Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

vytizeni procesoru >50% (2 jadra) - siszyd32 ?

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
igo3go
Návštěvník
Návštěvník
Příspěvky: 2
Registrován: 04 led 2010 19:58

vytizeni procesoru >50% (2 jadra) - siszyd32 ?

#1 Příspěvek od igo3go »

Dobry den,

problem: vytizeni procesoru na 50% a vice i kdyz neni spustena zadna aplikace. Pri analyze process explorerem zjisteno ze zatizeni 50% je svchost procesem, zajistujici v tomto pripade beh wmiprvse. Take chvilemi tuhne klavesnice a mys z touchpadu. V safe modu vytizeni ok.

Zatim jsem resil: na stroji jsem jakymsi antimalware nasel siszyd32 - jako ochrana je naisntalovan Symantec - nic nenasel, nechal jsem tedy prohlednout ESET online scanerem, ktery siszyd32 nasel a odstranil. Po restartu ok. Nasledne spusten Kaspersky virus removal, ktery odstranil jeste jeden malware. MBAM pak nasel dalsi potencialni verbes. Prosel jsem zdejsi fora, a radeji zatim dale nic nemazal. Nize prikladam logy z MBAM a RSIT. Muzete mi prosim poradit s dalsim postupem? Predem moc diky.

Malwarebytes' Anti-Malware 1.43
Verze databáze: 3489
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

4.1.2010 9:03:57
mbam-log-2010-01-04 (09-03-54).txt

Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 276281
Uplynulý čas: 47 minute(s), 26 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\WINDOWS\system32\drivers\ewadgpdt.sys (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\cberoui\Application Data\avdrn.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\fvgqad.dat (Malware.Trace) -> No action taken.

