Problem z iexplore.exe, 100% wykorzystania procesora! HELP

malylegia · 23 Listopad 2007 16:51

Witam,

od pewnego czasu mam problem z procesesm “iexplore.exe”. Komputer niedawno miał robioną instalację systemu. Po starcie windowsa komputer strasznie zamula! W task menager, w zakładce wydajnośc zużycie procesora wynosi 100%. Spojrzałem więc w procesach i proces “iexplore.exe” zabiera 99% procesora! Gdy zabije ten proces wszystko wraca do normy i komp śmiga jak należy…

Proszę o pomoc w tej sprawie.

Poniżej wklejam loga z hijackThis,SilentRunners i ComboFix.

Z góry dziękuje za pomoc!

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:46:31, on 2007-11-23 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\SpybotSearchDestroy\TeaTimer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O1 - Hosts: 82.146.60.44 http://www.postbank.de O1 - Hosts: 82.146.60.44 postbank.de O1 - Hosts: 82.146.60.44 direkt.postbank.de O1 - Hosts: 82.146.60.44 http://www.smile.co.uk O1 - Hosts: 82.146.60.44 smile.co.uk O1 - Hosts: 82.146.60.44 cahoot.com O1 - Hosts: 82.146.60.44 http://www.cahoot.com O1 - Hosts: 82.146.60.44 http://www.cahoot.co.uk O1 - Hosts: 82.146.60.44 cahoot.co.uk O1 - Hosts: 82.146.60.44 http://www.co-operativebank.co.uk O1 - Hosts: 82.146.60.44 co-operativebank.co.uk O1 - Hosts: 82.146.60.44 http://www.co-operativebank.com O1 - Hosts: 82.146.60.44 co-operativebank.com O1 - Hosts: 82.146.60.44 personal.barclays.co.uk O1 - Hosts: 82.146.60.44 barclays.co.uk O1 - Hosts: 82.146.60.44 http://www.barclays.co.uk O1 - Hosts: 82.146.60.44 barclays.touchclarity.com O1 - Hosts: 82.146.60.44 hsbc.co.uk O1 - Hosts: 82.146.60.44 http://www.hsbc.co.uk O1 - Hosts: 82.146.60.44 hsbc.touchclarity.com O1 - Hosts: 82.146.60.44 www1.member-hsbc-group.com O1 - Hosts: 82.146.60.44 lloydstsb.co.uk O1 - Hosts: 82.146.60.44 http://www.lloydstsb.co.uk O1 - Hosts: 82.146.60.44 lloydstsb.com O1 - Hosts: 82.146.60.44 http://www.lloydstsb.com O1 - Hosts: 82.146.60.44 mi.lloydstsb.com O1 - Hosts: 82.146.60.44 http://www.woolwich.co.uk O1 - Hosts: 82.146.60.44 woolwich.co.uk O1 - Hosts: 82.146.60.44 http://www.deutsche-bank.de O1 - Hosts: 82.146.60.44 deutsche-bank.de O1 - Hosts: 82.146.60.44 http://www.anbusiness.com O1 - Hosts: 82.146.60.44 anbusiness.com O1 - Hosts: 82.146.60.44 http://www.abbeyinternational.com O1 - Hosts: 82.146.60.44 http://www.barclays.com O1 - Hosts: 82.146.60.44 barclays.com O1 - Hosts: 82.146.60.44 ibank.internationalbanking.barclays.com O1 - Hosts: 82.146.60.44 offshore.hsbc.com O1 - Hosts: 82.146.60.44 http://www.lloydstsb-offshore.com O1 - Hosts: 82.146.60.44 lloydstsb-offshore.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\SpybotSearchDestroy\SDHelper.dll O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [spybotSD TeaTimer] C:\SpybotSearchDestroy\TeaTimer.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SpybotSearchDestroy\SDHelper.dll O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SpybotSearchDestroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe – End of file - 5706 bytes

“Silent Runners.vbs”, revision 52, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] “SpybotSD TeaTimer” = “C:\SpybotSearchDestroy\TeaTimer.exe” [“Safer Networking Limited”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [“ALWIL Software”] “ATICCC” = ““C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe”” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = “Spybot-S&D IE Protection” \InProcServer32(Default) = “C:\SpybotSearchDestroy\SDHelper.dll” [“Safer Networking Limited”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{5E2121EE-0300-11D4-8D3B-444553540000}” = “Catalyst Context Menu extension” -> {HKLM…CLSID} = “SimpleShlExt Class” \InProcServer32(Default) = “C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll” [empty string] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{B327765E-D724-4347-8B16-78AE18552FC3}” = “NeroDigitalIconHandler” -> {HKLM…CLSID} = “NeroDigitalIconHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] “{7F1CF152-04F8-453A-B34C-E609530A9DC8}” = “NeroDigitalPropSheetHandler” -> {HKLM…CLSID} = “NeroDigitalPropSheetHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] HKLM\System\CurrentControlSet\Control\Session Manager\ <> “BootExecute” = “autocheck autochk *”| [file not found]| [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = “NeroDigitalExt.NeroDigitalColumnHandler” -> {HKLM…CLSID} = “NeroDigitalColumnHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

