..\Run: [Foxie Firewall] C:\\My Programs\\Foxie Suite\\Firewall.exe
O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\My Programs\Foxie Suite\Resources\HTML\Desktop.htm
O9 - Extra 'Tools' menuitem: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\My Programs\Foxie Suite\Resources\HTML\Desktop.htm
O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\My Programs\Foxie Suite\Cleaner.exe
O9 - Extra 'Tools' menuitem: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\My Programs\Foxie Suite\Cleaner.exe
O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\My Programs\Foxie Suite\Sweeper.exe
O9 - Extra 'Tools' menuitem: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\My Programs\Foxie Suite\Sweeper.exe
O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\My Programs\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra 'Tools' menuitem: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\My Programs\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

Zaškrtni okénka a dej FixChecked - soubory potom najdi na disku a vymaž. Potom nechej vyčistit počítač. Nejlépe CCleanerem (návod)

Občas se podívej do Taskmanageru, který program ti nejvíce ubírá systémových prostředků a dej vědět. Jinak ti antivir nic nehlásí?

[Putcha]

Antivir obcas zahlasi ze je nejaky subor(ktory sa pouziva) infikovany,a hned ho dam zamat. Inac nic.
Idem vyskusat co si mi napisal.

[Putcha]

Urobil som vsetko ako si napisal, a tu je log tesne po restare:

-volna ram pri restare-69MB

Logfile of HijackThis v1.99.1
Scan saved at 20:06:51, on 17. 4. 2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\My Programs\RamBooster 2.0\Rambooster.exe
C:\My Programs\CCleaner\ccleaner.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\My Programs\ObjectDock\ObjectDock.exe
C:\My Programs\Xfire\Xfire.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Documents and Settings\Oliver\Desktop\HijackThis.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\My Programs\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\My Programs\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\My Programs\Kerio\Personal Firewall 4\kpf4gui.exe
C:\My Programs\Opera\Opera.exe
C:\My Programs\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe

O1 - Hosts: 82.209.26.196 L2authd.lineage2.com
O1 - Hosts: 82.209.26.196 L2testauthd.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\My Programs\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\MYPROG~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\MYPROG~1\PCTRAN~1\webie.dll
O3 - Toolbar: (no name) - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [RamBooster] C:\My Programs\RamBooster 2.0\Rambooster.exe
O4 - HKCU\..\Run: [ccleaner] "C:\My Programs\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: Stardock ObjectDock.lnk = C:\My Programs\ObjectDock\ObjectDock.exe
O4 - Startup: Xfire.lnk = C:\My Programs\Xfire\Xfire.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\MYPROG~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\My Programs\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\My Programs\ICQLite\ICQLite.exe
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\MYPROG~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\MYPROG~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\MYPROG~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\MYPROG~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\MYPROG~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\MYPROG~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\MYPROG~1\PCTRAN~1\webie.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\My Programs\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\My Programs\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe


Ram sa stale drzi na 60-70MB

[mijaja]

Tohle ještě fixni - to jsou pozůstatky:

O3 - Toolbar: (no name) - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - (no file)
O4 - Startup: Xfire.lnk = C:\My Programs\Xfire\Xfire.exe - jede zbytečně
O4 - Global Startup: Bluetooth Manager.lnk = ? - taky zbytečně

V logu už není žádný aktivní šmejd, takže měl bys sledovat (v Taskmanageru), co ti žere systémové prostředky. Máš 256ku RAMku, jestli máš integrovanou grafiku, tak ta si ještě vezme část paměti pro sebe. Měl by ses podívat po všech těch programech, které ti jedou na pozadí systému a povypínat je.

Služby do AutoCadu, StyleXP, Alcoholu, Translátor,Object Dock - nevím, co z toho musí být spouštěno při startu a jet na pozadí systému. Zkus si ještě trochu navýšit virtuální paměť - což asi moc nepomůže, ale neuškodí.

[Putcha]

no tak poslem par obrazkov:
[img]http://s9.imagehosting.us/uploadpoint/imagehosting_upload_storage/nouser_1307/T0_-1_1307149.JPG[/img]
[img]http://s9.imagehosting.us/uploadpoint/imagehosting_upload_storage/nouser_1307/T0_-1_1307157.JPG[/img]

K tvojej otazke:
AutoCad-nemusi ist
StyleXP-musi ist
Alcoholu-nemusi ist
Translátor-nemusi ist
Object Dock-musi ist

Xfire a Bluetooth Manager si necham pustat aj nadalej...

[mijaja]

Takže si otevři Služby ( Start>Spustit a napiš services.msc a tam vyhledej služby Alcoholu a AutoCADu - to jsou tyhle dvě a zakaž je:

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\My Programs\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Rambooster i CCleaner nenechávej jet automaticky - taky je spouštěj jen když potřebuješ.