/////////////////////////


Logfile of random's system information tool 1.06 (written by random/random)
Run by cberoui at 2010-01-04 21:12:52
Microsoft Windows XP Professional Service Pack 2
System drive C: has 18 GB (24%) free of 76 GB
Total RAM: 2047 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12:58, on 4.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRAM FILES\ALTIRIS\NSCLIENT\AeXNSAgent.exe
C:\Program Files\AccessManager\Client\AMBroker.exe
C:\WINDOWS\system32\ccsrvc.exe
C:\Program Files\Altiris\Carbon Copy\shellker.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\MI6841~1\MSSQL$~1\binn\sqlservr.exe
C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\PROGRA~1\ALTIRIS\CARBON~1\client.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\AccelerometerSt.Exe
C:\PROGRAM FILES\ALTIRIS\NSCLIENT\AeXAgentUIHost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\notes\NLNOTES.EXE
C:\Program Files\notes\ntaskldr.EXE
C:\Documents and Settings\cberoui\My Documents\Stažené soubory\ProcessExplorer\procexp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\cberoui\My Documents\Stažené soubory\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\cberoui.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.eu.jci.com:8080/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AeXAgentLogon] C:\PROGRAM FILES\ALTIRIS\NSCLIENT\AeXAgentActivate.exe /logon
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] "C:\WINDOWS\system32\AccelerometerSt.Exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [JCI_XP_SP3] "C:\JCITEMP-JCI_XP_SP3\JCI_XP_SP3.exe" push (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Startup: setup_9.0.0.722_03.01.2010_11-11.lnk = C:\Documents and Settings\cberoui\Desktop\Virus Removal Tool\setup_9.0.0.722_03.01.2010_11-11\startup.exe
O4 - Global Startup: BlackBerry Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://my-remote.eu.johnsoncontrols.co ... otes6W.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 2509870584
O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} (ERPageAddin Class) - http://eroom.johnsoncontrols.com/eRoomSetup/client.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2509844708
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
O16 - DPF: {CAA057EE-809B-48E4-BE9C-367C32486C0D} (Crystal Print Control 10.0) - http://c-700s664.cg.eu.jci.com/crystalr ... ontrol.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://jci.webex.com/client/T26L/training/ieatgpc.cab
O16 - DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128} (CryptSignX Control) - http://adisepo.mfcr.cz/adistc/adis/idpr ... tsignx.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cg.eu.jci.com
O17 - HKLM\Software\..\Telephony: DomainName = cg.eu.jci.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cg.eu.jci.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cg.eu.jci.com
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\PROGRAM FILES\ALTIRIS\NSCLIENT\AeXNSAgent.exe
O23 - Service: Access Manager Configuration Service (AMBroker) - Unknown owner - C:\Program Files\AccessManager\Client\AMBroker.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINDOWS\system32\ccsrvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Visual Insight DA Plugin (DAPlugin) - WorldCom - C:\Program Files\AccessManager\Client\DAPlugin.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\AccessManager\SMOC\spi_da.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 13502 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-12-15 1218000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-12-15 1218000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-05-07 159744]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-01-12 827392]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
"PTHOSTTR"=C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2007-01-09 145184]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]
"AeXAgentLogon"=C:\PROGRAM FILES\ALTIRIS\NSCLIENT\AeXAgentActivate.exe [2008-05-12 143360]
"AccelerometerSysTrayApplet"=C:\WINDOWS\system32\AccelerometerSt.Exe [2006-01-16 53248]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"NSLauncher"=C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe [2007-09-07 3100672]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2009-02-23 115560]
"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 1406024]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-10-10 203264]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-10-03 39792]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-12-30 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-01-04 3037696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BlackBerry Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Program Neighborhood Agent.lnk - C:\Program Files\Citrix\ICA Client\pnagent.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Documents and Settings\cberoui\Start Menu\Programs\Startup
setup_9.0.0.722_03.01.2010_11-11.lnk - C:\Documents and Settings\cberoui\Desktop\Virus Removal Tool\setup_9.0.0.722_03.01.2010_11-11\startup.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-07-03 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"=C:\WINDOWS\system32\ieframe.dll [2009-10-29 6067200]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HideClock"=
"HonorAutoRunSetting"=
"NoDriveTypeAutoRun"=
"NoWelcomeScreen"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f4975a6-cca2-11de-8cdc-001de0bdbc6b}]
shell\AutoRun\command - E:\TrueCrypt\TrueCrypt.exe
shell\dismount\command - E:\TrueCrypt\TrueCrypt.exe /q /d
shell\start\command - E:\TrueCrypt\TrueCrypt.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bdf2422-1f8a-11dd-8c33-001de0bdbc6b}]
shell\AutoRun\command - E:\Autorun.exe /run
shell\Shell00\command - E:\Autorun.exe /run
shell\Shell01\command - E:\Autorun.exe /action
shell\Shell02\command - E:\Autorun.exe /uninstall


======List of files/folders created in the last 1 months======

2010-01-04 21:12:52 ----D---- C:\rsit
2010-01-04 00:08:42 ----D---- C:\Program Files\Crawler
2010-01-04 00:08:40 ----D---- C:\Documents and Settings\cberoui\Application Data\Spyware Terminator
2010-01-04 00:08:36 ----D---- C:\Program Files\Spyware Terminator
2010-01-04 00:08:36 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2010-01-03 23:59:04 ----D---- C:\Documents and Settings\cberoui\Application Data\Malwarebytes
2010-01-03 23:58:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-03 23:58:59 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-03 23:41:06 ----D---- C:\Program Files\CCleaner
2010-01-03 21:41:37 ----D---- C:\Program Files\Trend Micro
2010-01-03 20:36:49 ----D---- C:\Program Files\Windows Installer Clean Up
2010-01-03 20:36:39 ----D---- C:\Program Files\MSECACHE
2010-01-03 18:07:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-01-03 18:07:29 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-03 18:07:18 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-01-03 18:07:11 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-01-03 18:07:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-01-03 18:06:51 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-01-03 18:06:43 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-01-03 18:06:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-01-03 17:20:49 ----D---- C:\WINDOWS\system32\CatRoot_bak
2010-01-03 15:06:36 ----D---- C:\Documents and Settings\cberoui\Application Data\Help
2010-01-03 13:38:40 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-03 11:44:30 ----A---- C:\WINDOWS\wininit.ini
2010-01-03 11:35:05 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2010-01-03 11:35:00 ----D---- C:\Program Files\Security Task Manager
2010-01-03 10:12:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-12-14 17:45:18 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-12-13 22:58:09 ----D---- C:\WINDOWS\system32\NtmsData
2009-12-12 19:38:50 ----D---- C:\Program Files\ESET

