Coś stylu svchost i obciążenie częste 100%CPU Log HijackThis

n0need · 29 Sierpień 2007 18:15

Witam,

ostatnio mój komputer bardzo wolno chodzi, zaczęło się jakiś tydzień temu - mimo używania NOD32 i wcześniej firewall’a outposta (obecnie comodo), regularnemu tygodniowemu czyszczeniu kompa przez EWIDO, ccleaner i inne tego typu progsy, to teraz jakiś tydzień temu się zaczęły problemy.

A dokładnie, jak mój ojciec zaczął dłużej przebywać na moim laptopie, który jest podłączony do sieci… (ekhm, wiecie co mu zarzucam :P?)

No i pewnego dnia zaczęło się samoczynnie, nagle svchost 100% etc., resety robiłem i dalej to samo, od razu po restarcie, zrobiłem skany systemu w czasie tego 100% nod32 (nic nie znalazł), ewido, ad-aware i spybotem, nadal było, ale teraz jest tak, że czasem svchost na 100% chodzi, a potem zamiast svchost to System zabiera z 70-100% CPU, a np. aplikacja, która obecnie działa (firefox, winamp, aqq) zabiera resztę i razem nadal 100% CPU cały czas jest.

Dzisiaj robiłem panda active scan na internecie i muszę powiedzieć, że już jest poprawa, ale na pewno nie jest jak przed tym wszystkim - po prostu czuję, że coś siedzi może dalej, bo wszystko i tak wolniej się ładuję i jestem niezadowolony z tego wszystkiego.

Proszę, tutaj log z HijackThis, jeżeli możecie sprawdzić, to bardzo dziękuję i proszę o ewentualne porady.

Logfile of HijackThis v1.99.1

Scan saved at 19:55:28, on 2007-08-29

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\atiptaxx.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\A4Tech\Mouse\Amoumain.exe

C:\Program Files\Comodo\Firewall\CPF.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Comodo\Firewall\cmdagent.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\WapSter\AQQ\AQQ.exe

C:\Program Files\Winamp\winamp.exe

C:\PROGRA~1\Mozilla Firefox\firefox.exe

E:\hijackthis_sfx\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: Shell=explorer.exe 

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181989282765

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181990761140

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BEC9B809-4010-4E7B-8F8F-D5E131932722}: NameServer = 208.67.222.222,208.67.220.220

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

Gutek · 29 Sierpień 2007 18:33

usuń wpisy HJT

Daj log z Deckard’s System Scanner

n0need · 30 Sierpień 2007 19:59

Zmieniłem znów firewalla na Outposta, ponieważ z outpostem jakoś mniej problemów…

Poza tym, po zmianie na outposta i tak znów tera przy restarcie miałem 100% CPU, ale teraz proces System mi zabierał 100% CPU (W tej chwili jak piszę, jakieś 10 min po restarcie już wszystko OK - czy to nie dziwne…?)

Aha, no i ogółem wszystko nie było tak źle odkąd napisałem ostatniego posta, cpu 100% robi się naprawdę nieoczekiwanie, nagle ni z gruchy ni z pietruchy Przed restartem (10-15 min temu) oglądałem film i zacinał mi się, a wcześniej już go oglądałem 1h i wtedy zobaczyłem system 100% cpu żre, po restarcie tak samo :<

Teraz już sam nie wiem, co kiedy i dlaczego zjada mi bardzo dużą część mocy procka

Jeżeli to wszystko dalej będzie się tak trzymać, co nieco będę notował i może do czegoś dojdę, jak będzie to upierdliwe, tymczasem jest OK i wklejam loga! (Tymczasem - no w tej chwili :P)

Deckard's System Scanner v20070826.66

Run by misiek on 2007-08-30 21:53:11

Computer is in Normal Mode.

--------------------------------------------------------------------------------


-- System Restore --------------------------------------------------------------




-- Last 5 Restore Point(s) --

50: 2007-08-30 19:35:37 UTC - RP83 - Deckard's System Scanner Restore Point

49: 2007-08-29 18:31:55 UTC - RP82 - Removed O&O Defrag Professional Edition

48: 2007-08-29 09:28:24 UTC - RP81 - Software Distribution Service 3.0

47: 2007-08-29 08:54:38 UTC - RP80 - Punkt kontrolny systemu

46: 2007-08-28 08:45:03 UTC - RP79 - Punkt kontrolny systemu



-- First Restore Point -- 

1: 2007-07-04 14:42:54 UTC - RP34 - Punkt kontrolny systemu



Backed up registry hives.

Performed disk cleanup.




-- HijackThis (run as misiek.exe) ----------------------------------------------


Unable to find log (file not found); running clone.