Takže zastav v Taskmanageru tyhle procesy:
C:\My Programs\RamBooster 2.0\Rambooster.exe
C:\My Programs\CCleaner\ccleaner.exe

a v hijackthisu ještě fixni tohle vše:
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\MYPROG~1\PCTRAN~1\webie.dll
O3 - Toolbar: (no name) - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - (no file)
O4 - HKCU\..\Run: [RamBooster] C:\My Programs\RamBooster 2.0\Rambooster.exe
O4 - HKCU\..\Run: [ccleaner] "C:\My Programs\CCleaner\ccleaner.exe" /AUTO
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\MYPROG~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\MYPROG~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\MYPROG~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\MYPROG~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\MYPROG~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\MYPROG~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\MYPROG~1\PCTRAN~1\webie.dll

Jestli se ti to ještě nespraví, projdi komp MWAVem, jestli tam ještě něco nespí.

[Putcha]

[quote="mijaja"]Takže si otevři Služby ( Start>Spustit a napiš [b]services.msc[/b] a tam vyhledej služby Alcoholu a AutoCADu - to jsou tyhle dvě a zakaž je:

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\My Programs\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
[/quote]

Ako?

[mijaja]

Tak jak jsem ti napsal - Nabídka Start ->řádek Spustit -> do řádku napíšeš( nebo zkopíruješ ) services.msc a dáš Enter. Otevře se ti okno Služeb systému Windows. V něm vyhledáš služby, které mají název
Autodesk Shared nebo AdskScSrv, nebo něco od AutoCADu a myší na ni klikneš(pravým). Dáš Vlastnosti a změníš typ spouštění na zakázané. To samé potom se službou Alcoholu: bude tam Alcohol 120 nebo StarWind nebo StarWindService a uděláš to samé.

Můžeš si i zkontrolovat nastavení služeb podle tohohle návodu, nebo takhle.

[Putcha]

Prestudujem to inokedy, momentalne som zaneprazdneny...
Ozvem sa vecer, alebo zajtra.

[Putcha]

Fuu, to bola doba, kym sa ten MWAV rozhibal.... trvalo mu to 3 hodiny a 40 min.

Tue Apr 18 17:08:43 2006 => ***** Scanning complete. *****

Tue Apr 18 17:08:43 2006 => Total Objects Scanned: 95825
Tue Apr 18 17:08:43 2006 => Total Critical Objects: 12
Tue Apr 18 17:08:43 2006 => Total Disinfected Objects: 0
Tue Apr 18 17:08:43 2006 => Total Objects Renamed: 0
Tue Apr 18 17:08:43 2006 => Total Deleted Objects: 0
Tue Apr 18 17:08:43 2006 => Total Errors: 18
Tue Apr 18 17:08:43 2006 => Time Elapsed: 03:39:55
Tue Apr 18 17:08:43 2006 => Virus Database Date: 4/11/2006
Tue Apr 18 17:08:43 2006 => Virus Database Count: 187568

Tue Apr 18 17:08:43 2006 => Scan Completed.



Virus log info:

Object "stylexp Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "stylexp Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
File E:\Share\Backup\BearShareINSTALL.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.bo". Action Taken: No Action Taken.
File E:\Share\Backup\ccsetup128.exe tagged as not-a-virus:RiskTool.Win32.PsKill.n. No Action Taken.
File E:\Share\Backup\cliprexdsfree.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet.d". Action Taken: No Action Taken.
File E:\Share\Backup\WarezP2P_TDL.zip tagged as "not-a-virus:AdWare.Win32.NewDotNet". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{A6676ADD-C220-4021-9B92-49906A00E903}\RP24\A0005506.exe infected by "Trojan.BAT.Zapchast" Virus! Action Taken: No Action Taken.
File E:\System Volume Information\_restore{A6676ADD-C220-4021-9B92-49906A00E903}\RP34\A0010980.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet". Action Taken: No Action Taken.
File E:\System Volume Information\_restore{A6676ADD-C220-4021-9B92-49906A00E903}\RP39\A0015206.exe infected by "Trojan.BAT.Zapchast" Virus! Action Taken: No Action Taken.
File E:\System Volume Information\_restore{A6676ADD-C220-4021-9B92-49906A00E903}\RP39\A0015207.exe infected by "Trojan-Spy.Win32.KeyLogger.dh" Virus! Action Taken: No Action Taken.


Jak sa toho zbavit?

Napr. whenu.save (BS player) a limewire som uz davno odinstaloval, je tam kopu instalaciek a do System Volume Information sa neviem dostat.

[mijaja]

Píše ti to 12 kritických objektů, ale dal jsi sem jen tyto 4 + 4 ze System Volume
Takže ještě 4 někde jsou - hledej, pátrej
Total Critical Objects: 12
E:\Share\Backup\BearShareINSTALL.exe
E:\Share\Backup\ccsetup128.exe
E:\Share\Backup\cliprexdsfree.exe
E:\Share\Backup\WarezP2P_TDL.zip

Tyhle čtyři najdi podle cesty a vymaž - i když u setupu CCleaneru půjde nejspíše o planý poplach - vyzkoušej na Jottiscanu. Zkouším to také...vypadá to, že je zahlcený server - Virustotal také. Hm - Kaspersky v něm něco vidí, ostaní ne.

Jinak šmejdy ze System Volume Information normálně nedostaneš. Musíš vypnout Obnovu systému, restartovat a znovu zapnout Obnovu. Sice ztratíš všechny body obnovení, ale zbavíš se těch virů, co jsou uvnitř.