Explorer.exe 100% procesow ...system sie sypie jak nic

zincfe · 16 Czerwiec 2007 13:15

Witam dzis zrobilem sobie reset kompa i od tego momentu mam problem z kompem…

explorer.exe pobiera mi 100% procesow system sie tnie itp.

musze czekac dlugo zanim cos sie zalaczy…

ikonki na puplicie brak do przycisku start jak sie juz dostane to nie widac tam ikon

ak wchodze na dyski c: itp. nic nie widac tylko biale tlo…

gdy zmniejszam explorer.exe na najnizszy proces nic to nie daje ale system nie laguje

gdy robie utworz plik zrzutu po chwili mi sie pojawiaja ikonki na pulpicie itp. nawet moge wchodzic do katalgoow ale mija 10s i znow to samo

w trybie awaryjnym tak samo sie dzieje

Logi z HijackThis

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 14:44:45, on 2007-06-16

Platform: Windows Vista (WinNT 6.00.1904)

Boot mode: Normal


Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\mks_vir_2007\bin\mks_mail.exe

C:\Program Files\mks_vir_2007\bin\mkstray.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\mks_vir_2007\bin\mks2007.exe

C:\Windows\explorer.exe

C:\Konnekt\konnekt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

F:\HiJackThis_v2.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O4 - HKLM\..\Run: [MKSRegmon] C:\Program Files\mks_vir_2007\bin\mksregmon.exe

O4 - HKLM\..\Run: [mks_mail] C:\Program Files\mks_vir_2007\bin\mks_mail.exe

O4 - HKLM\..\Run: [mkstray] C:\Program Files\mks_vir_2007\bin\mkstray.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O13 - Gopher Prefix: 

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: MksFwall - MKS Sp z o.o. - C:\Program Files\mks_vir_2007\bin\MksFwall.exe

O23 - Service: MksPC - Unknown owner - C:\Program Files\mks_vir_2007\bin\MksPC.exe

O23 - Service: mksupdate - MKS Sp. z o. o. - C:\Program Files\mks_vir_2007\bin\mksupdate.exe

O23 - Service: mks_vir file monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe

O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\mks_vir_2007\bin\mks_scan.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\Windows\system32\pr2ah4nc.exe

Silent Runner

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows Vista RC1

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"MKSRegmon" = "C:\Program Files\mks_vir_2007\bin\mksregmon.exe" [null data]

"mks_mail" = "C:\Program Files\mks_vir_2007\bin\mks_mail.exe" ["MkS Sp. z o.o."]

"mkstray" = "C:\Program Files\mks_vir_2007\bin\mkstray.exe" ["MKS Sp z o.o."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

				   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{E7DE9B1A-7533-4556-9484-B26FB486475E}" = (no title provided)

  -> {HKLM...CLSID} = "Network Map"

				   \InProcServer32\(Default) = "C:\Windows\system32\shdocvw.dll" [MS]

"{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486}" = "IGD Property Sheet Handler"

  -> {HKLM...CLSID} = "IGD Property Page"

				   \InProcServer32\(Default) = "C:\Windows\System32\icsigd.dll" [MS]

"{8856f961-340a-11d0-a96b-00c04fd705a2}" = "Microsoft Web Browser"

  -> {HKLM...CLSID} = "Microsoft Web Browser"

				   \InProcServer32\(Default) = "C:\Windows\system32\ieframe.dll" [MS]

"{3050f3d9-98b5-11cf-bb82-00aa00bdce0b}" = "MSHTML Document"

  -> {HKLM...CLSID} = "MHTML Document"

				   \InProcServer32\(Default) = "C:\Windows\system32\mshtml.dll" [MS]

"{25336920-03f9-11cf-8fd0-00aa00686f13}" = "HTML Document"

  -> {HKLM...CLSID} = "HTML Document"

				   \InProcServer32\(Default) = "C:\Windows\system32\mshtml.dll" [MS]

"{74246bfc-4c96-11d0-abef-0020af6b0b7a}" = "Device Manager"

  -> {HKLM...CLSID} = "Device Manager"

				   \InProcServer32\(Default) = "C:\Windows\System32\devmgr.dll" [MS]

"{44f3dab6-4392-4186-bb7b-6282ccb7a9f6}" = "MyDocuments menu and properties"

  -> {HKLM...CLSID} = "MyDocuments menu and properties"

				   \InProcServer32\(Default) = "C:\Windows\system32\mydocs.dll" [MS]

"{D34A6CA6-62C2-4C34-8A7C-14709C1AD938}" = "Common Places Folder"

  -> {HKLM...CLSID} = "Common Places FS Folder"

				   \InProcServer32\(Default) = "C:\Windows\System32\shdocvw.dll" [MS]

"{865e5e76-ad83-4dca-a109-50dc2113ce9a}" = "Programs Folder and Fast Items"

  -> {HKLM...CLSID} = "Programs Folder and Fast Items"

				   \InProcServer32\(Default) = "C:\Windows\system32\shell32.dll" [MS]

"{21ec2020-3aea-1069-a2dd-08002b30309d}" = "Control Panel"

  -> {HKLM...CLSID} = "Control Panel"

				   \InProcServer32\(Default) = "shell32.dll" [MS]

"{25585dc7-4da0-438d-ad04-e42c8d2d64b9}" = "Client application shell extension"

  -> {HKLM...CLSID} = "Client application shell extension"

				   \InProcServer32\(Default) = "C:\Windows\system32\shell32.dll" [MS]

"{4d5c8c2a-d075-11d0-b416-00c04fb90376}" = "Microsoft CommBand"

  -> {HKLM...CLSID} = "Microsoft CommBand"

				   \InProcServer32\(Default) = "C:\Windows\system32\browseui.dll" [MS]

"{92337A8C-E11D-11D0-BE48-00C04FC30DF6}" = "OlePrn.PrinterURL"

  -> {HKLM...CLSID} = "prturl Class"

				   \InProcServer32\(Default) = "C:\Windows\system32\oleprn.dll" [MS]

"{16C2C29D-0E5F-45f3-A445-03E03F587B7D}" = "group_wab_auto_file"

  -> {HKLM...CLSID} = ".group shell context menu"

				   \InProcServer32\(Default) = "C:\Program Files\Common Files\System\wab32.dll" [MS]

"{CF67796C-F57F-45F8-92FB-AD698826C602}" = "contact_wab_auto_file"

  -> {HKLM...CLSID} = ".contact shell context menu"

				   \InProcServer32\(Default) = "C:\Program Files\Common Files\System\wab32.dll" [MS]

Koperfild · 17 Czerwiec 2007 16:56

O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\Windows\system32\pr2ah4nc.exe

To wygląda dziwnie, możesz wyłączyć

A aktualizacje pobierasz systematycznie? Nie ustawiłeś czasem animowanego kursora?