======List of files/folders modified in the last 1 months======

2010-01-04 20:45:19 ----SHD---- C:\WINDOWS\system32\drivers
2010-01-04 17:52:19 ----SHD---- C:\WINDOWS\Temp
2010-01-04 15:52:55 ----ASD---- C:\WINDOWS\Prefetch
2010-01-04 15:31:10 ----D---- C:\WINDOWS\security
2010-01-04 08:12:47 ----SHD---- C:\WINDOWS\system32
2010-01-04 00:08:42 ----RD---- C:\Program Files
2010-01-03 23:53:03 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-03 23:44:10 ----D---- C:\WINDOWS\Debug
2010-01-03 23:44:10 ----D---- C:\WINDOWS
2010-01-03 23:44:09 ----D---- C:\WINDOWS\Minidump
2010-01-03 23:35:24 ----SHD---- C:\System Volume Information
2010-01-03 23:35:24 ----D---- C:\WINDOWS\system32\Restore
2010-01-03 22:56:45 ----D---- C:\JCITemp
2010-01-03 22:40:29 ----HD---- C:\WINDOWS\inf
2010-01-03 22:01:51 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-01-03 20:36:49 ----SHD---- C:\WINDOWS\Installer
2010-01-03 20:26:36 ----D---- C:\Program Files\SimpleCenter
2010-01-03 20:24:52 ----D---- C:\Program Files\Net Profiles
2010-01-03 18:56:14 ----SD---- C:\WINDOWS\Tasks
2010-01-03 18:55:10 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-01-03 18:54:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-03 18:34:55 ----D---- C:\WINDOWS\AppPatch
2010-01-03 18:34:55 ----D---- C:\Program Files\Internet Explorer
2010-01-03 18:07:59 ----D---- C:\WINDOWS\system32\en-us
2010-01-03 18:07:35 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-03 18:06:41 ----D---- C:\WINDOWS\WinSxS
2010-01-03 17:30:44 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-03 11:55:29 ----A---- C:\WINDOWS\wincmd.ini
2010-01-03 10:13:09 ----D---- C:\WINDOWS\SoftwareDistribution
2010-01-03 10:12:46 ----D---- C:\WINDOWS\Help
2010-01-03 10:11:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-30 15:54:03 ----A---- C:\WINDOWS\SARATOGA.INI
2009-12-30 15:53:52 ----D---- C:\Sps
2009-12-23 11:32:58 ----A---- C:\WINDOWS\LEXICON.INI
2009-12-22 13:32:39 ----D---- C:\Program Files\notes
2009-12-14 17:45:33 ----D---- C:\WINDOWS\ie7updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 61234151;61234151; C:\WINDOWS\system32\DRIVERS\61234151.sys [2009-09-25 128016]
R1 CCDevice;CCDevice; C:\WINDOWS\system32\drivers\CCDevice.sys [2007-05-29 9216]
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver; C:\WINDOWS\system32\DRIVERS\dwvkbd.sys [2007-02-15 26624]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 setup_9.0.0.722_03.01.2010_11-11drv;setup_9.0.0.722_03.01.2010_11-11drv; C:\WINDOWS\system32\DRIVERS\6123415.sys [2009-10-09 315408]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2009-02-23 280112]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2009-02-23 43824]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 CVPNDRVA;Cisco Systems IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-05-07 12672]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R3 Accelerometer;Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2006-01-10 22016]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-09 288768]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-07-04 3230720]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2007-08-28 146560]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2008-04-03 539512]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-04-03 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-04-03 879624]
R3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2008-04-03 55352]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-04-03 74688]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2002-08-26 138916]
R3 DwMirror;DwMirror; C:\WINDOWS\system32\DRIVERS\DamewareMini.sys [2007-02-07 2944]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-03-09 250776]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-04-23 16768]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-05-07 988032]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-05-07 210816]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-23 36608]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091231.114\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091231.114\NAVEX15.SYS []
