Problem z wydajnością komputera


(Marcin Korkus) #1

Witam serdecznie,

Od pewnego momentu komputer ma problem z wydajnością. Wszystko długo się otwiera. Podejrzewam że coś prześliznęło się do mojego komputera.

Przeskanowałem komputer HijackThis i zauważyłem ten wpis:

\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

Chciałem jeszcze z Wami o tym porozmawiać. Czy to powinienem usunąć? Poniżej cały log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:22:11, on 2011-07-13

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\AVAST Software\Avast\afwServ.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

E:\INSTALLED_PROGRAMS\APACHE\bin\httpd.exe

C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe

E:\INSTALLED_PROGRAMS\APACHE\bin\httpd.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

D:\Pobieranie\HiJackThis.exe


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\INSTALLED_PROGRAMS\OFFICE\Office12\GrooveShellExtensions.dll

O2 - BHO: IVONA Reader - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files\IVONA\IVONA Reader\integr\IR_iexplorer2.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: IVONA Reader - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files\IVONA\IVONA Reader\integr\IR_iexplorer2.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [GrooveMonitor] "E:\INSTALLED_PROGRAMS\OFFICE\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [WinampAgent] E:\INSTALLED_PROGRAMS\Winamp\winampa.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\INSTALLED_PROGRAMS\DAEMON\DTLite.exe" -autorun

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [IVONA Reader] "C:\Program Files\IVONA\IVONA Reader\IVONA Reader.exe.exe" -t -nosplash

O4 - HKCU\..\Run: [IROElauncher] C:\Program Files\IVONA\IVONA Reader\integr\OutlookExpress\IROElauncher.exe

O4 - HKCU\..\Run: [IVONA ControlCenter] "C:\Program Files\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe" --action=run-silent

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-484763869-1770027372-682003330-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'marcin')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Monitor Apache Servers.lnk = E:\INSTALLED_PROGRAMS\APACHE\bin\ApacheMonitor.exe

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://E:\INSTAL~1\OFFICE\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\INSTAL~1\OFFICE\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\INSTAL~1\OFFICE\Office12\ONBttnIE.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\INSTAL~1\OFFICE\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\INSTALLED_PROGRAMS\OFFICE\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apache2.2 - Apache Software Foundation - E:\INSTALLED_PROGRAMS\APACHE\bin\httpd.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe

O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe


--

End of file - 8789 bytes

(Szymon606) #2

problem-wmiadap-exe-t134893.html Przeczytaj to. Może znajdziesz odpowiedź na swój problem.


(Marcin Korkus) #3

Niestety to nie jest wina usługi Windows Management Instrumentation.

Objawy są następujące:

  • spowolnienie uruchamiania się Windowsa,

  • dyskomfort pracy spowodowany dużym zużyciem procesora ( jest to widoczne np. po kursorze myszki, który się "przycina").

W Menedżerze zadań nic nie widać, ten proces bardzo dobrze się ukrywa. Coś zużywa procesor ponad 50%, a z procesów wynika że powinno to być około 10%.

Skanowałem komputer:

  • Avast Internet Security z opcją skanowania przed uruchomieniem Windowsa,

  • Windows Defenderem,

  • Spybot Search & Destroy,

  • Hitman Pro 3.5.

Aktualne logi z HiJackThis:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:09:47, on 2011-07-15

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

E:\INSTALLED_PROGRAMS\WindowsDefender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\AVAST Software\Avast\afwServ.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

E:\INSTALLED_PROGRAMS\Winamp\winampa.exe

E:\INSTALLED_PROGRAMS\DAEMON\DTLite.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\IVONA\IVONA Reader\integr\OutlookExpress\IROElauncher.exe

C:\Program Files\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe

E:\INSTALLED_PROGRAMS\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

E:\INSTALLED_PROGRAMS\APACHE\bin\ApacheMonitor.exe

C:\WINDOWS\system32\spoolsv.exe

E:\INSTALLED_PROGRAMS\APACHE\bin\httpd.exe

C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe

E:\INSTALLED_PROGRAMS\APACHE\bin\httpd.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\NOTEPAD.EXE

