SVCHOST zabírá 100% CPU

[LuckyR]

Ahoj můžete mi někdo poradit co s tím? Už to nějakou dobu řešíme na forum.zive.cz.
Tak pošlu link abyste viděli co jsme všecko udělali. Poradíte mi jak dál? Děkuju
http://forum.zive.cz/viewtopic.php?f=92 ... 56bf6086c3

[LuckyR]

Tak tady je

ComboFix 10-01-04.01 - Administrator 11.01.2010 12:48:12.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.502.172 [GMT 1:00]
Spuštěný z: c:\dokumenty\Administrator\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-11 do 2010-01-11 )))))))))))))))))))))))))))))))
.

2010-01-11 06:49 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-11 06:49 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-11 06:49 . 2010-01-11 06:50 -------- d-----w- c:\programy\Malwarebytes' Anti-Malware
2010-01-11 06:44 . 2010-01-11 06:44 -------- d-----w- C:\_OTM
2010-01-04 08:34 . 2010-01-04 08:34 -------- d-sh--w- c:\dokumenty\Administrator\IECompatCache
2010-01-04 08:12 . 2010-01-04 08:12 -------- d-----w- c:\programy\ESET
2010-01-04 08:00 . 2010-01-04 08:00 -------- d-----w- c:\programy\winbox
2010-01-04 08:00 . 2010-01-04 08:00 -------- d-----w- c:\programy\putty
2010-01-04 07:57 . 2010-01-04 07:57 -------- d-----w- c:\programy\MSECache
2010-01-04 07:54 . 2010-01-04 07:54 -------- d-----w- c:\programy\Common Files\Adobe
2010-01-04 07:52 . 2010-01-04 07:52 -------- d-----w- c:\programy\7-Zip
2010-01-04 07:51 . 2007-10-15 10:16 196608 ----a-w- c:\windows\system32\bzpdf101.dll
2010-01-04 07:51 . 2005-09-08 00:03 86728 ----a-w- c:\windows\system32\msxml6r.dll
2010-01-04 07:51 . 2010-01-04 07:51 -------- d-----w- c:\programy\STORMWARE
2010-01-04 07:51 . 2005-09-08 00:03 1330888 ----a-w- c:\windows\system32\msxml6.dll
2010-01-04 07:51 . 2010-01-04 07:51 -------- d-----w- c:\programy\GPLGS
2009-12-24 10:56 . 2009-12-24 10:56 -------- d-sh--w- c:\dokumenty\Administrator\PrivacIE
2009-12-24 10:52 . 2009-12-24 10:52 -------- d-sh--w- c:\dokumenty\Administrator\IETldCache
2009-12-24 10:38 . 2009-12-24 10:38 -------- d-----w- c:\windows\ie8updates
2009-12-24 10:06 . 2009-12-24 10:34 -------- dc-h--w- c:\windows\ie8
2009-12-24 10:06 . 2009-12-24 10:19 -------- d-----w- c:\windows\system32\cs-CZ
2009-12-24 09:37 . 2009-10-29 07:43 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-24 09:37 . 2009-10-29 07:43 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-24 09:37 . 2009-10-29 07:43 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-24 09:36 . 2009-10-29 07:43 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-24 09:36 . 2009-10-29 07:43 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-24 09:36 . 2009-10-29 07:43 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-24 09:35 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-20 22:36 . 2009-12-20 22:36 -------- d-----w- c:\programy\iPod
2009-12-20 22:34 . 2009-12-20 22:39 -------- d-----w- c:\programy\iTunes
2009-12-20 22:27 . 2009-12-20 22:27 -------- d-----w- c:\programy\Bonjour
2009-12-20 22:16 . 2009-12-20 22:23 -------- d-----w- c:\programy\QuickTime
2009-12-20 21:50 . 2009-12-20 21:50 -------- d-----w- c:\programy\Apple Software Update
2009-12-20 19:53 . 2004-08-03 21:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-12-20 19:53 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-12-20 19:53 . 2001-10-24 11:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-12-20 19:53 . 2004-08-17 14:49 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-12-17 15:41 . 2010-01-11 07:36 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-11 07:41 . 2002-09-23 11:00 310228 ----a-w- c:\windows\system32\perfh005.dat
2010-01-11 07:41 . 2002-09-23 11:00 46394 ----a-w- c:\windows\system32\perfc005.dat
2010-01-10 17:41 . 2009-09-07 12:14 -------- d-----w- c:\programy\Mozilla Thunderbird
2010-01-07 09:18 . 2007-12-18 20:42 -------- d-----w- c:\programy\Common Files\PCSuite
2010-01-07 08:42 . 2008-10-29 09:55 -------- d-----w- c:\programy\LimeWire
2010-01-07 08:30 . 2007-12-18 20:42 -------- d-----w- c:\programy\Nokia
2010-01-07 08:20 . 2007-04-19 19:15 -------- d-----w- c:\programy\BearShare Applications
2010-01-04 08:10 . 2008-10-29 10:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-04 08:01 . 2010-01-04 08:01 -------- d-----w- c:\programy\kodeky
2010-01-04 07:49 . 2007-04-14 13:00 -------- d-----w- c:\programy\primopdf
2010-01-04 07:47 . 2007-04-14 12:58 -------- d-----w- c:\programy\DivX
2009-12-20 22:35 . 2007-12-18 23:05 -------- d-----w- c:\programy\Common Files\Apple
2009-12-11 18:00 . 2010-01-04 08:01 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-29 07:43 . 2006-12-16 16:55 916480 ------w- c:\windows\system32\wininet.dll
.