R3 NETw4x32;Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-05-04 2206976]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 rismc32;RICOH Smart Card Reader; C:\WINDOWS\system32\DRIVERS\rismc32.sys [2006-12-20 47616]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-01-12 201856]
R3 ULCDRHlp;ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-05-07 731136]
R4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []
S3 Axtmvflt;Axesstel USB Filter Service; C:\WINDOWS\system32\DRIVERS\Axtmvflt.sys [2007-09-20 3456]
S3 Axtmvmdm;Axesstel USB Modem; C:\WINDOWS\system32\DRIVERS\Axtmvmdm.sys [2007-09-20 40064]
S3 Axtmvprt;Axesstel Diagnostic Port; C:\WINDOWS\System32\Drivers\Axtmvprt.sys [2007-09-20 38784]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-04-03 156392]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2003-05-01 5220]
S3 esihdrv;esihdrv; \??\C:\DOCUME~1\cberoui\LOCALS~1\Temp\esihdrv.sys []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
S3 HP24X;HP PC Card Smart Card Reader; C:\WINDOWS\system32\DRIVERS\HP24X.sys [2007-07-17 35072]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-11-29 28432]
S3 mod7700;WinFast based TV tuner device; C:\WINDOWS\system32\DRIVERS\mod7700.sys [2007-10-03 553344]
S3 MODRC;WinFast TV Dongle With Infrared Receiver; C:\WINDOWS\system32\DRIVERS\modrc.sys [2007-07-11 13824]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2004-08-03 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2009-02-23 319792]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-09-28 109056]
R2 AeXNSClient;Altiris Agent; C:\PROGRAM FILES\ALTIRIS\NSCLIENT\AeXNSAgent.exe [2008-05-12 1523712]
R2 AMBroker;Access Manager Configuration Service; C:\Program Files\AccessManager\Client\AMBroker.exe [2004-03-04 81920]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-07-03 561152]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-03-31 264800]
R2 CarbonCopy32;Altiris Carbon Copy; C:\WINDOWS\system32\ccsrvc.exe [2007-05-29 49152]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-02-23 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-02-23 108392]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2003-07-18 1422528]
R2 DWMRCS;DameWare Mini Remote Control; C:\WINDOWS\SYSTEM32\DWRCS.EXE [2007-09-11 224256]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$SMISRDB;MSSQL$SMISRDB; C:\PROGRA~1\MI6841~1\MSSQL$~1\binn\sqlservr.exe [2005-05-03 9150464]
R2 SmcService;Symantec Management Client; C:\Program Files\Symantec AntiVirus\Smc.exe [2009-02-23 1799496]
R2 SP Software Installer;SP Software Installer; C:\Program Files\AccessManager\PMAC\sp_SWIns.exe [2004-04-22 118784]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-01-04 488960]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2009-02-23 2440120]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 DAPlugin;Visual Insight DA Plugin; C:\Program Files\AccessManager\Client\DAPlugin.exe [2004-03-04 81920]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2008-12-10 3093880]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S3 SNAC;Symantec Network Access Control; C:\Program Files\Symantec AntiVirus\SNAC.EXE [2009-02-23 320840]
S3 sp_spi_da;Visual Insight Dial Analysis; C:\Program Files\AccessManager\SMOC\spi_da.exe [2003-04-17 81920]
S3 SQLAgent$SMISRDB;SQLAgent$SMISRDB; C:\Program Files\Microsoft SQL Server\MSSQL$SMISRDB\binn\sqlagent.exe [2005-05-03 323584]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 73728]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13400
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: vytizeni procesoru >50% (2 jadra) - siszyd32 ?

