Obciążający Internet explorer procesor na 100%

Dla specjalistów Bezpieczeństwo
#1

Mój laptop ma cały czas obciążenie procesora bardzo wysokie. W momencie uruchomienia internet exploratora osiąga 100% i przez dłuższy czas się taki utrzymuje. Poniżej przesyłam log i proszę o pomoc.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:29:18, on 2008-09-07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\HPConfig.exe

C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\HPQ\One-Touch\OneTouch.EXE

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\WINDOWS\System32\hphmon05.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\WINDOWS\system32\carpserv.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\DAP\DAP.EXE

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O4 - HKLM…\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM…\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s

O4 - HKLM…\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE

O4 - HKLM…\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM…\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM…\Run: [HP Software Update] “c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe”

O4 - HKLM…\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM…\Run: [AdaptecDirectCD] “C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe”

O4 - HKLM…\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM…\Run: [CARPService] carpserv.exe

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY

O4 - HKLM…\Run: [DownloadAccelerator] “C:\Program Files\DAP\DAP.EXE” /STARTUP

O4 - HKLM…\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM…\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM…\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE

O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe

O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

O23 - Service: Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC (UserAccess) - Unknown owner - C:\PROGRAM FILES\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe (file missing)

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

End of file - 9575 bytes

#2

Usuń te wpisy w HJT

Uruchom HijackThis - Do a system scan only - w oknie programu pokaże się log - zaznacz kratki przy podanych wpisach - klikasz Fix checked

Pobierz Combofix ale nie uruchamiaj wklej do notatnika:

Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum.

Usuń ręcznie folder C:\Qoobox , usuń instalkę Combofix z dysku.

#3

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350

#4

Wykonałem wszystko zgodie z instrukcją, niestety nadal bez zmian. Po uruchomieniu internetu procesor obciążony na 100% i na długo taki stan się utrzymuje. Po jakimś czasie obciążenie maleje, ale cały czas sie zmienia.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:43:03, on 2008-09-08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\HPConfig.exe

C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\HPQ\One-Touch\OneTouch.EXE

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\WINDOWS\System32\hphmon05.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\WINDOWS\system32\carpserv.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\DAP\DAP.EXE

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)

O4 - HKLM…\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM…\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s

O4 - HKLM…\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE

O4 - HKLM…\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM…\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM…\Run: [HP Software Update] “c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe”

O4 - HKLM…\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM…\Run: [AdaptecDirectCD] “C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe”

O4 - HKLM…\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM…\Run: [CARPService] carpserv.exe

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY

O4 - HKLM…\Run: [DownloadAccelerator] “C:\Program Files\DAP\DAP.EXE” /STARTUP

O4 - HKLM…\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM…\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM…\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE

O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe

O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

O23 - Service: Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC (UserAccess) - Unknown owner - C:\PROGRAM FILES\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe (file missing)

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

End of file - 9000 bytes

#5

Ten log jest nam nie potrzebny daj log z usuwania z comobfix

fix w hijackthis

#6

ComboFix 08-09-05.08 - a 2008-09-08 21:55:42.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.446 [GMT 2:00]

Running from: C:\Documents and Settings\a\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\a\Desktop\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\AskSBar

C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR

C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST

C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE

C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR

C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST

C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL

C:\Program Files\AskSBar\bar\Cache\0003C8E4

C:\Program Files\AskSBar\bar\Cache\009A8B37.bin

C:\Program Files\AskSBar\bar\Cache\009A8F20.bin

C:\Program Files\AskSBar\bar\Cache\009A962B.bin

C:\Program Files\AskSBar\bar\Cache\files.ini

C:\Program Files\AskSBar\bar\History\search2

C:\Program Files\AskSBar\bar\Settings\prevcfg2.htm

C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

.

((((((((((((((((((((((((( Files Created from 2008-08-08 to 2008-09-08 )))))))))))))))))))))))))))))))

.

2008-09-07 21:28 . 2008-09-07 21:28

2008-09-05 22:01 . 2008-09-06 21:00

2008-09-05 20:26 . 2008-05-01 16:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

2008-08-30 22:51 . 2008-08-30 22:52

2008-08-28 11:24 . 2008-08-28 11:26

2008-08-16 08:58 . 2008-08-16 08:58

2008-08-16 08:58 . 2008-08-16 08:58

2008-08-13 20:22 . 2008-08-13 21:08

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-08 19:43 --------- d—a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-09-07 22:46 --------- d-----w C:\Documents and Settings\a\Application Data\Skype

2008-09-07 19:08 --------- d-----w C:\Documents and Settings\a\Application Data\skypePM

