bylo to zavirované, nešel internet. Internet už běží.
Tak vás prosím o pomoc.
Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-08-18 17:41:14
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 20 GB (17%) free of 117 GB
Total RAM: 959 MB (59% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:41:41, on 18.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\MP3 CD Extractor\CD-Extractor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [pdfSaver3] "c:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [MP3 CD Extractor] "C:\Program Files\MP3 CD Extractor\CD-Extractor.exe" hmw
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: updpxe32.exe
O4 - Startup: WinMySQLadmin.lnk = C:\apache\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: BSC Applet Security - https://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
O16 - DPF: BSC Applet Utilities - https://ra.internetbanka.cz/ra31/bin/ap ... .99.99.cab
O16 - DPF: BSC Business Objects - https://ra.internetbanka.cz/ra31/bin/bu ... .99.99.cab
O16 - DPF: BSC Java Components Library - https://ra.internetbanka.cz/ra31/bin/jc ... .99.99.cab
O16 - DPF: BSC Text Utilities - https://ra.internetbanka.cz/ra31/bin/te ... .99.99.cab
O16 - DPF: BSC Utilities - https://ra.internetbanka.cz/ra31/bin/ut ... .99.99.cab
O16 - DPF: GEMINI IBS 31 GECB Applet Security - https://ra.internetbanka.cz/ra31/bin/IB ... .2.0.1.cab
O16 - DPF: GEMINI IBS 31 GECB Applet Utilities - https://ra.internetbanka.cz/ra31/bin/IB ... .0.1.0.cab
O16 - DPF: GEMINI IBS 32 GEMB Applet Security - https://ib.internetbanka.cz/ibs31/bin/I ... .3.0.0.cab
O16 - DPF: GEMINI IBS 32 GEMB Applet Utilities - https://ib.internetbanka.cz/ibs31/bin/I ... .99.99.cab
O16 - DPF: IAIK Java Cryptography Extension - https://ra.internetbanka.cz/ra31/bin/IA ... .99.99.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7462 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-02-09 13680640]
"nwiz"=nwiz.exe /install []
"602PC SUITE PDF Saver"=C:\Program Files\Common Files\soft602\pdfSaver.exe [2005-08-31 49152]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe [2005-11-29 40960]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-08-17 90112]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-02-09 86016]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-07-02 2202704]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"pdfSaver3"=c:\Program Files\PDF\pdfSaver\pdfSaver3.exe [2004-05-19 385024]
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe [2005-11-29 57344]
"MP3 CD Extractor"=C:\Program Files\MP3 CD Extractor\CD-Extractor.exe [2007-03-14 437248]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
updpxe32.exe
WinMySQLadmin.lnk - C:\apache\mysql\bin\winmysqladmin.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveTypeAutoRun Save"=145
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\wf.exe"="C:\Program Files\wf.exe:*:Enabled:wf"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\hlds.exe"="C:\Program Files\Valve\hlds.exe:*:Enabled:HLDS Launcher"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Documents and Settings\Administrator\Plocha\hry\Martin\bulanci\bulanci.exe"="C:\Documents and Settings\Administrator\Plocha\hry\Martin\bulanci\bulanci.exe:*:Enabled:bulanci"
"C:\Documents and Settings\Administrator\Plocha\hry\Martin\hry\Boss_Army_Status_Sender.exe"="C:\Documents and Settings\Administrator\Plocha\hry\Martin\hry\Boss_Army_Status_Sender.exe:*:Enabled:Boss_Army_Status_Sender"
"C:\Program Files\Metin2\metin2client.bin"="C:\Program Files\Metin2\metin2client.bin:*:Enabled:metin2client"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-08-18 15:30:48 ----SHD---- C:\RECYCLER
2010-08-18 15:22:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-18 15:22:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-18 11:56:22 ----A---- C:\WINDOWS\system32\drivers\jhagtt.sys
2010-08-18 11:56:09 ----A---- C:\WINDOWS\system32\drivers\qvuovjrl.sys
2010-08-18 11:33:44 ----SHD---- C:\Config.Msi
2010-08-18 11:15:12 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-18 10:54:26 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-18 10:27:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-08-18 10:05:28 ----A---- C:\ComboFix.txt
2010-08-18 09:27:41 ----D---- C:\WINDOWS\temp
2010-08-18 09:05:22 ----A---- C:\Boot.bak
2010-08-18 09:05:11 ----RASHD---- C:\cmdcons
2010-08-18 08:56:42 ----D---- C:\WINDOWS\ERDNT
2010-08-18 08:40:13 ----D---- C:\Program Files\trend micro
2010-08-18 08:40:12 ----D---- C:\rsit
2010-08-17 18:19:03 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-17 18:13:42 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-17 18:07:38 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-11 12:15:54 ----ASH---- C:\pagefile.sys
2010-08-10 11:23:51 ----D---- C:\Program Files\Passware
2010-08-03 12:39:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
======List of files/folders modified in the last 1 months======
2010-08-18 17:41:20 ----D---- C:\WINDOWS\Prefetch
2010-08-18 16:25:39 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-18 16:24:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-18 16:00:15 ----D---- C:\WINDOWS
2010-08-18 15:33:13 ----D---- C:\WINDOWS\Debug
2010-08-18 15:25:45 ----D---- C:\WINDOWS\system32
2010-08-18 15:25:45 ----D---- C:\Program Files\Internet Explorer
2010-08-18 15:23:37 ----HD---- C:\WINDOWS\inf
2010-08-18 15:23:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-18 15:22:59 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-18 12:42:27 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-18 12:42:13 ----RSD---- C:\WINDOWS\assembly
2010-08-18 11:56:22 ----D---- C:\WINDOWS\system32\drivers
2010-08-18 11:48:52 ----SHD---- C:\WINDOWS\Installer
2010-08-18 11:48:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-18 11:44:53 ----D---- C:\WINDOWS\WinSxS
2010-08-18 10:27:54 ----D---- C:\Program Files\ESET
2010-08-18 10:25:33 ----SHD---- C:\System Volume Information
2010-08-18 10:25:33 ----D---- C:\WINDOWS\system32\Restore
2010-08-18 09:30:33 ----A---- C:\WINDOWS\system.ini
2010-08-18 09:30:11 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-18 09:17:55 ----D---- C:\WINDOWS\AppPatch
2010-08-18 09:17:45 ----D---- C:\Program Files\Common Files
2010-08-18 09:05:22 ----RASH---- C:\boot.ini
2010-08-18 08:40:13 ----RD---- C:\Program Files
2010-08-17 18:07:46 ----D---- C:\Program Files\Movie Maker