-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of HijackThis v1.99.1

Scan saved at 2007-08-30 21:55:12

Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)

MSIE: Internet Explorer (6.00.2900.2180)


Running processes:

C:\WINDOWS\system32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\atiptaxx.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\ESET\nod32kui.exe

C:\Program Files\A4Tech\Mouse\Amoumain.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\ESET\nod32krn.exe

C:\Program Files\Agnitum\Outpost Firewall\outpost.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

E:\dss.exe

E:\hijackthis_sfx\misiek.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O4 - HKEY_LOCAL_MACHINE\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKEY_LOCAL_MACHINE\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKEY_LOCAL_MACHINE\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe

O4 - HKEY_LOCAL_MACHINE\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall\outpost.exe" /waitservice

O4 - HKEY_LOCAL_MACHINE\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - (file missing)

O9 - Extra 'Tools' menuitem: (no name) - {44627E97-789B-40d4-B5C2-58BD171129A1} - (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)

O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181989282765

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181990761140

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{BEC9B809-4010-4E7B-8F8F-D5E131932722}: NameServer = 208.67.222.222,208.67.220.220

O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL

O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll

O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - \webcheck.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - "C:\Program Files\Eset\nod32krn.exe"

O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /service




-- HijackThis Fixed Entries (E:\HIJACK~1\backups\) -----------------------------


backup-20070830-125042-454 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/

backup-20070830-125042-840 F2 - REG:system.ini: Shell=explorer.exe 


-- File Associations -----------------------------------------------------------


[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR]

[COLOR=red].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/COLOR]



-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------


R1 Amfilter (A4Tech Mouse Filter Driver) - c:\windows\system32\drivers\amfilter.sys 

R1 VFILT (Outpost Firewall Kernel Driver) - c:\program files\agnitum\outpost firewall\kernel\filtnt.sys 

R1 VIAPFD - c:\windows\system32\drivers\viapfd.sys 

R3 ADBLOCK.DLL (Outpost Firewall PlugIn (ADBLOCK.DLL)) - c:\program files\agnitum\outpost firewall\kernel\adblock.dll 

R3 Amusbprt (A4Tech HID-compliant Mouse Driver) - c:\windows\system32\drivers\amusbprt.sys 

R3 ARP.DLL (Outpost Firewall PlugIn (ARP.DLL)) - c:\program files\agnitum\outpost firewall\kernel\arp.dll 

R3 CONTENT.DLL (Outpost Firewall PlugIn (CONTENT.DLL)) - c:\program files\agnitum\outpost firewall\kernel\content.dll 

R3 DNSCACHE.DLL (Outpost Firewall PlugIn (DNSCACHE.DLL)) - c:\program files\agnitum\outpost firewall\kernel\dnscache.dll 

R3 FTPFILT.DLL (Outpost Firewall PlugIn (FTPFILT.DLL)) - c:\program files\agnitum\outpost firewall\kernel\ftpfilt.dll 

R3 HTMLFILT.DLL (Outpost Firewall PlugIn (HTMLFILT.DLL)) - c:\program files\agnitum\outpost firewall\kernel\htmlfilt.dll 

R3 HTTPFILT.DLL (Outpost Firewall PlugIn (HTTPFILT.DLL)) - c:\program files\agnitum\outpost firewall\kernel\httpfilt.dll 

R3 IMAPFILT.DLL (Outpost Firewall PlugIn (IMAPFILT.DLL)) - c:\program files\agnitum\outpost firewall\kernel\imapfilt.dll 

R3 MAILFILT.DLL (Outpost Firewall PlugIn (MAILFILT.DLL)) - c:\program files\agnitum\outpost firewall\kernel\mailfilt.dll 

R3 NNTPFILT.DLL (Outpost Firewall PlugIn (NNTPFILT.DLL)) - c:\program files\agnitum\outpost firewall\kernel\nntpfilt.dll 

R3 POP3FILT.DLL (Outpost Firewall PlugIn (POP3FILT.DLL)) - c:\program files\agnitum\outpost firewall\kernel\pop3filt.dll 

R3 PROTECT.DLL (Outpost Firewall PlugIn (PROTECT.DLL)) - c:\program files\agnitum\outpost firewall\kernel\protect.dll 

R3 SECRET.DLL (Outpost Firewall PlugIn (SECRET.DLL)) - c:\program files\agnitum\outpost firewall\kernel\secret.dll 



-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------


R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" 

R2 OutpostFirewall (Outpost Firewall Service) - c:\program files\agnitum\outpost firewall\outpost.exe /service 



