Free Malware Removal Forum

[ami_hunter2710]

explorer.exe always take over 50% cpu, if I open task manager, it takes very high cpu, too. Please help me! Here is the hijackthis log file


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:52:05 PM, on 4/7/2010
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\serverappliance\appmgr.exe
C:\WINDOWS\system32\serverappliance\elementmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\IBMIASRW.EXE
C:\iFtpSvc\iFtpSvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\iNtfySvc\intfysvc.exe
E:\MDaemon\APP\MDAEMON.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\WINDOWS\system32\serverappliance\srvcsurg.exe
C:\WINDOWS\System32\svchost.exe
E:\MDaemon\WebAdmin\WebAdmin.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE
C:\tomcat6\bin\tomcat6.exe
c:\windows\microsoft.net\framework\v2.0.50727\aspnet_wp.exe
E:\MDaemon\APP\CFEngine.exe
E:\MDaemon\WorldClient\WorldClient.exe
E:\MDaemon\SpamAssassin\MDSpamD.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\tomcat6\bin\tomcat6w.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\Nagent\klnagent.exe
C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\klserver.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://thitructuyen.com/Default.aspx
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 222.255.31.225 tourism-tv.org
O1 - Hosts: 222.255.31.225 tvonline.aivietnam.net
O1 - Hosts: 222.255.31.225 vietnhat.aivietnam.net
O1 - Hosts: 222.255.31.225 vijagroup.com.vn
O1 - Hosts: 222.255.31.225 www.vijagroup.com.vn
O1 - Hosts: 222.255.31.225 asiaherano.com.vn
O1 - Hosts: 222.255.31.225 thitructuyen.com
O1 - Hosts: 222.255.31.225 www.thitructuyen.com
O1 - Hosts: 222.255.31.225 hoctructuyen.aivietnam.net
O1 - Hosts: 222.255.31.225 mail.aivietnam.net
O1 - Hosts: 222.255.31.225 test.aivietnam.net
O1 - Hosts: 222.255.31.225 vieclam.aivietnam.net
O1 - Hosts: 222.255.31.225 forum.aivietnam.net
O1 - Hosts: 222.255.31.225 school.aivietnam.net
O1 - Hosts: 222.255.31.225 eschool.aivietnam.net
O1 - Hosts: 222.255.31.225 sourcecode.aivietnam.net
O1 - Hosts: 222.255.31.225 technet.aivietnam.net
O1 - Hosts: 222.255.31.225 cuocdoituoidep.aivietnam.net
O1 - Hosts: 222.255.31.225 voiceofvietnam.aivietnam.net
O1 - Hosts: 222.255.31.225 media.aivietnam.net
O1 - Hosts: 222.255.31.225 game.aivietnam.net
O1 - Hosts: 222.255.31.225 vov.aivietnam.net
O1 - Hosts: 222.255.31.225 vovschool.aivietnam.net
O1 - Hosts: 222.255.31.225 invite.aivietnam.net
O1 - Hosts: 222.255.31.225 storage01.aivietnam.net
O1 - Hosts: 222.255.31.225 storage02.aivietnam.net
O1 - Hosts: 222.255.31.225 webtv.aivietnam.net
O1 - Hosts: 222.255.31.225 music.aivietnam.net
O1 - Hosts: 222.255.31.225 www.tv4it.net
O1 - Hosts: 222.255.31.225 ict-vietnam.org
O1 - Hosts: 222.255.31.225 www.ict-vietnam.org
O1 - Hosts: 222.255.31.225 danlyhotel.com
O1 - Hosts: 222.255.31.225 www.danlyhotel.com
O1 - Hosts: 222.255.31.225 tahabay.aivietnam.net
O1 - Hosts: 222.255.31.225 hotelhuonggiang.com
O1 - Hosts: 222.255.31.225 www.hotelhuonggiang.com
O1 - Hosts: 222.255.31.225 traffic.aivietnam.net
O1 - Hosts: 222.255.31.225 etc.aivietnam.net
O1 - Hosts: 222.255.31.225 travelvietnam-etc.com
O1 - Hosts: 222.255.31.225 daukhi.aivietnam.net
O1 - Hosts: 222.255.31.225 ximanghuunghi.com.vn
O1 - Hosts: 222.255.31.225 sdh.aivietnam.net
O1 - Hosts: 222.255.31.225 tvonline.aivietnam.net
O1 - Hosts: 222.255.31.225 ccp.aivietnam.net
O1 - Hosts: 222.255.31.225 ptth.aivietnam.net
O1 - Hosts: 222.255.31.225 testhethong.aivietnam.net
O1 - Hosts: 222.255.31.225 beta.molisa.aivietnam.net
O1 - Hosts: 222.255.31.225 simexkorea.com
O1 - Hosts: 222.255.31.225 www.simexkorea.com