2010-08-17 14:44:22 ----D---- C:\WINDOWS\Minidump
2010-08-17 13:41:46 ----D---- C:\WINDOWS\system32\config
2010-08-17 11:34:30 ----D---- C:\Program Files\ICOO Loader
2010-08-17 11:15:57 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Skype
2010-08-17 10:48:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-08-17 10:31:16 ----D---- C:\Documents and Settings\Administrator\Data aplikací\skypePM
2010-08-10 18:35:35 ----RSD---- C:\WINDOWS\Fonts
2010-08-06 11:52:47 ----D---- C:\Documents and Settings\Administrator\Data aplikací\PriceGong
2010-08-05 09:16:39 ----A---- C:\WINDOWS\WINCMD.INI
2010-08-05 09:14:45 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-08-04 15:56:00 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Search Settings
2010-08-03 20:09:31 ----A---- C:\WINDOWS\system32\MRT.exe
2010-08-03 16:24:52 ----A---- C:\WINDOWS\NeroDigital.ini
2010-07-27 14:14:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-07-27 14:14:47 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Adobe
2010-07-27 09:39:59 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-07-27 08:30:31 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-25 17:11:21 ----D---- C:\Program Files\Adobe
2010-07-25 16:58:34 ----D---- C:\Program Files\Common Files\Adobe
2010-07-25 13:31:56 ----D---- C:\Program Files\Mozilla Firefox
2010-07-24 10:42:56 ----D---- C:\Program Files\Metin2
2010-07-23 09:18:07 ----D---- C:\Program Files\Action Town Racing (Fire)
2010-07-20 14:00:25 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2010-07-20 13:59:33 ----D---- C:\Program Files\DVDVideoSoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [2009-05-21 20016]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\WINDOWS\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2006-07-10 27032]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2007-01-12 82296]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-04-28 114984]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-07-02 95896]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-01-06 271360]
R2 dvdmmg;dvdmmg; \??\C:\WINDOWS\system32\drivers\dvdmmg.sys []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-07-02 140752]
R2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-14 88192]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-01-06 18048]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-19 3644800]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-02-09 6307328]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S0 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\Drivers\vbtenum.sys []
S0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-14 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 sm56pci;sm56pci; C:\WINDOWS\system32\DRIVERS\sm56pci.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-07-02 810144]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-02-09 163908]
R2 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-05-21 72704]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-07-02 33584]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-26 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S4 Apache;Apache; c:\apache\Apache.exe --ntservice []
S4 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
S4 MySQL5;MySQL5; C:\dev\prog\mysql50\bin\mysqld-nt --defaults-file=C:\dev\prog\mysql50\my.ini MySQL5 []
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 PHPGeekUtil;PHPGeekUtil; c:\apache\APACHE.EXE --ntservice []
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
svchost zatěžuje cpu na 100%
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: svchost zatěžuje cpu na 100%
Ono to zavirované dosud je. Dejte log z ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: svchost zatěžuje cpu na 100%
trvalo to fakt dlouho...
ComboFix 10-08-17.04 - Administrator 18.08.2010 19:26:50.7.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.959.540 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-18 do 2010-08-18 )))))))))))))))))))))))))))))))
.
2010-08-18 09:56 . 2010-08-18 18:11 757760 ----a-w- c:\windows\system32\drivers\jhagtt.sys
2010-08-18 09:56 . 2010-08-18 18:11 585504 ----a-w- c:\windows\system32\drivers\qvuovjrl.sys
2010-08-18 06:40 . 2010-08-18 15:41 -------- d-----w- c:\program files\trend micro
2010-08-18 06:40 . 2010-08-18 06:41 -------- d-----w- C:\rsit
2010-08-10 09:23 . 2010-08-10 09:51 -------- d-----w- c:\program files\Passware
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-18 09:48 . 2001-10-25 12:00 83742 ----a-w- c:\windows\system32\perfc005.dat
2010-08-18 09:48 . 2001-10-25 12:00 441086 ----a-w- c:\windows\system32\perfh005.dat
2010-08-18 08:27 . 2005-11-22 07:34 -------- d-----w- c:\program files\ESET
2010-08-17 09:34 . 2007-07-13 06:08 -------- d-----w- c:\program files\ICOO Loader
2010-07-27 07:39 . 2010-04-06 15:53 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-07-25 14:58 . 2005-11-29 12:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-24 08:42 . 2010-06-05 15:25 -------- d-----w- c:\program files\Metin2
2010-07-23 07:18 . 2009-07-23 16:42 -------- d-----w- c:\program files\Action Town Racing (Fire)
2010-07-20 12:00 . 2009-05-01 08:26 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-07-20 11:59 . 2009-05-01 08:26 -------- d-----w- c:\program files\DVDVideoSoft
2010-07-17 09:57 . 2005-11-15 13:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-17 09:54 . 2008-09-27 08:59 -------- d-----w- c:\program files\Hewlett-Packard
2010-07-17 09:46 . 2010-05-11 16:27 -------- d-----w- c:\program files\Friendly-Strike3
2010-07-02 10:43 . 2010-07-02 10:43 95896 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-07-02 10:43 . 2010-07-02 10:43 140752 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-06-30 12:33 . 2001-10-25 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-29 15:19 . 2006-11-10 13:32 -------- d-----w- c:\program files\GameSpy Arcade
2010-06-24 12:27 . 2001-10-25 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2001-10-25 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2001-10-25 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2001-10-25 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2005-11-15 11:19 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-06-14 07:43 . 2001-10-25 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-05-21 15:01 . 2009-05-21 15:01 20080545 -c----w- c:\program files\6 klmcodec485.exe
