COMBOFIX Duże obciazenie systemu ekrn.exe 100% CPU

djzon · 25 Wrzesień 2008 10:41

Mam antywirusa ktory nie powinien spowalniac system NOD32 ESET Smart Security 3 a proces zwiazany z tym programem ekrn.exe 100% CPU.Prosze o sprwdzenie logow.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:56:34, on 2008-09-25

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\csrss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe

D:\WINDOWS\system32\rundll32.exe

D:\WINDOWS\system32\VTTimer.exe

D:\WINDOWS\system32\S3Trayp.exe

D:\Program Files\ESET\ESET Smart Security\egui.exe

D:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe

D:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe

D:\Program Files\Norton Ghost\Agent\VProTray.exe

D:\WINDOWS\regx32.exe

D:\Program Files\Unlocker\UnlockerAssistant.exe

D:\WINDOWS\system32\ctfmon.exe

H:\Sierpień 2008 cz.1\01-15.08.2008\RapidHacker_Final_v3.2\USDownloader.exe

D:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe

D:\Program Files\4t Tray Minimizer\4t-min.exe

C:\Program Files\GetSmart\GetSmart.exe

D:\WINDOWS\Integrator.exe

D:\Program Files\neostrada tp\neostradatp.exe

D:\Program Files\neostrada tp\ComComp.exe

D:\PROGRA~1\NEOSTR~1\Toaster.exe

D:\PROGRA~1\NEOSTR~1\Inactivity.exe

D:\PROGRA~1\NEOSTR~1\PollingModule.exe

D:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

D:\Program Files\Bonjour\mDNSResponder.exe

D:\Program Files\ESET\ESET Smart Security\ekrn.exe

D:\WINDOWS\System32\FTRTSVC.exe

D:\Program Files\iolo\common\lib\ioloServiceManager.exe

D:\Program Files\Norton Ghost\Agent\VProSvc.exe

D:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe

D:\WINDOWS\system32\wdfmgr.exe

D:\WINDOWS\System32\alg.exe

D:\Program Files\neostrada tp\Watch.exe

D:\Program Files\Symantec\Norton AntiBot\agent\bin\NABMonitor.exe

D:\WINDOWS\system32\wuauclt.exe

D:\Program Files\iolo\System Mechanic Professional\SMTrayNotify.exe

D:\WINDOWS\system32\taskmgr.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Program Files\Player\Player.exe

H:\Sierpień 2008 cz.2\hijackthis.exe

D:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM…\Run: [WOOTASKBARICON] D:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe

O4 - HKLM…\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar

O4 - HKLM…\Run: [VTTimer] VTTimer.exe

O4 - HKLM…\Run: [s3Trayp] S3Trayp.exe

O4 - HKLM…\Run: [egui] “D:\Program Files\ESET\ESET Smart Security\egui.exe” /hide /waitservice

O4 - HKLM…\Run: [NortonAntiBot] “D:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe”

O4 - HKLM…\Run: [WinampAgent] “D:\Program Files\Winamp\winampa.exe”

O4 - HKLM…\Run: [Norton Ghost 12.0] “D:\Program Files\Norton Ghost\Agent\VProTray.exe”

O4 - HKLM…\Run: [TrialReset] D:\WINDOWS\regx32.exe

O4 - HKLM…\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM…\Run: [unlockerAssistant] “D:\Program Files\Unlocker\UnlockerAssistant.exe”

O4 - HKCU…\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [uSDownloader] “H:\Sierpień 2008 cz.1\01-15.08.2008\RapidHacker_Final_v3.2\USDownloader.exe”

O4 - HKCU…\Run: [speedX] D:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe

O4 - HKCU…\Run: [Tweak-XP Pro] “D:\Program Files\Tweak-XP Pro 4\autostart.exe”

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Startup: 4t Tray Minimizer.lnk = D:\Program Files\4t Tray Minimizer\4t-min.exe

O4 - Startup: AntiCrash.lnk = D:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe

O4 - Startup: GetSmart.lnk = C:\Program Files\GetSmart\GetSmart.exe

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip…{7739462B-6B0A-48A4-91CF-3274BDE16426}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS1\Services\Tcpip…{7739462B-6B0A-48A4-91CF-3274BDE16426}: NameServer = 194.204.159.1 217.98.63.164

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - D:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - D:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - D:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: SymantecAntiBotAgent - Symantec - D:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe

O23 - Service: SymantecAntiBotWatcher - Symantec - D:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe

–

End of file - 8125 bytes

Patryk94 · 25 Wrzesień 2008 11:55

D:\Program Files\ESET\ESET Smart Security\ekrn.exe

Niestety to jest proces Twojego antywirusa. Po drugie wklejaj logi na http://wklej.org/ a na forum zamieszczaj tylko linka.

Pozdrawiam

huber2t · 25 Wrzesień 2008 12:02

Podaj log z Combofix

djzon · 25 Wrzesień 2008 12:46

Log z COMBOFIX:

http://wklej.org/id/6472/

huber2t · 25 Wrzesień 2008 13:02

Log wyglada na czysty

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar całego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!