#2 Příspěvek od Roli »

Zdravím, to co Mbam našel nech smazat.

Tohle fixni v HJT :

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [JCI_XP_SP3] "C:\JCITEMP-JCI_XP_SP3\JCI_XP_SP3.exe" push (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Startup: setup_9.0.0.722_03.01.2010_11-11.lnk = C:\Documents and Settings\cberoui\Desktop\Virus Removal Tool\setup_9.0.0.722_03.01.2010_11-11\startup.exe

HJT najdeš zde :

C:\Program Files\Trend Micro\HijackThis\cberoui

Fix znamená že spustíš HJT Obrázek

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

položka Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

položka Registry - tady vyčistíš registry; před použitím doporučuji udělat jejich zálohu, kterou Ccleaner nabízí,

čištění registru je třeba několikrát zopakovat !


Stáhni a ulož na plochu ComboFix,

spusť aplikaci pod účtem s administrátorským oprávněním a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah vlož sem.
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:
Nahoru
igo3go
Návštěvník
Návštěvník
Příspěvky: 2
Registrován: 04 led 2010 19:58

Re: vytizeni procesoru >50% (2 jadra) - siszyd32 ?

#3 Příspěvek od igo3go »

Ahoj,

diky za rychlou reakci http://www.viry.cz/forum/posting.php?mo ... 241a9f6d67#, provedl jsem dle pokynu, pouze av symantec rezident zustal spusten - nesel vypnout ani pod admin prihlasenim. Zde log z CF:

ComboFix 10-01-04.01 - cberoui 05.01.2010 10:36:42.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.420.1033.18.2047.1407 [GMT 1:00]
Spuštěný z: c:\documents and settings\cberoui\My Documents\Stažené soubory\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\data
c:\data\Databaz.mdb
c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
c:\documents and settings\cberoui\Application Data\avdrn.dat
c:\recycler\S-1-5-21-696948501-917954946-3306144595-500
c:\windows\system32\drivers\ewadgpdt.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ewadgpdt
-------\Service_ewadgpdt


((((((((((((((((((((((((( Soubory vytvořené od 2009-12-05 do 2010-01-05 )))))))))))))))))))))))))))))))
.