2008-12-21 14:21 . 2008-12-21 14:21 7408784 ------w- c:\program files\Opera_963_in_Setup.exe
2008-12-13 16:31 . 2008-12-13 16:31 7454200 ------w- c:\program files\Opera_962_int_Setup.exe
2008-07-15 12:38 . 2008-07-15 12:38 25787976 ------w- c:\program files\wmp11-windowsxp-x86-CS-CZ.exe
2007-09-21 10:27 . 2007-09-21 10:27 13125640 ------w- c:\program files\ndntczst.exe
2006-07-27 08:15 . 2008-08-03 19:20 3699645 ------w- c:\program files\Readme.rtf
2006-02-06 20:56 . 2006-02-06 20:52 9359878 ------w- c:\program files\inet_srv_light.exe
2005-11-27 16:32 . 2005-11-27 16:32 5316176 ------w- c:\program files\msjavx86.exe
2004-12-03 12:14 . 2008-08-03 19:20 3366912 ------w- c:\program files\wf.exe
2004-06-16 16:40 . 2004-06-16 16:40 499712 ----a-w- c:\program files\msvcp71.dll
2004-06-16 16:40 . 2004-06-16 16:40 348160 ----a-w- c:\program files\msvcr71.dll
2003-10-14 07:26 . 2003-10-14 07:26 245408 ----a-w- c:\program files\unicows.dll
2001-10-25 12:00 . 2001-10-25 12:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 06:52 . 2001-10-25 12:00 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 06:51 . 2001-10-25 12:00 1028096 --sh--w- c:\windows\system32\mfc42.dll
2008-04-14 06:51 . 2001-10-25 12:00 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 06:51 . 2001-10-25 12:00 413696 --sh--w- c:\windows\system32\msvcp60.dll
2008-04-14 06:51 . 2001-10-25 12:00 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 06:52 . 2001-10-25 12:00 12288 --sh--w- c:\windows\system32\regsvr32.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe" [2004-05-19 385024]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 57344]
"MP3 CD Extractor"="c:\program files\MP3 CD Extractor\CD-Extractor.exe" [2007-03-14 437248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"nwiz"="nwiz.exe" [2009-02-09 1657376]
"602PC SUITE PDF Saver"="c:\program files\Common Files\soft602\pdfSaver.exe" [2005-08-31 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 40960]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-07-02 2202704]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
updpxe32.exe [2008-4-14 32768]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-6 113664]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\wf.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\hry\\Martin\\bulanci\\bulanci.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\hry\\Martin\\hry\\Boss_Army_Status_Sender.exe"=
"c:\\Program Files\\Metin2\\metin2client.bin"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [28.4.2010 8:17 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2.7.2010 12:43 95896]
R2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [6.9.2007 12:15 5504]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2.7.2010 12:43 810144]
S3 sm56pci;sm56pci;c:\windows\system32\DRIVERS\sm56pci.sys --> c:\windows\system32\DRIVERS\sm56pci.sys [?]
S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 1:51 380928]
S4 MySQL5;MySQL5;"c:\dev\prog\mysql50\bin\mysqld-nt" --defaults-file="c:\dev\prog\mysql50\my.ini" MySQL5 --> c:\dev\prog\mysql50\bin\mysqld-nt [?]
S4 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" --ntservice --> c:\apache\APACHE.EXE [?]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - jhagtt
*Deregistered* - qvuovjrl
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://www.seznam.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: BSC Applet Security - hxxps://ra.internetbanka.cz/ra31/bin/aplsec-99.99.99.99.cab
DPF: BSC Applet Utilities - hxxps://ra.internetbanka.cz/ra31/bin/aplutil-99.99.99.99.cab
DPF: BSC Business Objects - hxxps://ra.internetbanka.cz/ra31/bin/business-99.99.99.99.cab
DPF: BSC Java Components Library - hxxps://ra.internetbanka.cz/ra31/bin/jcl-99.99.99.99.cab
DPF: BSC Text Utilities - hxxps://ra.internetbanka.cz/ra31/bin/text-99.99.99.99.cab
DPF: BSC Utilities - hxxps://ra.internetbanka.cz/ra31/bin/util-99.99.99.99.cab
DPF: GEMINI IBS 31 GECB Applet Security - hxxps://ra.internetbanka.cz/ra31/bin/IBS31-GECB-aplsec-3.2.0.1.cab
DPF: GEMINI IBS 31 GECB Applet Utilities - hxxps://ra.internetbanka.cz/ra31/bin/IBS31-GECB-aplutil-1.0.1.0.cab
DPF: GEMINI IBS 32 GEMB Applet Security - hxxps://ib.internetbanka.cz/ibs31/bin/IBS32-GEMB-aplsec-3.3.0.0.cab
DPF: GEMINI IBS 32 GEMB Applet Utilities - hxxps://ib.internetbanka.cz/ibs31/bin/IBS32-GEMB-aplutil-99.99.99.99.cab
DPF: IAIK Java Cryptography Extension - hxxps://ra.internetbanka.cz/ra31/bin/IAIK-99.99.99.99.cab
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\p3qtlcs7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-18 20:11
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL5]
"ImagePath"="\"c:\dev\prog\mysql50\bin\mysqld-nt\" --defaults-file=\"c:\dev\prog\mysql50\my.ini\" MySQL5"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jhagtt]
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qvuovjrl]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-746137067-1450960922-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,eb,62,99,77,fe,cd,48,97,e1,b8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,30,a4,46,fe,1a,f6,43,b5,65,7f,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,eb,62,99,77,fe,cd,48,97,e1,b8,\
[HKEY_USERS\S-1-5-21-746137067-1450960922-682003330-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:71,e2,d2,2f,3c,3e,c4,3c,bb,d6,98,86,30,48,ad,95,22,37,1b,08,bd,4a,ad,
9e,55,25,02,e0,f9,4b,a3,9c,47,68,ad,0d,43,e9,97,f5,7e,48,6a,6b,bc,ab,95,4c,\
"??"=hex:3a,aa,1e,29,c2,fd,a6,52,49,9f,58,b0,12,d9,2d,e9
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,eb,62,99,77,fe,cd,48,97,e1,b8,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,eb,62,99,77,fe,cd,48,97,e1,b8,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(760)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
- - - - - - - > 'explorer.exe'(416)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-08-18 20:26:06
ComboFix-quarantined-files.txt 2010-08-18 18:25
ComboFix2.txt 2010-08-18 08:05
Před spuštěním: Volných bajtů: 20 956 966 912
Po spuštění: Volných bajtů: 20 953 964 544
- - End Of File - - 212EF487E79D365B5D28DD699651AD2E
ComboFix 10-08-17.04 - Administrator 18.08.2010 19:26:50.7.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.959.540 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-18 do 2010-08-18 )))))))))))))))))))))))))))))))
.