ComboFix 07-11-19.3 - Popielarz 2007-11-23 18:05:22.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.200 [GMT 1:00] Running from: C:\Documents and Settings\Popielarz\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-10-23 to 2007-11-23 ))))))))))))))))))))))))))))))) . 2007-11-23 17:45 2007-11-23 16:35 2007-11-23 16:34 2007-11-23 16:34 2007-11-23 16:34 2007-11-23 16:34 2007-11-23 16:34 2007-11-23 16:34 2007-11-23 16:34 2007-11-23 14:25 2007-11-23 14:25 2007-11-23 14:23 2007-11-23 14:21 2,855,080 --a------ C:\aawsepersonal(dobreprogramy.pl).exe 2007-11-23 14:20 7,467,056 --a------ C:\spybotsd15.exe 2007-11-23 14:10 2007-11-22 21:31 221,611 --a------ C:\WINDOWS\system32\UGapcsHo.exe 2007-11-22 21:30 69,632 --a------ C:\WINDOWS\system32\gate.exe 2007-11-22 21:29 71,595 --a------ C:\WINDOWS\system32\QrJsvJsx.exe 2007-11-22 20:38 8 --a------ C:\WINDOWS\system32\1.htm 2007-11-22 18:21 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys 2007-11-22 17:27 2007-11-22 15:23 2007-11-22 15:21 2007-11-22 15:14 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe 2007-11-22 14:49 129,254 --a------ C:\WINDOWS\system32\TZLog.log 2007-11-22 14:27 97,280 --a------ C:\WINDOWS\system32\dpcdll.dll.wga 2007-11-22 14:27 29,338 --a------ C:\WINDOWS\system32\EULA.TXT.wga 2007-11-22 14:27 24,064 --a------ C:\WINDOWS\system32\pidgen.dll.wga 2007-11-22 14:27 13,588 --a------ C:\WINDOWS\system32\wpa.bak 2007-11-22 13:50 2007-11-22 13:44 2007-11-22 13:44 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-11-22 13:34 2007-11-22 13:33 2007-11-22 13:33 2007-11-22 13:33 2007-11-22 13:33 2007-11-22 13:30 2007-11-22 13:29 2007-11-22 13:28 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-11-22 13:28 389,120 --a------ C:\WINDOWS\system32\lameACM.acm 2007-11-22 13:28 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-11-22 13:28 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-11-22 13:28 164,352 --a------ C:\WINDOWS\system32\unrar.dll 2007-11-22 13:28 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm 2007-11-22 13:28 414 --a------ C:\WINDOWS\system32\lame_acm.xml 2007-11-22 13:27 2007-11-22 13:27 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-11-22 13:27 739,840 --a------ C:\WINDOWS\system32\divx.dll 2007-11-22 13:27 81,920 --a------ C:\WINDOWS\system32\dpl100.dll 2007-11-22 13:27 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-11-22 13:27 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest 2007-11-22 13:25 2007-11-22 13:23 2007-11-22 13:23 2007-11-22 13:17 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-11-22 13:14 2007-11-22 13:14 2007-11-22 13:07 2007-11-22 13:02 2007-11-22 12:58 2007-11-22 12:51 1,114,674 -ra------ C:\WINDOWS\system32\drivers\ativcaxx.cpa 2007-11-22 12:51 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe 2007-11-22 12:51 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll 2007-11-22 12:51 133,246 -ra------ C:\WINDOWS\system32\atiicdxx.dat 2007-11-22 12:51 58,560 -ra------ C:\WINDOWS\system32\drivers\ativckxx.vp 2007-11-22 12:51 31,696 -ra------ C:\WINDOWS\system32\drivers\ativvpxx.vp 2007-11-22 12:51 6,126 -ra------ C:\WINDOWS\system32\atifglpf.xml 2007-11-22 12:51 929 -ra------ C:\WINDOWS\system32\drivers\ativcaxx.vp 2007-11-22 12:50 2007-11-22 12:34 2007-11-22 12:34 2007-11-22 12:34 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-11-22 12:34 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-11-22 12:34 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-11-22 12:24 2007-11-22 12:23 2007-11-22 12:23 2007-11-22 11:59 2007-11-22 11:59 2007-11-22 11:58 2007-11-22 11:54 2007-11-22 11:54 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-11-22 11:54 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-11-22 11:54 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll 2007-11-22 11:54 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2007-11-22 11:54 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll 2007-11-22 11:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-11-22 11:54 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-11-22 11:54 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-11-22 11:54 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-11-22 11:54 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-11-22 11:54 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-11-22 11:49 2007-11-22 11:49 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav 2007-11-22 11:49 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav 2007-11-22 11:47 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-11-22 11:47 142,464 --a–c— C:\WINDOWS\system32\dllcache\aec.sys 2007-11-22 11:47 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax 2007-11-22 11:47 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-22 10:45 315,392 ----a-w C:\WINDOWS\HideWin.exe 2007-11-22 10:37 14,656 ----a-w C:\WINDOWS\gdrv.sys 2007-11-22 00:22 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-22 00:19 --------- d-----w C:\Program Files\Usługi online . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 08:39] “SpybotSD TeaTimer”=“C:\SpybotSearchDestroy\TeaTimer.exe” [2007-08-31 16:46] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 12:06] “ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe” [2006-05-10 11:12] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 23:44] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2005-10-28 16:25 94208 --a------ C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Network Services Controller] C:\WINDOWS\system32\mmsvc32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spools Service Controller] C:\WINDOWS\system32\spools.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2007-10-10 06:28 36352 --a------ C:\Program Files\Winamp\winampa.exe S3 gdrv;gdrv;??\C:\WINDOWS\gdrv.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{636bb9f8-991f-11dc-a7d5-001a4d83227d}] \Shell\AutoRun\command - G:\ \Shell\open\Command - G:.\autorun.exe explore *Newly Created Service* - CATCHME *Newly Created Service* - HTTPFILTER . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-23 18:06:46 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … C:\WINDOWS\erdnt scan completed successfully hidden files: 1 ************************************************************************** . Completion time: 2007-11-23 18:07:29 . — E O F —