-- Device Manager: Disabled ----------------------------------------------------


Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}

Description: 

Device ID: ACPI\PNPB006\3&61AAA01&0

Manufacturer: 

Name: 

PNP Device ID: ACPI\PNPB006\3&61AAA01&0

Service: 



-- Files created between 2007-07-30 and 2007-08-30 -----------------------------


2007-08-30 21:46:43 0 d-------- C:\Program Files\Common Files\Agnitum Shared

2007-08-30 21:46:42 0 d-------- C:\Program Files\Agnitum

2007-08-27 18:01:14 0 d-------- C:\Program Files\Comodo

2007-08-20 23:34:27 0 d-------- C:\Program Files\LD-Anime

2007-08-18 15:48:15 0 d--h----- C:\WINDOWS\PIF

2007-08-16 15:23:37 0 d-------- C:\WINDOWS\system32\ActiveScan

2007-08-15 21:23:36 0 d-------- C:\Program Files\A4Tech

2007-08-14 16:34:20 0 d-------- C:\Program Files\Microsoft ActiveSync

2007-08-14 16:33:52 0 d-------- C:\WINDOWS\SHELLNEW

2007-08-14 16:33:47 0 d-------- C:\Program Files\Microsoft.NET

2007-08-13 18:05:20 0 d-------- C:\Program Files\Macromedia

2007-08-11 10:55:57 0 d-------- C:\Program Files\uTorrent

2007-08-10 19:43:49 0 d-------- C:\Program Files\Valve

2007-07-30 21:20:16 0 d-------- C:\Program Files\Gadu-Gadu



-- Find3M Report ---------------------------------------------------------------


2007-08-30 21:46:43 0 d-------- C:\Program Files\Common Files

2007-08-30 21:31:14 0 d-------- C:\Documents and Settings\misiek\Dane aplikacji\uTorrent

2007-08-29 20:48:14 0 d-------- C:\Program Files\ewido anti-spyware 4.0

2007-08-29 19:40:21 0 d-------- C:\Documents and Settings\misiek\Dane aplikacji\Skype

2007-08-27 18:02:00 0 d-------- C:\Documents and Settings\misiek\Dane aplikacji\Comodo

2007-08-20 12:21:07 0 d-------- C:\Documents and Settings\misiek\Dane aplikacji\OpenOffice.org2

2007-08-19 22:58:59 0 d-------- C:\Program Files\Wolfenstein - Enemy Territory

2007-08-19 13:07:13 0 d-------- C:\Program Files\The All-Seeing Eye

2007-08-10 19:43:49 0 d--h----- C:\Program Files\InstallShield Installation Information

2007-08-07 12:36:32 0 d-------- C:\Program Files\Java

2007-07-29 13:35:35 0 d-------- C:\Documents and Settings\misiek\Dane aplikacji\Google

2007-07-29 13:34:57 0 d-------- C:\Program Files\Google

2007-07-28 13:54:11 0 d-------- C:\Program Files\MarBit

2007-07-25 14:39:47 0 d-------- C:\Program Files\Heroes of Might and Magic III Complete

2007-07-22 15:55:10 0 d-------- C:\Program Files\Lavasoft

2007-07-22 15:54:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-07-22 15:52:20 0 d-------- C:\Documents and Settings\misiek\Dane aplikacji\Lavasoft

2007-07-19 11:13:03 0 d-------- C:\Program Files\Skype

2007-07-19 11:12:58 0 d-------- C:\Program Files\Common Files\Skype

2007-07-18 22:01:54 0 d-------- C:\Documents and Settings\misiek\Dane aplikacji\Ahead

2007-07-18 21:52:44 0 d-------- C:\Program Files\Common Files\Ahead

2007-07-18 21:52:44 0 d-------- C:\Program Files\Ahead

2007-07-14 14:44:57 0 d-------- C:\Documents and Settings\misiek\Dane aplikacji\Macromedia

2007-07-14 14:44:18 0 d-------- C:\Program Files\Mozilla Thunderbird

2007-07-11 11:04:39 448348 --a------ C:\WINDOWS\system32\perfh015.dat

2007-07-11 11:04:39 74450 --a------ C:\WINDOWS\system32\perfc015.dat

2007-07-05 10:47:33 0 d-------- C:\Program Files\CCleaner

2007-07-05 10:18:00 0 d-------- C:\Program Files\Teleport Pro

2007-07-05 10:17:27 0 d-------- C:\Program Files\Common Files\Adobe

2007-07-05 10:13:59 298104 --a------ C:\WINDOWS\system32\imon.dll 

2007-07-04 10:46:52 0 d-------- C:\Program Files\WapSter

2007-07-03 19:43:26 0 d-------- C:\Program Files\Combined Community Codec Pack

2007-07-03 19:42:59 0 d-------- C:\Program Files\SubEdit-Player

2007-06-20 13:46:38 1286 --a------ C:\WINDOWS\mozver.dat

2007-06-16 19:25:25 0 --a------ C:\AUTOEXEC.BAT

2007-06-16 13:47:03 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll 

2007-06-16 13:47:03 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll 

2007-06-16 13:29:23 0 --a------ C:\WINDOWS\nsreg.dat

2007-06-16 12:58:26 62 --ahs---- C:\Documents and Settings\misiek\Dane aplikacji\desktop.ini

