x-kom hosting

Obciążenie CPU 100% / csrss.exe

NighT ProwleR
utworzono
utworzono

witam, wiem iż ten temat był poruszany wielkokrotnie ale nie znalazłem żadnego rozwiązania które mi pomogło... W menadzerze urządzeń pokazuje mi wydajnosć CPU jest od 95% - 100% , a w procesach najbardziej obciąża csrss.exe... KijackThis pokazuje mi coś takiego :

LOG WYCIĘTO BO KRZAKI BYŁY :D // CatchMe

proszę o jakąś podpowiedź , z góry dziękuje :)

ps. skanowałem dysk nodem32 i bitdefenderem , znaleźli kilka zainfekowanych plików i je usuneli , ale to nie pomogło...

zauważyłem że po godzinie krzystania z komputera wszystko wraca do normy , a po restarcie znowu to samo... [/code]

GoBi
komentarz
komentarz

Wklej dobrze logi :) i oprócz hijackthis'a daj log z combofix'a

NighT ProwleR
komentarz
komentarz

sorki , źle sie skopiowało :P

HijackThis :

Logfile of HijackThis v1.99.1Scan saved at 18:27:34, on 07-08-17Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:Program FilesInternet Exploreriexplore.exeC:WINDOWSExplorer.EXEC:WINDOWSsystem32spoolsv.exeC:PROGRA~1SoftwinBITDEF~1bdmcon.exeC:Program FilesSoftwinBitDefender9bdnagent.exeC:Program FilesSoftwinBitDefender9bdswitch.exeC:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exeC:Program FilesBonjourmDNSResponder.exeE:Program Files3D Max Studiomentalraysatelliteraysat_3dsmax8server.exec:usrMYSQLbinmysqld.exeC:Program FilesEsetnod32krn.exeC:Program FilesCommon FilesSoftwinBitDefender Communicatorxcommsvr.exeC:Program FilesCommon FilesSoftwinBitDefender Scan Serverbdss.exeC:Program FilesCommon FilesSoftwinBitDefender Update Servicelivesrv.exeC:Program FilesSoftwinBitDefender9vsserv.exeC:Program FilesInternet ExplorerIEXPLORE.EXEC:WINDOWSSystem32svchost.exeC:totalcmdTOTALCMD.EXEc:Program FilesHijackThisHijackThis.exeR0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaF2 - REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,ntsvc32.dll,O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0AcrobatActiveXAcroIEHelper.dllO2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:WINDOWSWebAssist.dll (file missing)O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesAdobeAcrobat 6.0AcrobatAcroIEFavClient.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 6.0AcrobatAcroIEFavClient.dllO4 - HKLM..Run: [bDMCon] C:PROGRA~1SoftwinBITDEF~1bdmcon.exeO4 - HKLM..Run: [bDNewsAgent] "C:PROGRA~1SoftwinBITDEF~1bdnagent.exe"O4 - HKLM..Run: [bDSwitchAgent] "C:PROGRA~1SoftwinBITDEF~1bdswitch.exe"O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO10 - Unknown file in Winsock LSP: c:program filesbonjourmdnsnsp.dllO20 - Winlogon Notify: botreg - C:Documents and SettingsAll UsersDokumentySettingsbot.dllO20 - Winlogon Notify: partnershipreg - C:Documents and SettingsAll UsersDokumentySettingspartnership.dllO23 - Service: Autodesk Licensing Service - Autodesk - C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exeO23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:Program FilesCommon FilesSoftwinBitDefender Scan Serverbdss.exe" /service (file missing)O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exeO23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:Program FilesCommon FilesSoftwinBitDefender Update Servicelivesrv.exe" /service (file missing)O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - E:Program Files3D Max Studiomentalraysatelliteraysat_3dsmax8server.exeO23 - Service: MySql - Unknown owner - c:usr/MYSQL/bin/mysqld.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:Program FilesEsetnod32krn.exeO23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:Program FilesSoftwinBitDefender9vsserv.exe" /service (file missing)O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:Program FilesCommon FilesSoftwinBitDefender Communicatorxcommsvr.exe" /service (file missing)