2010-01-04 20:12 . 2010-01-04 20:13 -------- d-----w- C:\rsit
2010-01-03 23:08 . 2010-01-03 23:08 -------- d-----w- c:\program files\Crawler
2010-01-03 23:08 . 2010-01-03 23:18 -------- d-----w- c:\documents and settings\cberoui\Application Data\Spyware Terminator
2010-01-03 23:08 . 2010-01-03 23:08 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2010-01-03 23:08 . 2010-01-03 23:08 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2010-01-03 23:08 . 2010-01-03 23:08 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-01-03 23:08 . 2010-01-04 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-01-03 23:08 . 2010-01-03 23:18 -------- d-----w- c:\program files\Spyware Terminator
2010-01-03 22:59 . 2010-01-03 22:59 -------- d-----w- c:\documents and settings\cberoui\Application Data\Malwarebytes
2010-01-03 22:59 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-03 22:58 . 2010-01-03 22:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-03 22:58 . 2010-01-03 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-03 22:58 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 22:41 . 2010-01-03 22:41 -------- d-----w- c:\program files\CCleaner
2010-01-03 21:40 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\61234152.sys
2010-01-03 21:40 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\6123415.sys
2010-01-03 21:40 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\61234151.sys
2010-01-03 20:41 . 2010-01-03 20:41 -------- d-----w- c:\program files\Trend Micro
2010-01-03 19:36 . 2010-01-03 19:36 3584 ----a-r- c:\documents and settings\cberoui\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-01-03 19:36 . 2010-01-03 19:36 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-01-03 19:36 . 2010-01-03 19:36 -------- d-----w- c:\program files\MSECACHE
2010-01-03 19:16 . 2010-01-03 19:16 152 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6E8A266FCD4F2A1409E1C8110F44DBCE.dll
2010-01-03 19:16 . 2010-01-03 19:16 41 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0CB8AE65157339B4CBD96615CC635EAA.dll
2010-01-03 16:20 . 2010-01-03 16:30 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-01-03 14:06 . 2010-01-03 14:06 -------- d-----w- c:\documents and settings\cberoui\Local Settings\Application Data\Help
2009-12-13 21:58 . 2009-12-13 21:59 -------- d-----w- c:\windows\system32\NtmsData
2009-12-12 18:38 . 2009-12-12 18:38 -------- d-----w- c:\program files\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 09:47 . 2008-10-10 11:48 256 ----a-w- c:\windows\system32\pool.bin
2010-01-03 19:26 . 2008-05-08 16:05 -------- d-----w- c:\program files\SimpleCenter
2010-01-03 19:24 . 2009-09-20 12:06 -------- d-----w- c:\program files\Net Profiles
2010-01-03 19:19 . 2010-01-03 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-01-03 15:16 . 2008-11-17 08:21 256 ----a-w- c:\documents and settings\cberoui\pool.bin
2010-01-03 14:06 . 2010-01-03 10:35 -------- d-----w- c:\program files\Security Task Manager
2009-12-27 09:44 . 2009-12-27 09:44 16 ----a-w- c:\documents and settings\LocalService\Application Data\fvgqad.dat
2009-12-22 12:32 . 2007-07-30 12:19 -------- d-----w- c:\program files\notes
2009-12-02 14:25 . 2009-10-30 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-21 16:36 . 2004-08-04 14:00 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-17 19:57 . 2009-11-17 19:57 -------- d-----w- c:\documents and settings\cberoui\Application Data\WinBatch
2009-11-17 17:58 . 2009-11-17 17:47 -------- d-----w- c:\documents and settings\cberoui\Application Data\SmartDraw
2009-11-03 17:48 . 2007-07-30 12:06 69536 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-29 07:46 . 2007-04-18 14:31 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-04 14:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-04 14:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 06:00 . 2004-08-04 14:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00 . 2004-08-04 14:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2006-03-17 02:33 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:53 . 2004-08-04 14:00 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2004-08-04 14:00 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2004-08-04 14:00 112128 ----a-w- c:\windows\system32\rastls.dll
2007-09-20 02:45 . 2008-11-16 21:07 90112 ----a-r- c:\program files\axesstel.dll
2007-09-20 02:45 . 2008-11-16 21:07 118784 ----a-r- c:\program files\MSP_Uninstall.exe
2005-11-15 13:32 . 2005-11-15 13:32 3638 ----a-r- c:\program files\Common Files\Altiris_Icon.ico
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-01-03 3037696]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-07 159744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"AeXAgentLogon"="c:\program files\ALTIRIS\NSCLIENT\AeXAgentActivate.exe" [2008-05-12 143360]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2006-01-16 53248]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 3100672]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-02-23 115560]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlackBerry Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2009-7-1 1717592]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2008-4-28 1459392]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-5 805392]
Program Neighborhood Agent.lnk - c:\program files\Citrix\ICA Client\pnagent.exe [2006-5-2 233744]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2008-9-5 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 61234152;61234152 Boot Guard Driver;c:\windows\system32\drivers\61234152.sys [3.1.2010 22:40 37392]
R1 61234151;61234151;c:\windows\system32\drivers\61234151.sys [3.1.2010 22:40 128016]
R1 CCDevice;CCDevice;c:\windows\system32\drivers\CCDevice.sys [29.5.2007 17:55 9216]
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [15.2.2007 19:00 26624]
R1 setup_9.0.0.722_03.01.2010_11-11drv;setup_9.0.0.722_03.01.2010_11-11drv;c:\windows\system32\drivers\6123415.sys [3.1.2010 22:40 315408]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [4.1.2010 0:08 142592]
R2 AMBroker;Access Manager Configuration Service;c:\program files\AccessManager\Client\AMBroker.exe [4.3.2004 13:57 81920]
R2 MSSQL$SMISRDB;MSSQL$SMISRDB;c:\progra~1\MI6841~1\MSSQL$~1\binn\sqlservr.exe -sSMISRDB --> c:\progra~1\MI6841~1\MSSQL$~1\binn\sqlservr.exe -sSMISRDB [?]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [7.2.2007 19:00 2944]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1.9.2009 22:30 102448]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23.1.2007 20:13 36608]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [20.12.2006 2:08 47616]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\axtmvflt.sys [16.11.2008 22:07 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\axtmvmdm.sys [16.11.2008 22:07 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\axtmvprt.sys [16.11.2008 22:07 38784]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [22.7.2008 11:49 23888]
S3 DAPlugin;Visual Insight DA Plugin;c:\program files\AccessManager\Client\DAPlugin.exe [4.3.2004 13:58 81920]
S3 esihdrv;esihdrv;\??\c:\docume~1\cberoui\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\cberoui\LOCALS~1\Temp\esihdrv.sys [?]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [17.7.2007 1:24 35072]
S3 MODRC;WinFast TV Dongle With Infrared Receiver;c:\windows\system32\drivers\modrc.sys [10.2.2009 16:56 13824]
S3 sp_spi_da;Visual Insight Dial Analysis;c:\program files\AccessManager\SMOC\spi_da.exe [17.4.2003 8:59 81920]
S3 SQLAgent$SMISRDB;SQLAgent$SMISRDB;c:\program files\Microsoft SQL Server\MSSQL$SMISRDB\binn\sqlagent.exe -i SMISRDB --> c:\program files\Microsoft SQL Server\MSSQL$SMISRDB\binn\sqlagent.exe -i SMISRDB [?]
.
Obsah adresáře 'Naplánované úlohy'