------- Sigcheck -------

[-] 2006-12-16 . A0A035949444D2984A63B08E05EF5EE1 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-01-07_11.28.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2002-09-23 11:00 . 2010-01-07 09:01 40326 c:\windows\system32\perfc009.dat
+ 2002-09-23 11:00 . 2010-01-11 07:41 40326 c:\windows\system32\perfc009.dat
- 2009-12-17 15:41 . 2009-12-17 15:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-11 07:35 . 2010-01-11 07:35 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-17 15:41 . 2009-12-17 15:41 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-12-17 15:41 . 2010-01-11 07:35 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-12-17 15:41 . 2009-12-17 15:41 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-01-11 07:35 . 2010-01-11 07:35 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2002-09-23 11:00 . 2010-01-11 07:41 311938 c:\windows\system32\perfh009.dat
- 2002-09-23 11:00 . 2010-01-07 09:01 311938 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"AzMixerSel"="c:\programy\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"SynTPEnh"="c:\programy\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-11-11 1236992]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]
"LManager"="c:\programy\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"NSLauncher"="c:\programy\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 2658304]
"QuickTime Task"="c:\programy\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\programy\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe Reader Speed Launcher"="c:\programy\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programy\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\programy\Java\jre6\bin\jusched.exe" [2010-01-04 149280]
"egui"="c:\programy\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\dokumenty\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
siszyd32.exe [2004-8-17 31744]

c:\dokumenty\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\programy\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-17 618557]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\programy\\LimeWire\\LimeWire.exe"=
"c:\\programy\\ICQ6.5\\ICQ.exe"=
"c:\\programy\\ORmanager\\ORmanager.exe"=
"c:\\programy\\Bonjour\\mDNSResponder.exe"=
"c:\\programy\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360]
R2 ekrn;ESET Service;c:\programy\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
S2 gupdate1ca0983e64f85dc;Služba Google Update (gupdate1ca0983e64f85dc);c:\programy\Google\Update\GoogleUpdate.exe [20.7.2009 22:49 133104]
.
Obsah adresáře 'Naplánované úlohy'

2009-12-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programy\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\programy\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\programy\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\dokumenty\Administrator\Data aplikací\Mozilla\Firefox\Profiles\0epiv8ua.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\programy\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programy\kodeky\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programy\kodeky\Real\browser\plugins\nprpjplug.dll

---- NASTAVENÍ FIREFOXU ----
c:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 12:54
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-746137067-1770027372-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,61,09,8f,d2,ca,d6,4f,8a,6c,b2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,61,09,8f,d2,ca,d6,4f,8a,6c,b2,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3712)
c:\windows\system32\webcheck.dll
.
Celkový čas: 2010-01-11 12:58:55
ComboFix-quarantined-files.txt 2010-01-11 11:58
ComboFix2.txt 2010-01-07 11:36

Před spuštěním: Volných bajtů: 82 698 883 072
Po spuštění: Volných bajtů: 82 667 192 320

- - End Of File - - 9F3063027DBCF1370333BC2076A164F1

[LuckyR]

Tak to vypadá vše OK opravdu moc děkuju

Tady je log za avengeru

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\dokumenty\Administrator\Nabídka Start\Programy\Po spuštění\siszyd32.exe" replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.


A z ComboFix

ComboFix 10-01-04.01 - Administrator 11.01.2010 13:12:16.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.502.198 [GMT 1:00]
Spuštěný z: c:\dokumenty\Administrator\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-11 do 2010-01-11 )))))))))))))))))))))))))))))))
.