2008-09-05 21:05 --------- d-----w C:\Program Files\IrfanView

2008-08-15 15:13 --------- d-----w C:\Program Files\AidemMedia

2008-07-28 15:28 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-07-28 15:28 --------- d-----w C:\Program Files\Ubisoft

2008-07-26 21:00 --------- d-----w C:\Program Files\SkanerOnline

2008-07-26 20:36 --------- d-----w C:\Program Files\Spybot - Search Destroy

2008-07-12 18:52 --------- d-----w C:\Documents and Settings\a\Application Data\MSN6

2008-07-08 20:37 --------- d-----w C:\Program Files\Common Files\snp2std

2008-07-08 20:36 --------- d-----w C:\Documents and Settings\a\Application Data\InstallShield

2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-07 20:32 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll

2008-07-06 14:26 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll

2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll

2008-06-24 08:57 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-06-23 09:20 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-06-23 09:20 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys

2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe

1999-05-17 09:58 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL

1998-12-08 22:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL

1998-12-08 22:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL

1998-12-08 22:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL

1998-12-08 22:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL

1998-12-08 22:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 1694208]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 15360]

“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2008-07-26 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Broadcom Wireless Manager UI”=“C:\WINDOWS\system32\WLTRAY” [X]

“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2002-08-15 290816]

“Display Settings”=“C:\Program Files\HPQ\Notebook Utilities\hptasks.exe” [2002-08-15 45056]

“QT4HPOT”=“C:\Program Files\HPQ\One-Touch\OneTouch.EXE” [2003-03-13 106496]

“SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2003-05-22 110592]

“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2003-05-23 610304]

“HPHUPD05”=“c:\Program Files\Hewlett-Packard{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe” [2003-05-23 49152]

“HP Software Update”=“c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe” [2002-12-17 49152]

“HPHmon05”=“C:\WINDOWS\System32\hphmon05.exe” [2003-05-23 483328]

“AdaptecDirectCD”=“C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe” [2003-03-26 684032]

“Cpqset”=“C:\Program Files\HPQ\Default Settings\cpqset.exe” [2003-10-06 196670]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 155648]

“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2006-09-22 155648]

“DownloadAccelerator”=“C:\Program Files\DAP\DAP.EXE” [2008-07-06 3057152]

“FixCamera”=“C:\WINDOWS\FixCamera.exe” [2007-07-11 20480]

“tsnp2std”=“C:\WINDOWS\tsnp2std.exe” [2007-05-12 270336]

“snp2std”=“C:\WINDOWS\vsnp2std.exe” [2007-09-28 344064]

“avgnt”=“C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” [2008-02-12 262401]

“ATIModeChange”=“Ati2mdxx.exe” [2002-08-16 C:\WINDOWS\system32\Ati2mdxx.exe]

“CARPService”=“carpserv.exe” [2003-05-21 C:\WINDOWS\system32\carpserv.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-02-04 113664]

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE [1999-05-17 46080]

Wireless-G Notebook Adapter.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2008-04-19 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“vidc.xvid”= xvid.dll

“msacm.l3codecp”= l3codecp.acm

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\Program Files\SopCast\adv\SopAdver.exe”=

“C:\Program Files\SopCast\SopCast.exe”=

“C:\Program Files\wLite\wLite.exe”=

“C:\Program Files\Messenger\msmsgs.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

R0 AFPAnsi;G-DATA Ukrywacz Ansi;C:\WINDOWS\system32\Drivers\AFPAnsi.sys [2002-10-09 43904]

R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys [2004-03-12 156800]

R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys [2004-03-12 5248]

R0 FO_PAnt;FotoOffice VirtualDisc Driver;C:\WINDOWS\system32\Drivers\FO_PAnt.sys [2003-07-17 89216]

R2 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe [2003-11-13 455680]

R3 ALiIRDA;ALi Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\aliirda.sys [2003-07-10 26112]

R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\system32\drivers\caliaud.sys [2002-11-05 291328]

R3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\calihal.sys [2002-11-05 244608]

R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 17142]

R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS [2003-07-17 28280]

R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 173056]

S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-09-05 12212864]

S4 Citiskuadi;Citiskuadi;C:\WINDOWS\System32\drivers\tdpipe.sys [2004-08-04 12040]

.

Contents of the ‘Scheduled Tasks’ folder

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-08 22:02:42

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe???4?7?7?8??? ???B???B? ???

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-09-08 22:06:48

ComboFix-quarantined-files.txt 2008-09-08 20:06:35

ComboFix2.txt 2008-07-28 16:10:33

Pre-Run: 483,000,320 bytes free

Post-Run: 568,352,768 bajtów wolnych

159 — E O F — 2008-09-07 22:48:33

#7

Log wyglada na czysty

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar całego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!