kolpi
(Marek Zawada)
11 Sierpień 2006 17:21
#1
Sprawa wygląda następująco: po uruchomieniu xp system przycina się na jakieś kilka minut, pozniej znika wszystko z ekranu, wraca na pulpit i niby wszystko jest ok. Co ciekawe aplikacje exe są w procesach ale nie otwierają się okna tych programów. Chciałem zrobić loga w HiJackThis, w procesach mam że niby otworzono, ale żadne okno mi się nie pokazało a CPU rośnie do 99. Postanowiłem więc zrobić loga w SilentRunners, niby się otworzyło, ale po 20 minutach CPU tego procesu skoczyło do 99 i nie dokończyło robić loga.
Poniżej zamieszczam loga. Pewnie powiecie że łamię regulamin, bo wklejam nie całego, ale proszę mnie zrozumieć, że nie wykonało po ponad 20 minutach całego i komp się zresetował i za każdym razem nie może skończyć. Umieszczam więc tę część do której kończy ten program. Może pozwoli komuś to coś zdiagnozować, a jak nie to biorę się za format dysku. Z góry dziękuję za pomoc.
Oto log:
“Silent Runners.vbs”, revision 46, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\System32\ctfmon.exe” [MS] “winshost.exe” = “C:\WINDOWS\System32\winshost.exe” [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “SystemTray” = “SysTray.Exe” [MS] “FmctrlTray” = “Fmctrl.EXE” [“ForteMedia, Inc.”] “Share-to-Web Namespace Daemon” = “C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe” [“Hewlett-Packard”] “winshost.exe” = “C:\WINDOWS\System32\winshost.exe” [file not found] “avgnt” = ““C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min” [“Avira GmbH”] “Systems” = “C:\WINDOWS\System32\sysmon.exe” [file not found] “SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [“Sun Microsystems, Inc.”] “SmcService” = “C:\PROGRA~1\Sygate\SPF\smc.exe -startgui” [“Sygate Technologies, Inc.”] “QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided) -> {HKLM…CLSID} = “Yahoo! Toolbar Helper” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [file not found] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Program Files\msproject2002\Office10\msohev.dll” [MS] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{BB7DF450-F119-11CD-8465-00AA00425D90}” = “Microsoft Access Custom Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Programy\Office\soa800.dll” [MS] “{5E44E225-A408-11CF-B581-008029601108}” = “Adaptec DirectCD Shell Extension” -> {HKLM…CLSID} = “Adaptec DirectCD Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\Adaptec\EASYCD~1\DirectCD\Shellex.dll” [“Roxio”] “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” = “Shell Extension for Malware scanning” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”] “{F7E0BEFD-2CBD-4456-B454-A09F54FD5F97}” = “p7m Cryptigo Shell Handler” -> {HKLM…CLSID} = “PKCS#7 File” \InProcServer32(Default) = “C:\PROGRA~1\Cryptigo\P7MVIE~1\CRYPTI~1.OCX” [null data] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” -> {HKLM…CLSID} = “Shell Extension for Malware scanning” \InProcServer32(Default) = “C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\ASMM\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS]
Złączono Posta : 12.08.2006 (Sob) 0:21
a tu wykonany przed chwilą w programie Process Viewer:
avgnt.exe 3536 C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe Antivirus System Tray Tool 7.00.00.10. Copyright © 2006 Avira GmbH. All rights reserved. avguard.exe 3320 C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe Antivirus On-Access Service 7.00.00.29. Copyright © 1996-2006 AVIRA GmbH. All rights reserved. csrss.exe 532 C:\WINDOWS\system32\csrss.exe Client Server Runtime Process 5.1.2600.0. © Microsoft Corporation. All rights reserved. ctfmon.exe 1672 C:\WINDOWS\System32\ctfmon.exe CTF Loader 5.1.2600.0. © Microsoft Corporation. All rights reserved. explorer.exe 1440 C:\WINDOWS\explorer.exe Eksplorator Windows 6.00.2600.0000. © Microsoft Corporation. Wszelkie prawa zastrzeżone. Fmctrl.EXE 1572 C:\WINDOWS\System32\Fmctrl.EXE Fmctrl Multi-language 1, 0, 0, 1. Copyright © 1999 gg.exe 3796 C:\Program Files\Gadu-Gadu\gg.exe Gadu-Gadu - program glowny 7, 1, 0, 6. Copyright © 1999,2006 Gadu-Gadu Sp. z oo hpgs2wnd.exe 1604 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe hpgs2wnd 2,3,0,0\ 161. Copyright © 2001 hpgs2wnf.exe 1748 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe hpgs2wnf Module 2, 6, 0, 161. Copyright 2001 IEXPLORE.EXE 2332 C:\Program Files\Internet Explorer\IEXPLORE.EXE Internet Explorer 6.00.2600.0000. © Microsoft Corporation. Wszelkie prawa zastrzeżone. jusched.exe 1640 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe Java 2 Platform Standard Edition binary 5.0.60.5. Copyright © 2004 lsass.exe 620 C:\WINDOWS\system32\lsass.exe LSA Shell (Export Version) 5.1.2600.0. © Microsoft Corporation. All rights reserved. PrcView.exe 380 C:\Documents and Settings\ASMM\Pulpit\PrcView\PrcView.exe Process Viewer Application 5.2.12.1. Developed by Igor Nys 1995-2005 qttask.exe 1656 C:\Program Files\QuickTime\qttask.exe QuickTime Task QuickTime 7.0.2. Copyright Apple Computer, Inc. 1989-2005 sched.exe 3544 C:\Program Files\AntiVir PersonalEdition