2010-01-11 06:49 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-11 06:49 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-11 06:49 . 2010-01-11 06:50 -------- d-----w- c:\programy\Malwarebytes' Anti-Malware
2010-01-11 06:44 . 2010-01-11 06:44 -------- d-----w- C:\_OTM
2010-01-04 08:34 . 2010-01-04 08:34 -------- d-sh--w- c:\dokumenty\Administrator\IECompatCache
2010-01-04 08:12 . 2010-01-04 08:12 -------- d-----w- c:\programy\ESET
2010-01-04 08:00 . 2010-01-04 08:00 -------- d-----w- c:\programy\winbox
2010-01-04 08:00 . 2010-01-04 08:00 -------- d-----w- c:\programy\putty
2010-01-04 07:57 . 2010-01-04 07:57 -------- d-----w- c:\programy\MSECache
2010-01-04 07:54 . 2010-01-04 07:54 -------- d-----w- c:\programy\Common Files\Adobe
2010-01-04 07:52 . 2010-01-04 07:52 -------- d-----w- c:\programy\7-Zip
2010-01-04 07:51 . 2007-10-15 10:16 196608 ----a-w- c:\windows\system32\bzpdf101.dll
2010-01-04 07:51 . 2005-09-08 00:03 86728 ----a-w- c:\windows\system32\msxml6r.dll
2010-01-04 07:51 . 2010-01-04 07:51 -------- d-----w- c:\programy\STORMWARE
2010-01-04 07:51 . 2005-09-08 00:03 1330888 ----a-w- c:\windows\system32\msxml6.dll
2010-01-04 07:51 . 2010-01-04 07:51 -------- d-----w- c:\programy\GPLGS
2009-12-24 10:56 . 2009-12-24 10:56 -------- d-sh--w- c:\dokumenty\Administrator\PrivacIE
2009-12-24 10:52 . 2009-12-24 10:52 -------- d-sh--w- c:\dokumenty\Administrator\IETldCache
2009-12-24 10:38 . 2009-12-24 10:38 -------- d-----w- c:\windows\ie8updates
2009-12-24 10:06 . 2009-12-24 10:34 -------- dc-h--w- c:\windows\ie8
2009-12-24 10:06 . 2009-12-24 10:19 -------- d-----w- c:\windows\system32\cs-CZ
2009-12-24 09:37 . 2009-10-29 07:43 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-24 09:37 . 2009-10-29 07:43 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-24 09:37 . 2009-10-29 07:43 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-24 09:36 . 2009-10-29 07:43 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-24 09:36 . 2009-10-29 07:43 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-24 09:36 . 2009-10-29 07:43 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-24 09:35 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-20 22:36 . 2009-12-20 22:36 -------- d-----w- c:\programy\iPod
2009-12-20 22:34 . 2009-12-20 22:39 -------- d-----w- c:\programy\iTunes
2009-12-20 22:27 . 2009-12-20 22:27 -------- d-----w- c:\programy\Bonjour
2009-12-20 22:16 . 2009-12-20 22:23 -------- d-----w- c:\programy\QuickTime
2009-12-20 21:50 . 2009-12-20 21:50 -------- d-----w- c:\programy\Apple Software Update
2009-12-20 19:53 . 2004-08-03 21:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-12-20 19:53 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-12-20 19:53 . 2001-10-24 11:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-12-20 19:53 . 2004-08-17 14:49 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-12-17 15:41 . 2010-01-11 07:36 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-11 12:13 . 2002-09-23 11:00 46394 ----a-w- c:\windows\system32\perfc005.dat
2010-01-11 12:13 . 2002-09-23 11:00 310228 ----a-w- c:\windows\system32\perfh005.dat
2010-01-10 17:41 . 2009-09-07 12:14 -------- d-----w- c:\programy\Mozilla Thunderbird
2010-01-07 09:18 . 2007-12-18 20:42 -------- d-----w- c:\programy\Common Files\PCSuite
2010-01-07 08:42 . 2008-10-29 09:55 -------- d-----w- c:\programy\LimeWire
2010-01-07 08:30 . 2007-12-18 20:42 -------- d-----w- c:\programy\Nokia
2010-01-07 08:20 . 2007-04-19 19:15 -------- d-----w- c:\programy\BearShare Applications
2010-01-04 08:10 . 2008-10-29 10:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-04 08:01 . 2010-01-04 08:01 -------- d-----w- c:\programy\kodeky
2010-01-04 07:49 . 2007-04-14 13:00 -------- d-----w- c:\programy\primopdf
2010-01-04 07:47 . 2007-04-14 12:58 -------- d-----w- c:\programy\DivX
2009-12-20 22:35 . 2007-12-18 23:05 -------- d-----w- c:\programy\Common Files\Apple
2009-12-11 18:00 . 2010-01-04 08:01 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-29 07:43 . 2006-12-16 16:55 916480 ------w- c:\windows\system32\wininet.dll
.

