Ok niby wszystko ładnie chodzi dopóki proces ashServ.exe zaczął mi używać mi procesor tak czasem idzie 30% - 70% tak falami te użycie procesora chodziło. Myślałem nad zakończeniem tego procesu ale w rubryce Nazwa Użytkownika pisało SYSTEM więc pomyślałem że nie będę dotykał się do tego bo jeszcze coś gorzej się narobi. Dziś trochę ciut komputer spowolnił...ale zużycie procesora nie ba ale gdy klikam na start to zawsze po pierwszym kliknieciu na to szybko się właczało a teraz tak jakby o jedną sekundę dłużej. Poniżej daję log z ComboFixa i HJ.
HJ
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:36, on 2008-07-05
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Documents and Settings\Paweł\Pulpit\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SlowDownCPU] C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NaturalColorLoad.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
--
End of file - 5028 bytes
ComboFix
ComboFix 08-07-04.3 - Paweł 2008-07-05 10:45:01.5 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.415 [GMT 2:00]
Running from: C:\Program Files\Piosenki\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\btfunc.dll
.
((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 )))))))))))))))))))))))))))))))
.
2008-06-30 15:36 . 2008-06-30 15:36 <DIR> d-------- C:\Documents and Settings\Paweł\Dane aplikacji\HLSW
2008-06-24 19:00 . 2008-06-24 19:00 <DIR> dr-h----- C:\Documents and Settings\Paweł\Dane aplikacji\SecuROM
2008-06-22 21:07 . 2008-06-22 21:07 <DIR> d-------- C:\Program Files\SEC
2008-06-22 21:07 . 2001-02-19 14:18 443,392 --a------ C:\WINDOWS\system32\SliderExCtrl.ocx
2008-06-22 21:07 . 2001-02-06 15:29 65,536 --a------ C:\WINDOWS\system32\Gif89.dll
2008-06-22 20:53 . 2008-06-22 20:54 10 --a------ C:\WINDOWS\WININIT.INI
2008-06-22 16:57 . 2004-08-18 10:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-06-22 12:07 . 2008-06-22 12:07 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-06-21 13:20 . 2008-06-21 13:20 2,359,350 --a------ C:\WINDOWS\Tapeta-PhotoFiltre.bmp
2008-06-21 11:51 . 2008-06-21 11:51 <DIR> d-------- C:\Documents and Settings\Paweł\Dane aplikacji\SiteAdvisor
2008-06-21 11:51 . 2008-06-21 11:51 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\SiteAdvisor
2008-06-21 11:51 . 2008-06-21 11:51 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\McAfee
2008-06-20 17:55 . 2008-06-20 17:55 262 --a------ C:\WINDOWS\game.ini
2008-06-19 12:46 . 2008-06-19 12:46 87 --a------ C:\WINDOWS\cdplayer.ini
2008-06-19 12:00 . 2008-06-19 12:01 83,930,292 --a------ C:\Alcohol.mp3
2008-06-19 11:55 . 2008-06-19 11:55 <DIR> d-------- C:\Program Files\Absolute MP3 Splitter
2008-06-19 11:51 . 2008-06-19 11:51 <DIR> d-------- C:\Program Files\temp
2008-06-19 11:46 . 2008-06-19 11:46 <DIR> d-------- C:\Program Files\IDoser v4
2008-06-18 18:23 . 2008-06-18 18:23 62,464 --ahs---- C:\WINDOWS\Thumbs.db
2008-06-18 18:23 . 2008-06-18 18:23 13,824 --ahs---- C:\Thumbs.db
2008-06-17 23:01 . 2008-06-17 23:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-06-17 19:02 . 2008-06-17 19:02 <DIR> d-------- C:\Program Files\Robster Productions
2008-06-17 18:31 . 2008-06-17 18:31 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-16 16:57 . 2008-06-16 16:57 <DIR> d-------- C:\Program Files\PhotoFiltre Studio
2008-06-16 15:50 . 2008-06-16 15:50 45 ---h----- C:\WINDOWS\dsez9150.dat
2008-06-15 21:55 . 2008-06-15 21:55 <DIR> d-------- C:\Documents and Settings\Paweł\Dane aplikacji\Talkback
2008-06-15 21:55 . 2008-06-15 21:55 6,685,032 --a------ C:\Program Files\Firefox Setup 2.0.0.14.exe
2008-06-13 16:59 . 2008-06-13 16:59 <DIR> d-------- C:\Program Files\Real
2008-06-13 16:59 . 2008-06-13 16:59 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-06-13 16:59 . 2008-06-13 16:59 <DIR> d-------- C:\Program Files\Common Files\Real
2008-06-12 23:16 . 2008-06-12 23:16 <DIR> d-------- C:\Program Files\CPU Speed Pro
2008-06-10 18:06 . 2008-06-10 18:06 <DIR> d-------- C:\Program Files\SpeedFan
2008-06-10 18:06 . 2008-06-17 22:33 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-06-09 15:55 . 2008-06-09 15:55 <DIR> d-------- C:\Program Files\Common Files\EasyInfo