ComboFix:

ComboFix 07-08-14.4 - "root2" 2007-08-17 23:25:54.1 - NTFSx86 Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.35 [GMT 2:00] * Created a new restore point	/wow section - STAGE 8 	/wow section - STAGE 31 (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))C:DOCUME~1AdminDANEAP~1install.datC:DOCUME~1root2DANEAP~1install.datC:WINDOWSb122.exeC:WINDOWSsystem32dllh8jkd1q8.exeC:WINDOWSsystem32paoOFVhn.exeC:WINDOWSTasks.At1.jobC:WINDOWSTasks.At10.jobC:WINDOWSTasks.At11.jobC:WINDOWSTasks.At12.jobC:WINDOWSTasks.At13.jobC:WINDOWSTasks.At14.jobC:WINDOWSTasks.At15.jobC:WINDOWSTasks.At16.jobC:WINDOWSTasks.At17.jobC:WINDOWSTasks.At18.jobC:WINDOWSTasks.At19.jobC:WINDOWSTasks.At2.jobC:WINDOWSTasks.At20.jobC:WINDOWSTasks.At21.job(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))-------LEGACY_ASC3550U-------LEGACY_QIT43-------LEGACY_SYMAVC32(((((((((((((((((((((((((   Files Created from 2007-07-17 to 2007-08-17  )))))))))))))))))))))))))))))))2007-08-17 23:21	51,200	--a------	C:WINDOWSnircmd.exe2007-08-17 21:49	<DIR>	d--------	C:DOCUME~1root2DANEAP~1Wings3D2007-08-17 21:49	<DIR>	d--------	C:DOCUME~1root2DANEAP~1uTorrent2007-08-17 21:49	<DIR>	d--------	C:DOCUME~1root2DANEAP~1Ulead Systems2007-08-17 21:48	<DIR>	d--------	C:DOCUME~1root2DANEAP~1Talkback2007-08-17 21:46	<DIR>	d--------	C:DOCUME~1root2DANEAP~1Hamachi2007-08-17 21:46	<DIR>	d--------	C:DOCUME~1root2DANEAP~1GHISLER2007-08-17 21:45	<DIR>	d--------	C:DOCUME~1root2DANEAP~1Corel2007-08-17 21:45	<DIR>	d--------	C:DOCUME~1root2DANEAP~1AdobeUM2007-08-17 18:46	<DIR>	d--------	C:DOCUME~1root2DANEAP~1Tlen.pl2007-08-17 18:45	<DIR>	dr-h-----	C:DOCUME~1root2DANEAP~1Dane aplikacji2007-08-17 17:25	<DIR>		C:Program Files12007-08-17 17:21	786,432	--ah-----	C:DOCUME~1root2NTUSER.DAT2007-08-17 17:21	<DIR>	dr-h-----	C:DOCUME~1root2Dane aplikacji2007-08-17 17:21	<DIR>	dr-------	C:DOCUME~1root2Ulubione2007-08-17 17:21	<DIR>	dr-------	C:DOCUME~1root2Moje dokumenty2007-08-17 17:21	<DIR>	dr-------	C:DOCUME~1root2Menu Start2007-08-17 17:21	<DIR>	d--h-----	C:DOCUME~1root2Ustawienia lokalne2007-08-17 17:21	<DIR>	d--h-----	C:DOCUME~1root2Szablony2007-08-17 17:21	<DIR>	d--------	C:DOCUME~1root2Pulpit2007-08-17 17:18	<DIR>	d---s----	C:DOCUME~1root2UserData2007-08-17 17:18	<DIR>	d--------	C:DOCUME~1root2WINDOWS2007-08-17 17:17	37,440	--a------	C:DOCUME~1root2DANEAP~1GDIPFONTCACHEV1.DAT2007-08-17 17:17	<DIR>	d---s----	C:DOCUME~1root2Historia2007-08-17 17:16	<DIR>		C:ROOT2007-08-14 23:15	512,096	--a------	C:WINDOWSsystem32driversamon.sys2007-08-14 23:15	298,104	--a------	C:WINDOWSsystem32imon.dll2007-08-14 23:15	15,424	--a------	C:WINDOWSsystem32driversnod32drv.sys2007-08-14 21:48	<DIR>	d--------	C:DOCUME~1ALLUSE~1DANEAP~1Google2007-08-14 16:13	664	--a------	