siszyd32.exe
Napsal: 14 led 2010 11:59
Ahoj, mám problém s týmto procesom. Nod mi ho nájde ale nevylieči. svchost.exe mi vykazuje 100 % vyťaženie CPU, s PC sa nedá normálne pracovať...
prikladám log z combofixu...
ComboFix 10-01-13.0B - JS . 01. 2010 11:20:45.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1029.18.511.232 [GMT 1:00]
Running from: c:\documents and settings\JS\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\JS\JS.exe
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\00176F25.urr
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\grpconv.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\grpconv.exe
.
((((((((((((((((((((((((( Files Created from 2009-12-14 to 2010-01-14 )))))))))))))))))))))))))))))))
.
2010-01-14 10:46 . 2004-08-17 14:49 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2010-01-14 10:46 . 2004-08-17 14:49 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-01-14 09:39 . 2001-10-24 10:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-01-14 09:39 . 2001-10-24 10:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-01-13 19:17 . 2009-11-21 16:46 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-13 17:57 . 2010-01-13 18:50 -------- d-----w- c:\windows\system32\NtmsData
2010-01-02 20:51 . 2010-01-02 20:51 298104 ----a-w- c:\windows\system32\imon.dll
2010-01-02 20:51 . 2010-01-02 20:50 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2010-01-02 20:51 . 2010-01-02 20:50 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2010-01-02 20:50 . 2010-01-14 10:20 -------- d-----w- c:\program files\ESET
2010-01-02 18:57 . 2010-01-02 18:57 -------- d-----w- c:\program files\Common Files\Skype
2010-01-01 19:49 . 2010-01-02 18:31 -------- d-----w- c:\program files\Vyčistiť Počítač
2009-12-28 15:22 . 2004-08-03 22:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2009-12-28 15:22 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2009-12-28 15:20 . 2010-01-14 10:51 763904 ----a-w- c:\windows\system32\drivers\rhyemkqy.sys
2009-12-22 20:08 . 2009-12-22 20:08 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-22 18:26 . 2009-12-22 18:25 512096 ----a-w- c:\windows\system32\drivers\amon(2).sys
2009-12-22 18:26 . 2009-12-22 18:25 298104 ----a-w- c:\windows\system32\imon(2).dll
2009-12-22 18:26 . 2009-12-22 18:25 15424 ----a-w- c:\windows\system32\drivers\nod32drv(2).sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-02 18:57 . 2008-10-03 14:41 -------- d-----w- c:\program files\Skype
2010-01-02 18:41 . 2009-03-31 18:13 -------- d-----w- c:\program files\Spyware Doctor
2009-12-30 18:48 . 2001-10-25 12:00 83702 ----a-w- c:\windows\system32\perfc005.dat
2009-12-30 18:48 . 2001-10-25 12:00 440928 ----a-w- c:\windows\system32\perfh005.dat
2009-11-21 16:46 . 2001-10-25 12:00 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:45 . 2001-10-25 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:45 . 2007-03-03 14:12 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:45 . 2001-10-25 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 06:03 . 2007-03-03 14:12 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 06:03 . 2007-03-03 14:12 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 14:58 . 2007-03-03 14:12 263552 ----a-w- c:\windows\system32\drivers\http.sys
2007-03-03 21:59 . 2007-03-03 21:53 56 --sh--r- c:\windows\system32\29B74F4326.sys
2007-03-03 21:59 . 2007-03-03 21:53 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-25 68856]
"VycistitPocitac"="c:\program files\Vyčistiť Počítač\VycistitPocitac.exe" [2010-01-02 860160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 65024]
"CHotkey"="mHotkey.exe" [2002-07-23 477184]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2006-05-31 499712]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"update_vp"="c:\program files\Vyčistiť Počítač\UUpdate.exe" [2008-10-22 28672]
"VycistitPocitac"="c:\program files\Vyčistiť Počítač\VycistitPocitac.exe" [2010-01-02 860160]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-01-02 949376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\JS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
siszyd32.exe [2004-8-17 31232]
c:\documents and settings\JS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
siszyd32.exe [2004-8-17 31232]
c:\documents and settings\JS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
siszyd32.exe [2004-8-17 31232]
c:\documents and settings\JS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
siszyd32.exe [2004-8-17 31232]
c:\documents and settings\JS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
siszyd32.exe [2004-8-17 31232]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\I:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AnyDVD"=c:\program files\SlySoft\AnyDVD\AnyDVD.exe
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe"
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"MimBoot"=c:\program files\Musicmatch\Musicmatch Jukebox\mimboot.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"StatusClient"=c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
"TomcatStartup"=c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
"Ulead AutoDetector"=c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
"Ulead Calendar Checker"=c:\program files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2. 1. 2010 21:51 15424]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe --> c:\program files\Spyware Doctor\svcntaux.exe [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - rhyemkqy
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZRfox000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
Trusted Zone: musicmatch.com
Trusted Zone: musicmatch.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\JS\Data aplikací\Mozilla\Firefox\Profiles\uhss1646.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 11:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\documents and settings\JS\Nabídka Start\Programy\Po spuštění\siszyd32.exe 31232 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\rhyemkqy]
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(628)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(7304)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Eset\nod32krn.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\SOUNDMAN.EXE
c:\windows\mHotkey.exe
.
**************************************************************************
.
Completion time: 2010-01-14 11:56:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-14 10:56
Pre-Run: Volných bajtů: 18 501 672 960
Post-Run: Volných bajtů: 18 524 274 688
- - End Of File - - 8FCB2CF50AC65F31BD8A8D19A7D886F5
Za skorú odpoveď/riešenie Ďakujem
prikladám log z combofixu...