2010-08-18 09:56 . 2010-08-18 18:11 757760 ----a-w- c:\windows\system32\drivers\jhagtt.sys
2010-08-18 09:56 . 2010-08-18 18:11 585504 ----a-w- c:\windows\system32\drivers\qvuovjrl.sys
2010-08-18 06:40 . 2010-08-18 15:41 -------- d-----w- c:\program files\trend micro
2010-08-18 06:40 . 2010-08-18 06:41 -------- d-----w- C:\rsit
2010-08-10 09:23 . 2010-08-10 09:51 -------- d-----w- c:\program files\Passware
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-18 09:48 . 2001-10-25 12:00 83742 ----a-w- c:\windows\system32\perfc005.dat
2010-08-18 09:48 . 2001-10-25 12:00 441086 ----a-w- c:\windows\system32\perfh005.dat
2010-08-18 08:27 . 2005-11-22 07:34 -------- d-----w- c:\program files\ESET
2010-08-17 09:34 . 2007-07-13 06:08 -------- d-----w- c:\program files\ICOO Loader
2010-07-27 07:39 . 2010-04-06 15:53 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-07-25 14:58 . 2005-11-29 12:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-24 08:42 . 2010-06-05 15:25 -------- d-----w- c:\program files\Metin2
2010-07-23 07:18 . 2009-07-23 16:42 -------- d-----w- c:\program files\Action Town Racing (Fire)
2010-07-20 12:00 . 2009-05-01 08:26 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-07-20 11:59 . 2009-05-01 08:26 -------- d-----w- c:\program files\DVDVideoSoft
2010-07-17 09:57 . 2005-11-15 13:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-17 09:54 . 2008-09-27 08:59 -------- d-----w- c:\program files\Hewlett-Packard
2010-07-17 09:46 . 2010-05-11 16:27 -------- d-----w- c:\program files\Friendly-Strike3
2010-07-02 10:43 . 2010-07-02 10:43 95896 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-07-02 10:43 . 2010-07-02 10:43 140752 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-06-30 12:33 . 2001-10-25 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-29 15:19 . 2006-11-10 13:32 -------- d-----w- c:\program files\GameSpy Arcade
2010-06-24 12:27 . 2001-10-25 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2001-10-25 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2001-10-25 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2001-10-25 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2005-11-15 11:19 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-06-14 07:43 . 2001-10-25 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-05-21 15:01 . 2009-05-21 15:01 20080545 -c----w- c:\program files\6 klmcodec485.exe
2008-12-21 14:21 . 2008-12-21 14:21 7408784 ------w- c:\program files\Opera_963_in_Setup.exe
2008-12-13 16:31 . 2008-12-13 16:31 7454200 ------w- c:\program files\Opera_962_int_Setup.exe
2008-07-15 12:38 . 2008-07-15 12:38 25787976 ------w- c:\program files\wmp11-windowsxp-x86-CS-CZ.exe
2007-09-21 10:27 . 2007-09-21 10:27 13125640 ------w- c:\program files\ndntczst.exe
2006-07-27 08:15 . 2008-08-03 19:20 3699645 ------w- c:\program files\Readme.rtf
2006-02-06 20:56 . 2006-02-06 20:52 9359878 ------w- c:\program files\inet_srv_light.exe
2005-11-27 16:32 . 2005-11-27 16:32 5316176 ------w- c:\program files\msjavx86.exe
2004-12-03 12:14 . 2008-08-03 19:20 3366912 ------w- c:\program files\wf.exe
2004-06-16 16:40 . 2004-06-16 16:40 499712 ----a-w- c:\program files\msvcp71.dll
2004-06-16 16:40 . 2004-06-16 16:40 348160 ----a-w- c:\program files\msvcr71.dll
2003-10-14 07:26 . 2003-10-14 07:26 245408 ----a-w- c:\program files\unicows.dll
2001-10-25 12:00 . 2001-10-25 12:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 06:52 . 2001-10-25 12:00 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 06:51 . 2001-10-25 12:00 1028096 --sh--w- c:\windows\system32\mfc42.dll
2008-04-14 06:51 . 2001-10-25 12:00 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 06:51 . 2001-10-25 12:00 413696 --sh--w- c:\windows\system32\msvcp60.dll
2008-04-14 06:51 . 2001-10-25 12:00 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 06:52 . 2001-10-25 12:00 12288 --sh--w- c:\windows\system32\regsvr32.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe" [2004-05-19 385024]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 57344]
"MP3 CD Extractor"="c:\program files\MP3 CD Extractor\CD-Extractor.exe" [2007-03-14 437248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"nwiz"="nwiz.exe" [2009-02-09 1657376]
"602PC SUITE PDF Saver"="c:\program files\Common Files\soft602\pdfSaver.exe" [2005-08-31 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 40960]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-07-02 2202704]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
updpxe32.exe [2008-4-14 32768]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-6 113664]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\wf.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\hry\\Martin\\bulanci\\bulanci.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\hry\\Martin\\hry\\Boss_Army_Status_Sender.exe"=
"c:\\Program Files\\Metin2\\metin2client.bin"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [28.4.2010 8:17 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2.7.2010 12:43 95896]
R2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [6.9.2007 12:15 5504]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2.7.2010 12:43 810144]
S3 sm56pci;sm56pci;c:\windows\system32\DRIVERS\sm56pci.sys --> c:\windows\system32\DRIVERS\sm56pci.sys [?]