C:WINDOWSsystem32d3d9caps.dat2007-08-14 13:44	<DIR>	d--h-----	C:WINDOWSPIF2007-08-14 00:34	<DIR>	d--------	C:Program FilesKoolMoves Demo2007-08-13 22:35	81,984	--a------	C:WINDOWSsystem32bdod.bin2007-08-13 22:10	28	--a------	C:WINDOWSsystem32getfile.dat2007-08-13 22:07	<DIR>	d--------	C:DOCUME~1AdminDANEAP~1Ulead Systems2007-08-13 22:04	806,912	--a------	C:WINDOWSsystem32xinstall.dll2007-08-13 22:04	6,143	--a------	C:WINDOWSsystem32driversxinstall.sys2007-08-13 22:04	<DIR>	d--------	C:DOCUME~1ALLUSE~1DANEAP~1Ulead Systems2007-08-13 22:03	1,056,768	---------	C:WINDOWSsystem32ROBOEX32.DLL2007-08-13 21:59	<DIR>	d--------	C:Program FilesCool 3D2007-08-13 16:50	<DIR>	d--------	C:DOCUME~1AdminDANEAP~1AdobeUM2007-08-13 16:49	<DIR>	d--------	C:DOCUME~1AdminDANEAP~1GHISLER2007-08-13 16:44	<DIR>	d--------	C:DOCUME~1AdminDANEAP~1Talkback2007-08-13 16:43	<DIR>	d--------	C:DOCUME~1AdminDANEAP~1Wings3D2007-08-13 16:43	<DIR>	d--------	C:DOCUME~1AdminDANEAP~1uTorrent2007-08-13 16:43	<DIR>	d--------	C:DOCUME~1AdminDANEAP~1Tlen.pl2007-08-13 16:43	<DIR>	d--------	C:DOCUME~1AdminDANEAP~1Hamachi2007-08-13 16:43	<DIR>	d--------	C:DOCUME~1AdminDANEAP~1Corel2007-08-13 16:39	<DIR>	d--------	C:Program FilesRepair Registry Pro2007-08-13 16:35	1,572,864	--ah-----	C:DOCUME~1AdminNTUSER.DAT2007-08-13 16:35	<DIR>	dr-h-----	C:DOCUME~1AdminDane aplikacji2007-08-13 16:35	<DIR>	dr-------	C:DOCUME~1AdminUlubione2007-08-13 16:35	<DIR>	dr-------	C:DOCUME~1AdminMoje dokumenty2007-08-13 16:35	<DIR>	dr-------	C:DOCUME~1AdminMenu Start2007-08-13 16:35	<DIR>	d--h-----	C:DOCUME~1AdminUstawienia lokalne2007-08-13 16:35	<DIR>	d--h-----	C:DOCUME~1AdminSzablony2007-08-13 16:35	<DIR>	d--------	C:DOCUME~1AdminPulpit2007-08-13 16:21	<DIR>	d--------	C:WINDOWSCSC2007-08-13 16:18	72,429	--a------	C:WINDOWSyjugrrtew.exe2007-08-13 16:17	73,560	--a------	C:WINDOWSgyrdergr.exe2007-08-13 16:03	173,056	--a------	C:WINDOWSsystem32driversQit43.sys2007-08-13 15:58	173,056	--a------	C:WINDOWSsystem32driversLwpo72.sys2007-08-13 15:58	17,408	--a------	C:WINDOWSsystem32ntsvc32.dll2007-08-13 15:53	<DIR>	d--------	C:Program FilesInetGet22007-08-13 15:50	173,056	--a------	C:WINDOWSsystem32driverssymavc32.sys2007-08-13 15:50	173,056	--a------	C:WINDOWSsystem32driversMpwv78.sys2007-08-12 14:13	0	--a------	C:WINDOWSnsreg.dat2007-08-12 00:23	<DIR>	d--------	C:WINDOWSsystem32LogFiles2007-08-12 00:18	552	--a------	C:WINDOWSsystem32d3d8caps.dat2007-08-08 22:17	<DIR>	d--------	C:Program FilesWinamp2007-08-07 17:02	<DIR>	d--------	C:WINDOWSsystem32SoftwareDistribution2007-08-06 16:11	<DIR>	d--------	C:Program FilesBig GUI2007-08-06 15:27	<DIR>	d--h-----	C:Program FilesInstallShield Installation Information2007-08-06 15:25	<DIR>	d--------	C:Program FilesCommon FilesCorel2007-08-06 15:20	<DIR>	