E:\INSTALLED_PROGRAMS\FIREFOX5\firefox.exe

C:\WINDOWS\system32\mmc.exe

E:\INSTALLED_PROGRAMS\ProcessScanner\ProcessScanner.exe

D:\Pobieranie\HiJackThis.exe


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\INSTAL~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\INSTALLED_PROGRAMS\OFFICE\Office12\GrooveShellExtensions.dll

O2 - BHO: IVONA Reader - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files\IVONA\IVONA Reader\integr\IR_iexplorer2.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: IVONA Reader - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files\IVONA\IVONA Reader\integr\IR_iexplorer2.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [WinampAgent] E:\INSTALLED_PROGRAMS\Winamp\winampa.exe

O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot

O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\INSTALLED_PROGRAMS\DAEMON\DTLite.exe" -autorun

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [IROElauncher] C:\Program Files\IVONA\IVONA Reader\integr\OutlookExpress\IROElauncher.exe

O4 - HKCU\..\Run: [IVONA ControlCenter] "C:\Program Files\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe" --action=run-silent

O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\INSTALLED_PROGRAMS\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Monitor Apache Servers.lnk = E:\INSTALLED_PROGRAMS\APACHE\bin\ApacheMonitor.exe

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://E:\INSTAL~1\OFFICE\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\INSTAL~1\OFFICE\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\INSTAL~1\OFFICE\Office12\ONBttnIE.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\INSTAL~1\OFFICE\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\INSTAL~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\INSTAL~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\INSTALLED_PROGRAMS\OFFICE\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apache2.2 - Apache Software Foundation - E:\INSTALLED_PROGRAMS\APACHE\bin\httpd.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe

O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe


--

End of file - 9112 bytes

Logi ComboFix:

ComboFix 11-07-15.01 - root 2011-07-15 17:17:45.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1250.48.1033.18.2038.1235 [GMT 2:00]

Uruchomiony z: d:\pobieranie\ComboFix.exe

.

.

((((((((((((((((((((((((( Pliki utworzone od 2011-06-15 do 2011-07-15 )))))))))))))))))))))))))))))))

.

.

2011-07-15 15:03 . 2011-07-15 15:06	--------	d-----w-	C:\32788R22FWJFW

2011-06-22 00:07 . 2011-07-14 17:39	--------	d-----r-	C:\Program Files

2011-06-22 00:05 . 2011-07-13 18:19	--------	d-----w-	C:\Documents and Settings

.

.

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-02 14:02 . 2004-08-04 12:00	1858944	----a-w-	c:\windows\system32\win32k.sys

2011-04-29 17:25 . 2004-08-04 12:00	151552	----a-w-	c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2004-08-04 12:00	456320	----a-w-	c:\windows\system32\drivers\mrxsmb.sys

2011-04-26 11:07 . 2004-08-04 12:00	33280	----a-w-	c:\windows\system32\csrsrv.dll

2011-04-26 11:07 . 2004-08-04 12:00	293376	----a-w-	c:\windows\system32\winsrv.dll

2011-04-25 16:11 . 2004-08-04 12:00	916480	----a-w-	c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2004-08-04 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2004-08-04 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2004-08-04 12:00	385024	----a-w-	c:\windows\system32\html.iec

2011-04-21 13:37 . 2004-08-04 12:00	105472	----a-w-	c:\windows\system32\drivers\mup.sys

.