S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 1:51 380928]
S4 MySQL5;MySQL5;"c:\dev\prog\mysql50\bin\mysqld-nt" --defaults-file="c:\dev\prog\mysql50\my.ini" MySQL5 --> c:\dev\prog\mysql50\bin\mysqld-nt [?]
S4 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" --ntservice --> c:\apache\APACHE.EXE [?]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - jhagtt
*Deregistered* - qvuovjrl
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://www.seznam.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: BSC Applet Security - hxxps://ra.internetbanka.cz/ra31/bin/aplsec-99.99.99.99.cab
DPF: BSC Applet Utilities - hxxps://ra.internetbanka.cz/ra31/bin/aplutil-99.99.99.99.cab
DPF: BSC Business Objects - hxxps://ra.internetbanka.cz/ra31/bin/business-99.99.99.99.cab
DPF: BSC Java Components Library - hxxps://ra.internetbanka.cz/ra31/bin/jcl-99.99.99.99.cab
DPF: BSC Text Utilities - hxxps://ra.internetbanka.cz/ra31/bin/text-99.99.99.99.cab
DPF: BSC Utilities - hxxps://ra.internetbanka.cz/ra31/bin/util-99.99.99.99.cab
DPF: GEMINI IBS 31 GECB Applet Security - hxxps://ra.internetbanka.cz/ra31/bin/IBS31-GECB-aplsec-3.2.0.1.cab
DPF: GEMINI IBS 31 GECB Applet Utilities - hxxps://ra.internetbanka.cz/ra31/bin/IBS31-GECB-aplutil-1.0.1.0.cab
DPF: GEMINI IBS 32 GEMB Applet Security - hxxps://ib.internetbanka.cz/ibs31/bin/IBS32-GEMB-aplsec-3.3.0.0.cab
DPF: GEMINI IBS 32 GEMB Applet Utilities - hxxps://ib.internetbanka.cz/ibs31/bin/IBS32-GEMB-aplutil-99.99.99.99.cab
DPF: IAIK Java Cryptography Extension - hxxps://ra.internetbanka.cz/ra31/bin/IAIK-99.99.99.99.cab
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\p3qtlcs7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-18 20:11
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL5]
"ImagePath"="\"c:\dev\prog\mysql50\bin\mysqld-nt\" --defaults-file=\"c:\dev\prog\mysql50\my.ini\" MySQL5"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jhagtt]
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qvuovjrl]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-746137067-1450960922-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,eb,62,99,77,fe,cd,48,97,e1,b8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,30,a4,46,fe,1a,f6,43,b5,65,7f,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,eb,62,99,77,fe,cd,48,97,e1,b8,\
[HKEY_USERS\S-1-5-21-746137067-1450960922-682003330-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:71,e2,d2,2f,3c,3e,c4,3c,bb,d6,98,86,30,48,ad,95,22,37,1b,08,bd,4a,ad,
9e,55,25,02,e0,f9,4b,a3,9c,47,68,ad,0d,43,e9,97,f5,7e,48,6a,6b,bc,ab,95,4c,\
"??"=hex:3a,aa,1e,29,c2,fd,a6,52,49,9f,58,b0,12,d9,2d,e9
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,eb,62,99,77,fe,cd,48,97,e1,b8,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,eb,62,99,77,fe,cd,48,97,e1,b8,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(760)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
- - - - - - - > 'explorer.exe'(416)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-08-18 20:26:06
ComboFix-quarantined-files.txt 2010-08-18 18:25
ComboFix2.txt 2010-08-18 08:05
Před spuštěním: Volných bajtů: 20 956 966 912
Po spuštění: Volných bajtů: 20 953 964 544
- - End Of File - - 212EF487E79D365B5D28DD699651AD2E
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: svchost zatěžuje cpu na 100%
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Collect::
c:\windows\system32\drivers\jhagtt.sys
c:\windows\system32\drivers\qvuovjrl.sys
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\updpxe32.exe
Driver::
jhagtt
qvuovjrl
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: svchost zatěžuje cpu na 100%
ComboFix 10-08-17.04 - Administrator 18.08.2010 22:24:24.8.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.959.415 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
file zipped: c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\updpxe32.exe
file zipped: c:\windows\system32\drivers\jhagtt.sys
file zipped: c:\windows\system32\drivers\qvuovjrl.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\updpxe32.exe
c:\windows\system32\drivers\jhagtt.sys
c:\windows\system32\drivers\qvuovjrl.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_JHAGTT
-------\Legacy_QVUOVJRL
-------\Service_jhagtt
-------\Service_qvuovjrl
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-18 do 2010-08-18 )))))))))))))))))))))))))))))))
.