d--------	C:Program FilesCommon FilesInstallShield2007-08-06 12:04	<DIR>	d--------	C:Tlen_pliki2007-08-04 22:53	<DIR>	d--------	C:DOCUME~1AdminWINDOWS2007-08-04 18:31	1,446,912	--a------	C:pqremove.com2007-08-03 22:27	448,512	--a------	C:Stoper.exe2007-08-03 22:24	325,200	--a------	C:Sysinfo.exe2007-08-03 22:23	508,416	--a------	C:CpuSpeed.exe2007-08-03 22:22	638,464	--a------	C:TLed.exe2007-08-01 16:47	<DIR>	d--------	C:Program FilesQuickTime2007-08-01 15:47	<DIR>	d--------	C:Program FilesMetapad2007-08-01 15:34	<DIR>	d--------	C:usr2007-07-31 23:04	999,064	--a------	C:HamachiSetup-1.0.2.1-pl.exe2007-07-31 23:04	26,056	--a------	C:WINDOWSsystem32drivershamachi.sys2007-07-31 23:04	<DIR>	d--------	C:Program FilesHamachi2007-07-31 23:00	<DIR>	d---s----	C:DOCUME~1AdminUserData2007-07-31 18:08	<DIR>	d--------	C:Max2007-07-31 13:44	<DIR>	d--------	C:Program FilesTlen.pl2007-07-31 13:37	<DIR>	d--------	C:DOCUME~1ALLUSE~1DANEAP~1FLEXnet2007-07-31 13:27	<DIR>	d--------	C:Program FilesBonjour2007-07-31 13:11	<DIR>	d--------	C:Program FilesCommon FilesMacrovision Shared2007-07-30 20:06	5,248	--a------	C:WINDOWSsystem32driversd347prt.sys2007-07-30 20:06	155,136	--a------	C:WINDOWSsystem32driversd347bus.sys2007-07-30 20:06	<DIR>	d--------	C:Program FilesD-Tools2007-07-30 20:05	<DIR>	d--------	C:WINDOWSDownloaded Installations2007-07-30 19:16	327,168	--a------	C:WINDOWSIsUn0415.exe2007-07-30 18:42	276	--a------	C:WINDOWSPowerReg.dat((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))2007-08-17 19:50	73728	--a------	C:WINDOWSsystem32sockspy.dll2007-08-17 18:46	77824	--a------	C:WINDOWSsystem32xcomm.dll2007-08-17 17:25	---------	d--------	C:Program Files 12007-08-14 16:28	648	--a------	C:Program FilesINSTALL.LOG2007-07-30 14:30	2426	--a------	C:WINDOWSpchealthhelpctrPackageStoreSkuStore.bin2007-07-30 02:20	8972	--a------	C:WINDOWSpchealthhelpctrConfigCntstore.bin	---------		C:Program FilesUsługi online2004-08-03 23:44:20	50,690	--sh--r	C:WINDOWSsystem32atlwddrw.exe2004-08-03 23:44:20	50,690	--sh--r	C:WINDOWSsystem32comrxbvk.exe2004-08-03 23:44:20	90,652	--sh--r	C:WINDOWSsystem32dllbdujb.exe(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))*Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~Browser Helper Objects{85589B5D-D53D-4237-A677-46B82EA275F3}]			C:WINDOWSWebAssist.dll[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]"BDMCon"="C:PROGRA~1SoftwinBITDEF~1bdmcon.exe" [2007-08-17 18:46]"BDNewsAgent"="C:PROGRA~1SoftwinBITDEF~1bdnagent.exe" [2005-06-09 10:28]"BDSwitchAgent"="C:PROGRA~1SoftwinBITDEF~1bdswitch.exe" [2005-04-06 13:09][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]"Komunikator"="C:Program FilesTlen.pltlen.exe" [2007-02-12 12:01][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifybotreg] C:Documents and SettingsAll UsersDokumentySettingsbot.dll 2007-08-17 11:06 14370 C:Documents and SettingsAll UsersDokumentySettingsbot.