2008-06-08 20:00 . 2008-06-08 20:00 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-06-05 20:18 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 08:06 23,524 ----a-w C:\WINDOWS\system32\drivers\GVTDrv.sys
2008-06-24 17:00 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-19 15:47 46,080 --sha-w C:\Program Files\Thumbs.db
2008-05-31 21:12 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-05-27 18:08 --------- d-----w C:\Program Files\uTorrent
2008-05-27 18:08 --------- d-----w C:\Documents and Settings\Paweł\Dane aplikacji\uTorrent
2008-05-25 17:58 --------- d-----w C:\Program Files\True Sword 4
2008-05-25 17:58 --------- d-----w C:\Documents and Settings\Paweł\Dane aplikacji\True Sword
2008-05-17 11:35 --------- d-----w C:\Program Files\Google
2008-05-16 16:00 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-16 16:00 --------- d-----w C:\Documents and Settings\Paweł\Dane aplikacji\Corel
2008-05-16 16:00 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2008-05-15 14:54 --------- d-----w C:\Documents and Settings\Paweł\Dane aplikacji\Hamachi
2008-05-15 14:53 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-14 15:09 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth
2008-05-13 15:48 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-12 14:10 --------- d-----w C:\Documents and Settings\Paweł\Dane aplikacji\CursorArts
2008-05-12 09:58 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-05-12 09:58 249,856 ------w C:\WINDOWS\Setup1.exe
2008-05-10 16:48 --------- d-----w C:\Program Files\VIA
2008-05-10 16:44 --------- d-----w C:\Documents and Settings\Paweł\Dane aplikacji\ATI
2008-05-06 08:05 --------- d-----w C:\Documents and Settings\Paweł\Dane aplikacji\Samsung
2007-06-06 14:38 111,104 ----a-w C:\Program Files\StudioPL.plg
2005-02-25 01:22 208,896 ----a-w C:\WINDOWS\inf\MSI\SlowDownCPU\SlowDownCPU.exe
2005-02-22 05:47 39,040 ----a-w C:\WINDOWS\inf\MSI\SlowDownCPU\RushTop.sys
2005-02-22 05:47 143,360 ----a-w C:\WINDOWS\inf\MSI\SlowDownCPU\RushTop.dll
2004-11-01 08:12 23,424 ----a-w C:\WINDOWS\inf\MSI\SlowDownCPU\NTGLM7X.SYS
2004-11-01 08:11 94,208 ----a-w C:\WINDOWS\inf\MSI\SlowDownCPU\GLM7x.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-26 17:29 13312]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SlowDownCPU"="C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe" [2005-02-25 03:22 208896]
"VGAUtil"="C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe" [2004-09-17 13:32 552960]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AudioDeck"="C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 15:48 528384]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-13 16:59 180269]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-26 17:29 13312]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2008-06-22 21:07:26 155715]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-02-26 03:23 443968 D:\Picasa2\PicasaMediaDetector.exe
R0 videX32;videX32;C:\WINDOWS\System32\DRIVERS\videX32.sys [2007-09-21 17:49]
R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-05-16 01:20]
R2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\System32\Drivers\ousbehci.sys [2003-03-05 09:07]
R3 GVTDrv;GVTDrv;C:\WINDOWS\System32\drivers\GVTDrv.sys [2008-07-05 10:06]
R3 RushTopDevice;RushTopDevice;C:\WINDOWS\INF\MSI\SlowDownCPU\RushTop.sys [2005-02-22 07:47]
R3 SlowDownCPU;SlowDownCPU;C:\WINDOWS\INF\MSI\SlowDownCPU\NTGLM7X.sys [2004-11-01 10:12]
R3 xgdimirror;xgdimirror;C:\WINDOWS\System32\DRIVERS\xgdimirror.sys [2005-03-05 12:06]
S1 oxser;OX16C95x Serial port driver;C:\WINDOWS\System32\DRIVERS\oxser.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]
S3 usb2vcom;USB Data Cable;C:\WINDOWS\System32\DRIVERS\usb2vcom.sys [2005-08-06 05:06]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2001-08-17 22:03]
S3 viafilter;VIA USB Filter;C:\WINDOWS\System32\Drivers\viausb1.sys [2001-09-19 13:28]
*Newly Created Service* - CATCHME
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-BearShare - D:\Program Files\BearShare\BearShare.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 10:45:48
Windows 5.1.2600 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
Completion time: 2008-07-05 10:46:05
ComboFix-quarantined-files.txt 2008-07-05 08:46:04
Pre-Run: 4,247,085,056 bajtów wolnych
Post-Run: 4,274,487,296 bajtów wolnych
138