2010-08-18 06:40 . 2010-08-18 15:41 -------- d-----w- c:\program files\trend micro
2010-08-18 06:40 . 2010-08-18 06:41 -------- d-----w- C:\rsit
2010-08-10 09:23 . 2010-08-10 09:51 -------- d-----w- c:\program files\Passware
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-18 09:48 . 2001-10-25 12:00 83742 ----a-w- c:\windows\system32\perfc005.dat
2010-08-18 09:48 . 2001-10-25 12:00 441086 ----a-w- c:\windows\system32\perfh005.dat
2010-08-18 08:27 . 2005-11-22 07:34 -------- d-----w- c:\program files\ESET
2010-08-17 09:34 . 2007-07-13 06:08 -------- d-----w- c:\program files\ICOO Loader
2010-07-27 07:39 . 2010-04-06 15:53 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-07-25 14:58 . 2005-11-29 12:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-24 08:42 . 2010-06-05 15:25 -------- d-----w- c:\program files\Metin2
2010-07-23 07:18 . 2009-07-23 16:42 -------- d-----w- c:\program files\Action Town Racing (Fire)
2010-07-20 12:00 . 2009-05-01 08:26 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-07-20 11:59 . 2009-05-01 08:26 -------- d-----w- c:\program files\DVDVideoSoft
2010-07-17 09:57 . 2005-11-15 13:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-17 09:54 . 2008-09-27 08:59 -------- d-----w- c:\program files\Hewlett-Packard
2010-07-17 09:46 . 2010-05-11 16:27 -------- d-----w- c:\program files\Friendly-Strike3
2010-07-02 10:43 . 2010-07-02 10:43 95896 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-07-02 10:43 . 2010-07-02 10:43 140752 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-06-30 12:33 . 2001-10-25 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-29 15:19 . 2006-11-10 13:32 -------- d-----w- c:\program files\GameSpy Arcade
2010-06-24 12:27 . 2001-10-25 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2001-10-25 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2001-10-25 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2001-10-25 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2005-11-15 11:19 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-06-14 07:43 . 2001-10-25 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-05-21 15:01 . 2009-05-21 15:01 20080545 -c----w- c:\program files\6 klmcodec485.exe
2008-12-21 14:21 . 2008-12-21 14:21 7408784 ------w- c:\program files\Opera_963_in_Setup.exe
2008-12-13 16:31 . 2008-12-13 16:31 7454200 ------w- c:\program files\Opera_962_int_Setup.exe
2008-07-15 12:38 . 2008-07-15 12:38 25787976 ------w- c:\program files\wmp11-windowsxp-x86-CS-CZ.exe
2007-09-21 10:27 . 2007-09-21 10:27 13125640 ------w- c:\program files\ndntczst.exe
2006-07-27 08:15 . 2008-08-03 19:20 3699645 ------w- c:\program files\Readme.rtf
2006-02-06 20:56 . 2006-02-06 20:52 9359878 ------w- c:\program files\inet_srv_light.exe
2005-11-27 16:32 . 2005-11-27 16:32 5316176 ------w- c:\program files\msjavx86.exe
2004-12-03 12:14 . 2008-08-03 19:20 3366912 ------w- c:\program files\wf.exe
2004-06-16 16:40 . 2004-06-16 16:40 499712 ----a-w- c:\program files\msvcp71.dll
2004-06-16 16:40 . 2004-06-16 16:40 348160 ----a-w- c:\program files\msvcr71.dll
2003-10-14 07:26 . 2003-10-14 07:26 245408 ----a-w- c:\program files\unicows.dll
2001-10-25 12:00 . 2001-10-25 12:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 06:52 . 2001-10-25 12:00 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 06:51 . 2001-10-25 12:00 1028096 --sh--w- c:\windows\system32\mfc42.dll
2008-04-14 06:51 . 2001-10-25 12:00 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 06:51 . 2001-10-25 12:00 413696 --sh--w- c:\windows\system32\msvcp60.dll
2008-04-14 06:51 . 2001-10-25 12:00 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 06:52 . 2001-10-25 12:00 12288 --sh--w- c:\windows\system32\regsvr32.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe" [2004-05-19 385024]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 57344]
"MP3 CD Extractor"="c:\program files\MP3 CD Extractor\CD-Extractor.exe" [2007-03-14 437248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"nwiz"="nwiz.exe" [2009-02-09 1657376]
"602PC SUITE PDF Saver"="c:\program files\Common Files\soft602\pdfSaver.exe" [2005-08-31 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 40960]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-07-02 2202704]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-6 113664]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\wf.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\hry\\Martin\\bulanci\\bulanci.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\hry\\Martin\\hry\\Boss_Army_Status_Sender.exe"=
"c:\\Program Files\\Metin2\\metin2client.bin"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [28.4.2010 8:17 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2.7.2010 12:43 95896]
R2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [6.9.2007 12:15 5504]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2.7.2010 12:43 810144]
S3 sm56pci;sm56pci;c:\windows\system32\DRIVERS\sm56pci.sys --> c:\windows\system32\DRIVERS\sm56pci.sys [?]
S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 1:51 380928]
S4 MySQL5;MySQL5;"c:\dev\prog\mysql50\bin\mysqld-nt" --defaults-file="c:\dev\prog\mysql50\my.ini" MySQL5 --> c:\dev\prog\mysql50\bin\mysqld-nt [?]