------- Sigcheck -------

[-] 2006-12-16 . A0A035949444D2984A63B08E05EF5EE1 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-01-07_11.28.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2002-09-23 11:00 . 2010-01-07 09:01 40326 c:\windows\system32\perfc009.dat
+ 2002-09-23 11:00 . 2010-01-11 12:13 40326 c:\windows\system32\perfc009.dat
- 2009-12-17 15:41 . 2009-12-17 15:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-11 07:35 . 2010-01-11 07:35 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-17 15:41 . 2010-01-11 07:35 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-12-17 15:41 . 2009-12-17 15:41 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2002-09-23 11:00 . 2010-01-11 12:13 311938 c:\windows\system32\perfh009.dat
- 2002-09-23 11:00 . 2010-01-07 09:01 311938 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"AzMixerSel"="c:\programy\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"SynTPEnh"="c:\programy\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-11-11 1236992]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]
"LManager"="c:\programy\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"NSLauncher"="c:\programy\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 2658304]
"QuickTime Task"="c:\programy\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\programy\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe Reader Speed Launcher"="c:\programy\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programy\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\programy\Java\jre6\bin\jusched.exe" [2010-01-04 149280]
"egui"="c:\programy\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\dokumenty\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
siszyd32.exe [2010-1-11 0]

c:\dokumenty\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\programy\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-17 618557]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\programy\\LimeWire\\LimeWire.exe"=
"c:\\programy\\ICQ6.5\\ICQ.exe"=
"c:\\programy\\ORmanager\\ORmanager.exe"=
"c:\\programy\\Bonjour\\mDNSResponder.exe"=
"c:\\programy\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360]
R2 ekrn;ESET Service;c:\programy\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
S2 gupdate1ca0983e64f85dc;Služba Google Update (gupdate1ca0983e64f85dc);c:\programy\Google\Update\GoogleUpdate.exe [20.7.2009 22:49 133104]
.
Obsah adresáře 'Naplánované úlohy'

2009-12-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programy\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\programy\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\programy\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\dokumenty\Administrator\Data aplikací\Mozilla\Firefox\Profiles\0epiv8ua.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=

---- NASTAVENÍ FIREFOXU ----
c:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 13:18
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-746137067-1770027372-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,61,09,8f,d2,ca,d6,4f,8a,6c,b2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,61,09,8f,d2,ca,d6,4f,8a,6c,b2,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2736)
c:\windows\system32\webcheck.dll
.
Celkový čas: 2010-01-11 13:21:01
ComboFix-quarantined-files.txt 2010-01-11 12:20
ComboFix2.txt 2010-01-11 11:58
ComboFix3.txt 2010-01-07 11:36

Před spuštěním: Volných bajtů: 82 670 964 736
Po spuštění: Volných bajtů: 82 638 143 488

- - End Of File - - 60730AB34E84E93467C4EAB476E4722D

[LuckyR]

Tady to máš

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:32:01, on 11.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\programy\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\programy\LAUNCH~1\LManager.exe
C:\programy\iTunes\iTunesHelper.exe
C:\programy\Java\jre6\bin\jusched.exe
C:\programy\ESET\ESET NOD32 Antivirus\egui.exe
C:\programy\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\programy\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\programy\Bonjour\mDNSResponder.exe
C:\programy\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\programy\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\programy\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\programy\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\programy\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\programy\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\programy\Mozilla Firefox\firefox.exe
C:\dokumenty\Administrator\Plocha\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\programy\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\programy\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\programy\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\programy\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\programy\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\programy\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LManager] C:\programy\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [NSLauncher] C:\programy\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\programy\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\programy\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\programy\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\programy\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\programy\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\programy\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: siszyd32.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\programy\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\programy\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\programy\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\programy\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\programy\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\programy\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\programy\ICQ6.5\ICQ.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6635954640
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\programy\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\programy\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\programy\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\programy\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\programy\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\programy\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate1ca0983e64f85dc) (gupdate1ca0983e64f85dc) - Google Inc. - C:\programy\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\programy\iPod\bin\iPodService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6532 bytes