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-07-04 11:43	122512	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="e:\installed_programs\DAEMON\DTLite.exe" [2011-01-20 1305408]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]

"IROElauncher"="c:\program files\IVONA\IVONA Reader\integr\OutlookExpress\IROElauncher.exe" [2008-09-24 86016]

"IVONA ControlCenter"="c:\program files\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe" [2011-04-06 1659768]

"SpybotSD TeaTimer"="e:\installed_programs\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000]

"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2007-08-23 53248]

"AGRSMMSG"="AGRSMMSG.exe" [2006-08-30 89542]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"WinampAgent"="e:\installed_programs\Winamp\winampa.exe" [2011-03-22 74752]

"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2011-07-14 6599488]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

BTTray.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2006-1-17 618557]

Monitor Apache Servers.lnk - e:\installed_programs\APACHE\bin\ApacheMonitor.exe [2011-5-20 41051]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 09:44	31072	----a-w-	e:\installed_programs\OFFICE\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ose"=3 (0x3)

"odserv"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"gupdatem"=3 (0x3)

"gupdate"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"e:\\INSTALLED_PROGRAMS\\OFFICE\\Office12\\OUTLOOK.EXE"=

"e:\\INSTALLED_PROGRAMS\\OFFICE\\Office12\\GROOVE.EXE"=

"e:\\INSTALLED_PROGRAMS\\OFFICE\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-06-22 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-06-22 194264]

R0 hotcore3;Hotcore helper;c:\windows\system32\drivers\hotcore3.sys [2011-06-22 40496]

R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-06-22 103384]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-06-22 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-06-22 309848]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-06-22 218688]

R2 Apache2.2;Apache2.2;e:\installed_programs\APACHE\bin\httpd.exe [2011-05-20 20549]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-06-22 19544]

R2 WinDefend;Windows Defender;e:\installed_programs\WindowsDefender\MsMpEng.exe [2006-11-03 13592]

S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2011-06-22 121000]

S4 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-22 136176]

S4 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-22 136176]

.

Zawartość folderu 'Zaplanowane zadania'

.

2011-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-22 00:08]

.

2011-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-22 00:08]

.

2011-07-15 c:\windows\Tasks\MP Scheduled Scan.job

- e:\installed_programs\WindowsDefender\MpCmdRun.exe [2006-11-03 17:20]

.

.

------- Skan uzupełniający -------

.

IE: E&ksportuj do programu Microsoft Excel - e:\instal~1\OFFICE\Office12\EXCEL.EXE/3000

IE: Wyślij do urządzenia &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\root\Application Data\Mozilla\Firefox\Profiles\mi9samko.default\

.

- - - - USUNIĘTO PUSTE WPISY - - - -

.

HKCU-Run-IVONA Reader - c:\program files\IVONA\IVONA Reader\IVONA Reader.exe.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-15 17:31

Windows 5.1.2600 Service Pack 3 NTFS

.

skanowanie ukrytych procesów ...  

.

skanowanie ukrytych wpisów autostartu ... 

.

skanowanie ukrytych plików ...  

.

.

C:\## aswSnx private storage

.

skanowanie pomyślnie ukończone

ukryte pliki: 1

.

**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

.

- - - - - - - > 'explorer.exe'(2772)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

Czas ukończenia: 2011-07-15 17:37:18

ComboFix-quarantined-files.txt 2011-07-15 15:37

.

Przed: 12 898 566 144 bytes free

Po: 12 975 083 520 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 7EF088E596FF5FE5CBB6B48D38C847E6

Czy ktoś z Was widzi tu coś podejrzanego?

-- Dodane 15.07.2011 (Pt) 22:44 --

Zainstalowałem ponadto Process Hacker i widzę że zasoby procesora (w przybliżeniu 30%) są wykorzystywane przez proces Interrupts.

Dziwnie to wszystko się zbiegło z przeglądaniem stron XXX.

Ale programy do wykrywania podejrzanych programów nic nie znajdują.

-- Dodane 16.07.2011 (So) 21:36 --

Gdyby ktoś miał podobny problem, to ja naprawiłem to poprzez płyte instalacyjną Windowsa.

Czyli bootujemy z niej Windowsa, tak jakgdybyśmy chcieli zainstalować system.

Następnie wybieramy opcję napraw istniejącą instalację Windowsa.

I teraz już nie muli.