Prosze o pomoc - log

IP: *.neoplus.adsl.tpnet.pl 07.02.07, 23:21
Program windows worms doors cleaner, napisał mi mi, że mam zainfekowany
komputer. Też mi się to wydaje prawdopodobne, bo przy 30 procesach użycie
procesora mam 100%.
Logfile of HijackThis v1.99.1
Scan saved at 23:19:04, on 2007-02-07
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Beniamin\tguard.exe
E:\Program Files\eMule\emule.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jarecki\Pulpit\hijackthis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-
fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} -
C:\Program Files\Multi_Media\tbMult.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} -
C:\Program Files\Multi_Media\tbMult.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [tguard] C:\Program Files\Beniamin\tguard.exe
O4 - HKCU\..\Run: [eMuleAutoStart] E:\Program Files\eMule\emule.exe -AutoStart
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program
Files\MP3 Player Utilities 3.76\AMVConverter\grab.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file -
C:\Program Files\MP3 Player Utilities 3.76\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %
windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -
{85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file
missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -
game05.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32
\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32
\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty
Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

    • Gość: Kolobos Re: Prosze o pomoc - log IP: *.escom.net.pl 07.02.07, 23:44
      > użycie procesora mam 100%.

      Wiec moze napisz jaki proces obciaza procesor.

      Przeskanuj system przy pomocy ewido.

      W hjt usun:
      R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-
      fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll <- katalog Multi_Media usun z dysku.
      O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} -
      C:\Program Files\Multi_Media\tbMult.dll
      O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} -
      C:\Program Files\Multi_Media\tbMult.dll
      • Gość: ;-( Re: Prosze o pomoc - log IP: *.neoplus.adsl.tpnet.pl 07.02.07, 23:55
        explorer.exe 29960K
        svchost.exe 29324K
        Acrord32.exe 24212K
        • Gość: Kolobos Re: Prosze o pomoc - log IP: *.escom.net.pl 08.02.07, 01:13
          Nie pyalem o wykorzystanie ramu tylko procesora.
Pełna wersja