ComboFix 10-01-13.0B - JS . 01. 2010 11:20:45.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1029.18.511.232 [GMT 1:00]
Running from: c:\documents and settings\JS\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\JS\JS.exe
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\00176F25.urr
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\grpconv.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\grpconv.exe
.
((((((((((((((((((((((((( Files Created from 2009-12-14 to 2010-01-14 )))))))))))))))))))))))))))))))
.
2010-01-14 10:46 . 2004-08-17 14:49 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2010-01-14 10:46 . 2004-08-17 14:49 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-01-14 09:39 . 2001-10-24 10:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-01-14 09:39 . 2001-10-24 10:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-01-13 19:17 . 2009-11-21 16:46 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-13 17:57 . 2010-01-13 18:50 -------- d-----w- c:\windows\system32\NtmsData
2010-01-02 20:51 . 2010-01-02 20:51 298104 ----a-w- c:\windows\system32\imon.dll
2010-01-02 20:51 . 2010-01-02 20:50 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2010-01-02 20:51 . 2010-01-02 20:50 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2010-01-02 20:50 . 2010-01-14 10:20 -------- d-----w- c:\program files\ESET
2010-01-02 18:57 . 2010-01-02 18:57 -------- d-----w- c:\program files\Common Files\Skype
2010-01-01 19:49 . 2010-01-02 18:31 -------- d-----w- c:\program files\Vyčistiť Počítač
2009-12-28 15:22 . 2004-08-03 22:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2009-12-28 15:22 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2009-12-28 15:20 . 2010-01-14 10:51 763904 ----a-w- c:\windows\system32\drivers\rhyemkqy.sys
2009-12-22 20:08 . 2009-12-22 20:08 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-22 18:26 . 2009-12-22 18:25 512096 ----a-w- c:\windows\system32\drivers\amon(2).sys
2009-12-22 18:26 . 2009-12-22 18:25 298104 ----a-w- c:\windows\system32\imon(2).dll
2009-12-22 18:26 . 2009-12-22 18:25 15424 ----a-w- c:\windows\system32\drivers\nod32drv(2).sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-02 18:57 . 2008-10-03 14:41 -------- d-----w- c:\program files\Skype
2010-01-02 18:41 . 2009-03-31 18:13 -------- d-----w- c:\program files\Spyware Doctor
2009-12-30 18:48 . 2001-10-25 12:00 83702 ----a-w- c:\windows\system32\perfc005.dat
2009-12-30 18:48 . 2001-10-25 12:00 440928 ----a-w- c:\windows\system32\perfh005.dat
2009-11-21 16:46 . 2001-10-25 12:00 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:45 . 2001-10-25 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:45 . 2007-03-03 14:12 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:45 . 2001-10-25 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 06:03 . 2007-03-03 14:12 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 06:03 . 2007-03-03 14:12 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 14:58 . 2007-03-03 14:12 263552 ----a-w- c:\windows\system32\drivers\http.sys
2007-03-03 21:59 . 2007-03-03 21:53 56 --sh--r- c:\windows\system32\29B74F4326.sys
2007-03-03 21:59 . 2007-03-03 21:53 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-25 68856]
"VycistitPocitac"="c:\program files\Vyčistiť Počítač\VycistitPocitac.exe" [2010-01-02 860160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 65024]
"CHotkey"="mHotkey.exe" [2002-07-23 477184]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2006-05-31 499712]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016]
"update_vp"="c:\program files\Vyčistiť Počítač\UUpdate.exe" [2008-10-22 28672]
"VycistitPocitac"="c:\program files\Vyčistiť Počítač\VycistitPocitac.exe" [2010-01-02 860160]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-01-02 949376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\JS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
siszyd32.exe [2004-8-17 31232]
c:\documents and settings\JS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
siszyd32.exe [2004-8-17 31232]
c:\documents and settings\JS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
siszyd32.exe [2004-8-17 31232]
c:\documents and settings\JS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
siszyd32.exe [2004-8-17 31232]
c:\documents and settings\JS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
siszyd32.exe [2004-8-17 31232]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\I:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AnyDVD"=c:\program files\SlySoft\AnyDVD\AnyDVD.exe
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe"
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"MimBoot"=c:\program files\Musicmatch\Musicmatch Jukebox\mimboot.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"StatusClient"=c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
"TomcatStartup"=c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
"Ulead AutoDetector"=c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
"Ulead Calendar Checker"=c:\program files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2. 1. 2010 21:51 15424]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe --> c:\program files\Spyware Doctor\svcntaux.exe [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - rhyemkqy
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZRfox000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
Trusted Zone: musicmatch.com
Trusted Zone: musicmatch.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\JS\Data aplikací\Mozilla\Firefox\Profiles\uhss1646.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 11:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\documents and settings\JS\Nabídka Start\Programy\Po spuštění\siszyd32.exe 31232 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\rhyemkqy]
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(628)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(7304)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Eset\nod32krn.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\SOUNDMAN.EXE
c:\windows\mHotkey.exe
.
**************************************************************************
.
Completion time: 2010-01-14 11:56:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-14 10:56
Pre-Run: Volných bajtů: 18 501 672 960
Post-Run: Volných bajtů: 18 524 274 688
- - End Of File - - 8FCB2CF50AC65F31BD8A8D19A7D886F5
Za skorú odpoveď/riešenie Ďakujem