2007-06-16 12:09:43 0 -rahs---- C:\MSDOS.SYS

2007-06-16 12:09:43 0 -rahs---- C:\IO.SYS

2007-06-16 12:09:43 0 --a------ C:\CONFIG.SYS

2007-06-16 12:06:06 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat



-- Registry Dump ---------------------------------------------------------------


*Note* empty entries & legit default entries are not shown



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AtiPTA"="atiptaxx.exe" [2002-02-15 11:42 C:\WINDOWS\system32\atiptaxx.exe]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-05 10:13]

"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-12-26 09:08]

"Outpost Firewall"="C:\Program Files\Agnitum\Outpost Firewall\outpost.exe" [2006-10-20 14:49]

"OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" [2006-10-30 16:07]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

@="Service"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^misiek^Menu Start^Programy^Autostart^OpenOffice.org 2.0.2.lnk]

path=C:\Documents and Settings\misiek\Menu Start\Programy\Autostart\OpenOffice.org 2.0.2.lnk

backup=C:\WINDOWS\pss\OpenOffice.org 2.0.2.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ]

C:\PROGRA~1\WapSter\AQQ\AQQ.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]

"C:\Program Files\BearShare\BearShare.exe" /pause


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

C:\WINDOWS\system32\ctfmon.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

CTHELPER.EXE


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]

CTXFIHLP.EXE


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\msmsgs.exe" /background


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

C:\WINDOWS\system32\NeroCheck.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]

C:\WINDOWS\system32\oodtray.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized


*Newly Created Service* - ADBLOCK.DLL

*Newly Created Service* - ARP.DLL

*Newly Created Service* - CONTENT.DLL

*Newly Created Service* - DNSCACHE.DLL

*Newly Created Service* - FTPFILT.DLL

*Newly Created Service* - HTMLFILT.DLL

*Newly Created Service* - HTTPFILT.DLL

*Newly Created Service* - IMAPFILT.DLL

*Newly Created Service* - MAILFILT.DLL

*Newly Created Service* - NNTPFILT.DLL

*Newly Created Service* - OUTPOSTFIREWALL

*Newly Created Service* - POP3FILT.DLL

*Newly Created Service* - PROTECT.DLL

*Newly Created Service* - SANDBOX

*Newly Created Service* - SECRET.DLL




-- End of Deckard's System Scanner: finished at 2007-08-30 21:56:15 ------------

jessica · 31 Sierpień 2007 07:07

Log jest czysty.

Zrób tylko kosmetycznie sfiksowanie w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked.

jessi

n0need · 2 Wrzesień 2007 20:01

Niestety, ale co restart komputera svchost zabiera 100% CPU przez długi czas… tzn. nawet nie mam pojęcia czy po jakimś czasie się ustatkowuje, bo po prostu zabijam ten proces i mam problem z głowy.

Jakaś pomoc? Nie mam pojęcia co jest nie tak, ale z mym kompem coraz gorzej jest

Gutek · 2 Wrzesień 2007 21:57

OT kosz

n0need · 9 Wrzesień 2007 22:08

Witam,

eh nadal jest to bardzo uciążliwe i często się powtarza bez przyczyny

Chciałem sobie oglądnąć jakieś anime przez SubEdit’a (progs jak allplayer etc.) i niestety d*pa, bez powodu zniknął dźwięk i bad directsound coś tam…

Robię pokolei komputer -> dysk c -> właściowsci -> narzedzia -> sprawdzanie bledow (jakos tak) i reset, wszystko OK

Po resecie jest dźwięk, żeby o sprawdzić włączyłem sobie WinAmpa, włączam firefoxa i subedita i znów zacina - svchost 100% - zabijam proces…

Niestety, po zabiciu procesu nagle explorer nieco szwankuje, a poza tym nie ma znów dźwięku (Dokładnie chodzi o svchost.exe SYSTEM)

Proszę o pomoc!

Gutek · 10 Wrzesień 2007 20:39

Pobierz program SDFix