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifypartnershipreg] C:Documents and SettingsAll UsersDokumentySettingspartnership.dll 2007-08-13 15:57 14249 C:Documents and SettingsAll UsersDokumentySettingspartnership.dll[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]"appinit_dlls"=sockspy.dllR2 xinstall;xinstall;??C:WINDOWSsystem32driversxinstall.sysR3 NtApm;Sterownik interfejsu NT Apm/Legacy;C:WINDOWSsystem32DRIVERSNtApm.sysS2 FILESpy;FILESpy;??C:Program FilesSoftwinBitDefender9filespy.sysS2 REGSpy;REGSpy;??C:Program FilesSoftwinBitDefender9regspy.sysContents of the 'Scheduled Tasks' folder2007-08-17 19:00:00 C:WINDOWSTasksAt22.job - C:WINDOWSsystem32paoOFVhn.exe2007-08-17 20:02:18 C:WINDOWSTasksAt23.job - C:WINDOWSsystem32paoOFVhn.exe2007-08-16 21:02:01 C:WINDOWSTasksAt24.job - C:WINDOWSsystem32paoOFVhn.exe2007-08-06 14:27:01 C:WINDOWSTasksAt3.job - C:WINDOWSsystem32paoOFVhn.exe2007-08-06 14:27:01 C:WINDOWSTasksAt4.job 2007-08-06 14:27:01 C:WINDOWSTasksAt5.job - C:WINDOWSsystem32paoOFVhn.exe2007-08-06 14:27:01 C:WINDOWSTasksAt6.job - C:WINDOWSsystem32paoOFVhn.exe2007-08-06 14:27:01 C:WINDOWSTasksAt7.job - C:WINDOWSsystem32paoOFVhn.exe2007-08-06 14:27:01 C:WINDOWSTasksAt8.job - C:WINDOWSsystem32paoOFVhn.exe2007-08-11 06:01:43 C:WINDOWSTasksAt9.job - C:WINDOWSsystem32paoOFVhn.exe**************************************************************************catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2007-08-17 23:40:21Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ...scanning hidden autostart entries ...scanning hidden files ...scan completed successfullyhidden files: 0**************************************************************************Completion time: 2007-08-17 23:50:33 - machine was rebootedC:ComboFix-quarantined-files.txt ... 2007-08-17 23:50	--- E O F ---
CatchMe
komentarz
komentarz

Zróbmy to dokładnie bo widzę, że dużo może syfu zostać. Więc:

Przykład syfu:

O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:WINDOWSWebAssist.dll (file missing)

O20 - Winlogon Notify: botreg - C:Documents and SettingsAll UsersDokumentySettingsbot.dll

O20 - Winlogon Notify: partnershipreg - C:Documents and SettingsAll UsersDokumentySettingspartnership.dll

2007-08-13 16:18 72,429 --a------ C:WINDOWSyjugrrtew.exe

2007-08-13 16:17 73,560 --a------ C:WINDOWSgyrdergr.exe

Zablokuj porty programami WWDC i Seconfig XP

Użyj: SDFix.

Przeskanuj system dużą ilością skanerów on-line: http://stopwirusom.pl/index.php?option=com...3&Itemid=11

Po zabiegach wklejasz logi z ComboFix i HijackThis.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.