S4 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" --ntservice --> c:\apache\APACHE.EXE [?]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://www.seznam.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: BSC Applet Security - hxxps://ra.internetbanka.cz/ra31/bin/aplsec-99.99.99.99.cab
DPF: BSC Applet Utilities - hxxps://ra.internetbanka.cz/ra31/bin/aplutil-99.99.99.99.cab
DPF: BSC Business Objects - hxxps://ra.internetbanka.cz/ra31/bin/business-99.99.99.99.cab
DPF: BSC Java Components Library - hxxps://ra.internetbanka.cz/ra31/bin/jcl-99.99.99.99.cab
DPF: BSC Text Utilities - hxxps://ra.internetbanka.cz/ra31/bin/text-99.99.99.99.cab
DPF: BSC Utilities - hxxps://ra.internetbanka.cz/ra31/bin/util-99.99.99.99.cab
DPF: GEMINI IBS 31 GECB Applet Security - hxxps://ra.internetbanka.cz/ra31/bin/IBS31-GECB-aplsec-3.2.0.1.cab
DPF: GEMINI IBS 31 GECB Applet Utilities - hxxps://ra.internetbanka.cz/ra31/bin/IBS31-GECB-aplutil-1.0.1.0.cab
DPF: GEMINI IBS 32 GEMB Applet Security - hxxps://ib.internetbanka.cz/ibs31/bin/IBS32-GEMB-aplsec-3.3.0.0.cab
DPF: GEMINI IBS 32 GEMB Applet Utilities - hxxps://ib.internetbanka.cz/ibs31/bin/IBS32-GEMB-aplutil-99.99.99.99.cab
DPF: IAIK Java Cryptography Extension - hxxps://ra.internetbanka.cz/ra31/bin/IAIK-99.99.99.99.cab
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\p3qtlcs7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-18 22:52
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL5]
"ImagePath"="\"c:\dev\prog\mysql50\bin\mysqld-nt\" --defaults-file=\"c:\dev\prog\mysql50\my.ini\" MySQL5"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-746137067-1450960922-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,eb,62,99,77,fe,cd,48,97,e1,b8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,30,a4,46,fe,1a,f6,43,b5,65,7f,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,eb,62,99,77,fe,cd,48,97,e1,b8,\
[HKEY_USERS\S-1-5-21-746137067-1450960922-682003330-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:71,e2,d2,2f,3c,3e,c4,3c,bb,d6,98,86,30,48,ad,95,22,37,1b,08,bd,4a,ad,
9e,55,25,02,e0,f9,4b,a3,9c,47,68,ad,0d,43,e9,97,f5,7e,48,6a,6b,bc,ab,95,4c,\
"??"=hex:3a,aa,1e,29,c2,fd,a6,52,49,9f,58,b0,12,d9,2d,e9
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,eb,62,99,77,fe,cd,48,97,e1,b8,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,eb,62,99,77,fe,cd,48,97,e1,b8,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
- - - - - - - > 'explorer.exe'(2236)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Celkový čas: 2010-08-18 22:57:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-18 20:57
ComboFix2.txt 2010-08-18 18:26
ComboFix3.txt 2010-08-18 08:05
Před spuštěním: Volných bajtů: 20 911 845 376
Po spuštění: Volných bajtů: 20 843 884 544
- - End Of File - - ECD7F4CC23F403E4433C192BA5D6EBF0
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.959.415 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
file zipped: c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\updpxe32.exe
file zipped: c:\windows\system32\drivers\jhagtt.sys
file zipped: c:\windows\system32\drivers\qvuovjrl.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\updpxe32.exe
c:\windows\system32\drivers\jhagtt.sys
c:\windows\system32\drivers\qvuovjrl.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_JHAGTT
-------\Legacy_QVUOVJRL
-------\Service_jhagtt
-------\Service_qvuovjrl
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-18 do 2010-08-18 )))))))))))))))))))))))))))))))
.
2010-08-18 06:40 . 2010-08-18 15:41 -------- d-----w- c:\program files\trend micro
2010-08-18 06:40 . 2010-08-18 06:41 -------- d-----w- C:\rsit
2010-08-10 09:23 . 2010-08-10 09:51 -------- d-----w- c:\program files\Passware
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-18 09:48 . 2001-10-25 12:00 83742 ----a-w- c:\windows\system32\perfc005.dat
2010-08-18 09:48 . 2001-10-25 12:00 441086 ----a-w- c:\windows\system32\perfh005.dat
2010-08-18 08:27 . 2005-11-22 07:34 -------- d-----w- c:\program files\ESET
2010-08-17 09:34 . 2007-07-13 06:08 -------- d-----w- c:\program files\ICOO Loader
2010-07-27 07:39 . 2010-04-06 15:53 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-07-25 14:58 . 2005-11-29 12:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-24 08:42 . 2010-06-05 15:25 -------- d-----w- c:\program files\Metin2
2010-07-23 07:18 . 2009-07-23 16:42 -------- d-----w- c:\program files\Action Town Racing (Fire)
2010-07-20 12:00 . 2009-05-01 08:26 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-07-20 11:59 . 2009-05-01 08:26 -------- d-----w- c:\program files\DVDVideoSoft
2010-07-17 09:57 . 2005-11-15 13:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-17 09:54 . 2008-09-27 08:59 -------- d-----w- c:\program files\Hewlett-Packard
2010-07-17 09:46 . 2010-05-11 16:27 -------- d-----w- c:\program files\Friendly-Strike3
2010-07-02 10:43 . 2010-07-02 10:43 95896 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-07-02 10:43 . 2010-07-02 10:43 140752 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-06-30 12:33 . 2001-10-25 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-29 15:19 . 2006-11-10 13:32 -------- d-----w- c:\program files\GameSpy Arcade
2010-06-24 12:27 . 2001-10-25 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2001-10-25 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2001-10-25 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2001-10-25 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2005-11-15 11:19 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-06-14 07:43 . 2001-10-25 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-05-21 15:01 . 2009-05-21 15:01 20080545 -c----w- c:\program files\6 klmcodec485.exe
2008-12-21 14:21 . 2008-12-21 14:21 7408784 ------w- c:\program files\Opera_963_in_Setup.exe
2008-12-13 16:31 . 2008-12-13 16:31 7454200 ------w- c:\program files\Opera_962_int_Setup.exe
2008-07-15 12:38 . 2008-07-15 12:38 25787976 ------w- c:\program files\wmp11-windowsxp-x86-CS-CZ.exe