2008-12-21 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 11:56]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: wise-corporate-ebanking.com\www
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} - hxxp://eroom.johnsoncontrols.com/eRoomSetup/client.cab
DPF: {CAA057EE-809B-48E4-BE9C-367C32486C0D} - hxxp://c-700s664.cg.eu.jci.com/crystalreportviewers10/ActiveXControls/PrintControl.cab
DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128} - hxxp://adisepo.mfcr.cz/adistc/adis/idpr_pub/hlib/bin/cryptsignx.cab
FF - ProfilePath - c:\documents and settings\cberoui\Application Data\Mozilla\Firefox\Profiles\1q295tc4.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Opera\program\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.type - 0c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-Symantec Antvirus
AddRemove-{C92C584E-C781-475E-A8E2-C67D993A6B95} - c:\program files\InstallShield Installation Information\{C92C584E-C781-475E-A8E2-C67D993A6B95}\setup.exe



**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1404)
c:\windows\system32\amgina.dll
c:\windows\system32\amginar.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(4896)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Symantec AntiVirus\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\ALTIRIS\NSCLIENT\AeXNSAgent.exe
c:\windows\system32\ccsrvc.exe
c:\program files\Altiris\Carbon Copy\shellker.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\SYSTEM32\DWRCS.EXE
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\MI6841~1\MSSQL$~1\binn\sqlservr.exe
c:\program files\AccessManager\PMAC\sp_SWIns.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Citrix\ICA Client\ssonsvr.exe
c:\windows\SYSTEM32\DWRCST.exe
c:\program files\Symantec AntiVirus\SmcGui.exe
c:\progra~1\ALTIRIS\CARBON~1\client.exe
c:\program files\ALTIRIS\NSCLIENT\AeXAgentUIHost.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
.
**************************************************************************
.
Celkový čas: 2010-01-05 10:50:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-05 09:50

Před spuštěním: 20 431 921 152 bytes free
Po spuštění: 20 506 656 768 bytes free

- - End Of File - - 688609D58A498DF283AF9B4DE9F080FA
Nahoru
Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13400
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: vytizeni procesoru >50% (2 jadra) - siszyd32 ?

#4 Příspěvek od Roli »

Něco smazáno zbytek v pořádku, nyní přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Pak dej vědět jestli je ještě problém s PC.
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“