O1 - Hosts: 222.255.31.225 ict.aivietnam.net
O1 - Hosts: 222.255.31.225 icten.aivietnam.net
O1 - Hosts: 222.255.31.225 ictvietnam.vn
O1 - Hosts: 222.255.31.225 mti.aivietnam.net
O1 - Hosts: 222.255.31.225 csd.aivietnam.net
O1 - Hosts: 222.255.31.225 elearning.csd.aivietnam.net
O1 - Hosts: 222.255.31.225 storage01.csd.aivietnam.net
O1 - Hosts: 222.255.31.225 csd.aivietnam.net
O1 - Hosts: 222.255.31.225 toyotavn.aivietnam.net
O1 - Hosts: 222.255.31.225 toyotavn.local
O1 - Hosts: 222.255.31.225 nguyenvanhuyen.aivietnam.net
O1 - Hosts: 222.255.31.225 acc.aivietnam.net
O1 - Hosts: 222.255.31.225 hdcdgsnn.gov.vn
O1 - Hosts: 222.255.31.225 tid-vn.com.vn
O1 - Hosts: 222.255.31.225 www.tid-vn.com.vn
O1 - Hosts: 222.255.31.225 brosishotels.com.vn
O1 - Hosts: 222.255.31.225 www.brosishotels.com.vn
O1 - Hosts: 222.255.31.225 thienthaihotel.com.vn
O1 - Hosts: 222.255.31.225 www.thienthaihotel.com.vn
O1 - Hosts: 222.255.31.225 thienthaihotel.com
O1 - Hosts: 222.255.31.225 www.thienthaihotel.com
O1 - Hosts: 222.255.31.225 coolhotel.vn
O1 - Hosts: 222.255.31.225 www.coolhotel.vn
O1 - Hosts: 222.255.31.225 oceanhotel.vn
O1 - Hosts: 222.255.31.225 www.oceanhotel.vn
O1 - Hosts: 222.255.31.225 aivietnam.truongcongnghe.vn
O1 - Hosts: 222.255.31.225 dolphin.truongcongnghe.vn
O1 - Hosts: 222.255.31.225 ipcn.truongcongnghe.vn
O1 - Hosts: 222.255.31.225 ipcn.mpi.gov.vn
O1 - Hosts: 222.255.31.225 truongchuyensupham.edu.vn
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ApacheTomcatMonitor] "C:\tomcat6\bin\tomcat6w.exe" //MS//Tomcat6
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1670232476-2090688829-2480138412-1004\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'ASPNET')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O15 - ESC Trusted Zone: http://*.aivietnam.net
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://*.thitructuyen.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted IP range: http://10.0.0.2
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5284383375
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EA37A81-DB31-4C79-B6A6-1BAE91ABB932}: NameServer = 203.162.0.181
O17 - HKLM\System\CS1\Services\Tcpip\..\{7EA37A81-DB31-4C79-B6A6-1BAE91ABB932}: NameServer = 203.162.0.181
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe
O23 - Service: Kaspersky Lab Administration Server (CSAdminServer) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\klserver.exe
O23 - Service: IBM Automatic Server Restart Service for IPMI (ibms6asr) - IBM Corporation - C:\WINDOWS\system32\IBMIASRW.EXE
O23 - Service: Ipswitch WS_FTP Service (iFtpSvc) - Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. - C:\iFtpSvc\iFtpSvc.exe
O23 - Service: Ipswitch Notification Server (inotifysvr) - Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. - C:\iNtfySvc\intfysvc.exe
O23 - Service: Kaspersky Lab Network Agent (KLNagent) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\Nagent\klnagent.exe
O23 - Service: MDaemon - Alt-N Technologies, Ltd. - E:\MDaemon\APP\MDAEMON.EXE
O23 - Service: Red5 - Unknown owner - E:\web\tvonline\BNN\Service\Red5_1\wrapper\wrapper.exe (file missing)
O23 - Service: Apache Tomcat 6 (Tomcat6) - Apache Software Foundation - C:\tomcat6\bin\tomcat6.exe
O23 - Service: WebAdmin - Alt-N Technologies, Ltd. - E:\MDaemon\WebAdmin\WebAdmin.exe

--
End of file - 9941 bytes

[Dakeyras]

As this issue involves either a company owned machine or a machine that is used for business purposes, it falls outside the scope of this forum. Therefore, this topic is now closed.

You can help support this site from this link :
Donations For Malware Removal