2007-09-21 10:27 . 2007-09-21 10:27 13125640 ------w- c:\program files\ndntczst.exe
2006-07-27 08:15 . 2008-08-03 19:20 3699645 ------w- c:\program files\Readme.rtf
2006-02-06 20:56 . 2006-02-06 20:52 9359878 ------w- c:\program files\inet_srv_light.exe
2005-11-27 16:32 . 2005-11-27 16:32 5316176 ------w- c:\program files\msjavx86.exe
2004-12-03 12:14 . 2008-08-03 19:20 3366912 ------w- c:\program files\wf.exe
2004-06-16 16:40 . 2004-06-16 16:40 499712 ----a-w- c:\program files\msvcp71.dll
2004-06-16 16:40 . 2004-06-16 16:40 348160 ----a-w- c:\program files\msvcr71.dll
2003-10-14 07:26 . 2003-10-14 07:26 245408 ----a-w- c:\program files\unicows.dll
2001-10-25 12:00 . 2001-10-25 12:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 06:52 . 2001-10-25 12:00 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 06:51 . 2001-10-25 12:00 1028096 --sh--w- c:\windows\system32\mfc42.dll
2008-04-14 06:51 . 2001-10-25 12:00 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 06:51 . 2001-10-25 12:00 413696 --sh--w- c:\windows\system32\msvcp60.dll
2008-04-14 06:51 . 2001-10-25 12:00 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 06:52 . 2001-10-25 12:00 12288 --sh--w- c:\windows\system32\regsvr32.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe" [2004-05-19 385024]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 57344]
"MP3 CD Extractor"="c:\program files\MP3 CD Extractor\CD-Extractor.exe" [2007-03-14 437248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"nwiz"="nwiz.exe" [2009-02-09 1657376]
"602PC SUITE PDF Saver"="c:\program files\Common Files\soft602\pdfSaver.exe" [2005-08-31 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 40960]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-07-02 2202704]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-6 113664]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\wf.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\hry\\Martin\\bulanci\\bulanci.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\hry\\Martin\\hry\\Boss_Army_Status_Sender.exe"=
"c:\\Program Files\\Metin2\\metin2client.bin"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [28.4.2010 8:17 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2.7.2010 12:43 95896]
R2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [6.9.2007 12:15 5504]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2.7.2010 12:43 810144]
S3 sm56pci;sm56pci;c:\windows\system32\DRIVERS\sm56pci.sys --> c:\windows\system32\DRIVERS\sm56pci.sys [?]
S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 1:51 380928]
S4 MySQL5;MySQL5;"c:\dev\prog\mysql50\bin\mysqld-nt" --defaults-file="c:\dev\prog\mysql50\my.ini" MySQL5 --> c:\dev\prog\mysql50\bin\mysqld-nt [?]
S4 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" --ntservice --> c:\apache\APACHE.EXE [?]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://www.seznam.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: BSC Applet Security - hxxps://ra.internetbanka.cz/ra31/bin/aplsec-99.99.99.99.cab
DPF: BSC Applet Utilities - hxxps://ra.internetbanka.cz/ra31/bin/aplutil-99.99.99.99.cab
DPF: BSC Business Objects - hxxps://ra.internetbanka.cz/ra31/bin/business-99.99.99.99.cab
DPF: BSC Java Components Library - hxxps://ra.internetbanka.cz/ra31/bin/jcl-99.99.99.99.cab
DPF: BSC Text Utilities - hxxps://ra.internetbanka.cz/ra31/bin/text-99.99.99.99.cab
DPF: BSC Utilities - hxxps://ra.internetbanka.cz/ra31/bin/util-99.99.99.99.cab
DPF: GEMINI IBS 31 GECB Applet Security - hxxps://ra.internetbanka.cz/ra31/bin/IBS31-GECB-aplsec-3.2.0.1.cab
DPF: GEMINI IBS 31 GECB Applet Utilities - hxxps://ra.internetbanka.cz/ra31/bin/IBS31-GECB-aplutil-1.0.1.0.cab
DPF: GEMINI IBS 32 GEMB Applet Security - hxxps://ib.internetbanka.cz/ibs31/bin/IBS32-GEMB-aplsec-3.3.0.0.cab
DPF: GEMINI IBS 32 GEMB Applet Utilities - hxxps://ib.internetbanka.cz/ibs31/bin/IBS32-GEMB-aplutil-99.99.99.99.cab
DPF: IAIK Java Cryptography Extension - hxxps://ra.internetbanka.cz/ra31/bin/IAIK-99.99.99.99.cab
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\p3qtlcs7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-18 22:52
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL5]
"ImagePath"="\"c:\dev\prog\mysql50\bin\mysqld-nt\" --defaults-file=\"c:\dev\prog\mysql50\my.ini\" MySQL5"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-746137067-1450960922-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,eb,62,99,77,fe,cd,48,97,e1,b8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,30,a4,46,fe,1a,f6,43,b5,65,7f,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,eb,62,99,77,fe,cd,48,97,e1,b8,\
[HKEY_USERS\S-1-5-21-746137067-1450960922-682003330-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:71,e2,d2,2f,3c,3e,c4,3c,bb,d6,98,86,30,48,ad,95,22,37,1b,08,bd,4a,ad,
9e,55,25,02,e0,f9,4b,a3,9c,47,68,ad,0d,43,e9,97,f5,7e,48,6a,6b,bc,ab,95,4c,\
"??"=hex:3a,aa,1e,29,c2,fd,a6,52,49,9f,58,b0,12,d9,2d,e9
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,eb,62,99,77,fe,cd,48,97,e1,b8,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,eb,62,99,77,fe,cd,48,97,e1,b8,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
- - - - - - - > 'explorer.exe'(2236)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Celkový čas: 2010-08-18 22:57:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-18 20:57
ComboFix2.txt 2010-08-18 18:26
ComboFix3.txt 2010-08-18 08:05
Před spuštěním: Volných bajtů: 20 911 845 376
Po spuštění: Volných bajtů: 20 843 884 544
- - End Of File - - ECD7F4CC23F403E4433C192BA5D6EBF0
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: svchost zatěžuje cpu na 100%
Log již vypadá čistý. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: svchost zatěžuje cpu na 100%
zdá se to být v pohodě, ještě t-cleaner a cclean...
Díky.
Díky.
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: svchost zatěžuje cpu na 100%
Jj. Nemáte zač!multi píše:zdá se to být v pohodě, ještě t-cleaner a cclean...
Díky.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?