Classic\sched.exe Avira GmbH Scheduler 7.00.00.17. Copyright © 2006 Avira GmbH. All rights reserved. services.exe 600 C:\WINDOWS\system32\services.exe Usługi i aplikacja Kontroler 5.1.2600.0. © Microsoft Corporation. Wszelkie prawa zastrzeżone. smc.exe 1532 C:\Program Files\Sygate\SPF\smc.exe Sygate Agent Firewall 5.5.00.2710. Copyright © 1999 - 2004 Sygate Technologies, Inc. All rights reserved. smss.exe 476 C:\WINDOWS\System32\smss.exe Windows NT Session Manager 5.1.2600.0. © Microsoft Corporation. All rights reserved. spoolsv.exe 1276 C:\WINDOWS\system32\spoolsv.exe Spooler SubSystem App 5.1.2600.0. © Microsoft Corporation. All rights reserved. svchost.exe 784 C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services 5.1.2600.0. © Microsoft Corporation. All rights reserved. svchost.exe 864 C:\WINDOWS\System32\svchost.exe Generic Host Process for Win32 Services 5.1.2600.0. © Microsoft Corporation. All rights reserved. svchost.exe 1072 C:\WINDOWS\System32\svchost.exe Generic Host Process for Win32 Services 5.1.2600.0. © Microsoft Corporation. All rights reserved. svchost.exe 1104 C:\WINDOWS\System32\svchost.exe Generic Host Process for Win32 Services 5.1.2600.0. © Microsoft Corporation. All rights reserved. svchost.exe 1856 C:\WINDOWS\System32\svchost.exe Generic Host Process for Win32 Services 5.1.2600.0. © Microsoft Corporation. All rights reserved. winlogon.exe 556 C:\WINDOWS\system32\winlogon.exe Aplikacja logowania systemu Windows NT 5.1.2600.0. © Microsoft Corporation. Wszelkie prawa zastrzeżone.
a to autoruns:
ctfmon.exe Microsoft Corporation C:\WINDOWS\System32\ctfmon.exe HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run winshost.exe C:\WINDOWS\System32\winshost.exe HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE Microsoft Corporation C:\WINDOWS\System32\CTFMON.EXE HKEY_USERS.Default\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SysTray.Exe Microsoft Corporation SysTray.Exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Fmctrl.EXE ForteMedia, Inc. Fmctrl.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run hpgs2wnd.exe Hewlett-Packard C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run winshost.exe C:\WINDOWS\System32\winshost.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run avgnt.exe Avira GmbH “C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run sysmon.exe C:\WINDOWS\System32\sysmon.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run jusched.exe Sun Microsystems, Inc. C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run smc.exe Sygate Technologies, Inc. C:\PROGRA~1\Sygate\SPF\smc.exe -startgui HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run qttask.exe Apple Computer, Inc. “C:\Program Files\QuickTime\qttask.exe” -atboottime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dumprep 0 -k %systemroot%\system32\dumprep 0 -k HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run explorer.exe Microsoft Corporation explorer.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon userinit.exe Microsoft Corporation C:\WINDOWS\system32\userinit.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon desktop.ini C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\desktop.ini C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\desktop.ini desktop.ini C:\Documents and Settings\ASMM\Menu Start\Programy\Autostart\desktop.ini C:\Documents and Settings\ASMM\Menu Start\Programy\Autostart\desktop.ini DirectCD.exe Roxio “C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run firewall_anti.exe C:\WINDOWS\firewall_anti.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run InstaFinderK_inst.exe C:\Program Files\INSTAFINK\InstaFinderK_inst.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run iTunesHelper.exe “C:\Program Files\iTunes\iTunesHelper.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dumprep 0 -k %systemroot%\system32\dumprep 0 -k HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run msmsgs.exe Microsoft Corporation “C:\Program Files\Messenger\msmsgs.exe” /background HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NBJ.exe Ahead Software AG “C:\Program Files\Ahead\Nero BackItUp\NBJ.exe” HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NeroCheck.exe Ahead Software Gmbh C:\WINDOWS\system32\NeroCheck.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run qttask.exe Apple Computer, Inc. “C:\Program Files\QuickTime\qttask.exe” -atboottime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run seeve.exe C:\WINDOWS\seeve.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Skype.exe “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run smc.exe Sygate Technologies, Inc. C:\PROGRA~1\Sygate\SPF\smc.exe -startgui HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run taskdir.exe C:\WINDOWS\System32\taskdir.exe HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run fsg_4203.exe “c:\windows\temp\adware\fsg_4203.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Setup.exe F:\Setup.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run