dashmen · 23 Listopad 2007 22:56

O1 - Hosts: 82.146.60.44 http://www.postbank.de O1 - Hosts: 82.146.60.44 postbank.de O1 - Hosts: 82.146.60.44 direkt.postbank.de O1 - Hosts: 82.146.60.44 http://www.smile.co.uk O1 - Hosts: 82.146.60.44 smile.co.uk O1 - Hosts: 82.146.60.44 cahoot.com O1 - Hosts: 82.146.60.44 http://www.cahoot.com O1 - Hosts: 82.146.60.44 http://www.cahoot.co.uk O1 - Hosts: 82.146.60.44 cahoot.co.uk O1 - Hosts: 82.146.60.44 http://www.co-operativebank.co.uk O1 - Hosts: 82.146.60.44 co-operativebank.co.uk O1 - Hosts: 82.146.60.44 http://www.co-operativebank.com O1 - Hosts: 82.146.60.44 co-operativebank.com O1 - Hosts: 82.146.60.44 personal.barclays.co.uk O1 - Hosts: 82.146.60.44 barclays.co.uk O1 - Hosts: 82.146.60.44 http://www.barclays.co.uk O1 - Hosts: 82.146.60.44 barclays.touchclarity.com O1 - Hosts: 82.146.60.44 hsbc.co.uk O1 - Hosts: 82.146.60.44 http://www.hsbc.co.uk O1 - Hosts: 82.146.60.44 hsbc.touchclarity.com O1 - Hosts: 82.146.60.44 www1.member-hsbc-group.com O1 - Hosts: 82.146.60.44 lloydstsb.co.uk O1 - Hosts: 82.146.60.44 http://www.lloydstsb.co.uk O1 - Hosts: 82.146.60.44 lloydstsb.com O1 - Hosts: 82.146.60.44 http://www.lloydstsb.com O1 - Hosts: 82.146.60.44 mi.lloydstsb.com O1 - Hosts: 82.146.60.44 http://www.woolwich.co.uk O1 - Hosts: 82.146.60.44 woolwich.co.uk O1 - Hosts: 82.146.60.44 http://www.deutsche-bank.de O1 - Hosts: 82.146.60.44 deutsche-bank.de O1 - Hosts: 82.146.60.44 http://www.anbusiness.com O1 - Hosts: 82.146.60.44 anbusiness.com O1 - Hosts: 82.146.60.44 http://www.abbeyinternational.com O1 - Hosts: 82.146.60.44 http://www.barclays.com O1 - Hosts: 82.146.60.44 barclays.com O1 - Hosts: 82.146.60.44 ibank.internationalbanking.barclays.com O1 - Hosts: 82.146.60.44 offshore.hsbc.com O1 - Hosts: 82.146.60.44 http://www.lloydstsb-offshore.com O1 - Hosts: 82.146.60.44 lloydstsb-offshore.com

usuń w HJT

Gutek · 23 Listopad 2007 23:43

dashmen aa Combo kto sprawdzi?

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo