svchost.exe vytěžuje CPU na 100 %
Napsal: 15 led 2010 21:14
Dobrý den,
už si nevím rady .. Na "vyčištění" PC byl použit NOD + Spybot Search&Destroy a CC Cleaner .., bohužel svchost.exe prakticky stále na 99 % CPU
Díky za případnou pomoc ...
----------------
ComboFix 10-01-15.01 - Servis 15.01.2010 19:52:37.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1535.1037 [GMT 1:00]
Spuštěný z: c:\documents and settings\Servis\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ICQ6.5\ICQLRun.exe
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-15 do 2010-01-15 )))))))))))))))))))))))))))))))
.
2010-01-15 15:54 . 2010-01-15 15:54 -------- d-----w- c:\program files\ESET
2010-01-15 05:43 . 2010-01-15 05:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-14 19:21 . 2010-01-14 19:21 -------- d-----w- c:\program files\CCleaner
2010-01-14 18:50 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-13 05:56 . 2010-01-13 05:56 -------- d-----w- c:\program files\Common Files\Skype
2010-01-12 09:02 . 2010-01-12 09:02 -------- d-----w- c:\program files\Alwil Software
2010-01-08 06:48 . 2010-01-08 06:48 -------- d-----w- C:\pvdatastore
2009-12-29 15:02 . 2009-12-29 15:37 151277 ----a-w- c:\windows\hpwins05.dat
2009-12-23 11:54 . 2009-12-28 07:03 -------- d-----w- c:\windows\SxsCaPendDel
2009-12-23 11:50 . 2010-01-04 09:26 -------- d-----w- c:\program files\Paint.NET
2009-12-23 11:23 . 2009-12-23 11:25 -------- d-----w- c:\program files\Common Files\HP
2009-12-23 10:57 . 2007-07-05 03:42 1275480 ----a-w- c:\windows\hpzshl01.exe
2009-12-23 10:57 . 2007-07-05 03:42 1132120 ----a-w- c:\windows\hpzmsi01.exe
2009-12-23 10:57 . 2007-09-14 16:11 16050 ----a-w- c:\windows\hpwscr05.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 18:57 . 2009-06-12 04:55 -------- d-----w- c:\program files\ICQ6.5
2010-01-15 05:27 . 2008-01-28 14:01 -------- d-----w- c:\program files\LogMeIn
2010-01-13 05:57 . 2009-02-16 13:26 -------- d-----r- c:\program files\Skype
2010-01-07 07:08 . 2009-04-22 08:10 -------- d-----w- c:\program files\AVG
2010-01-06 06:00 . 2008-01-14 14:02 -------- d-----w- c:\program files\Java
2010-01-04 09:28 . 2009-04-10 10:49 -------- d-----w- c:\program files\CaseCaseIH
2009-12-23 11:27 . 2008-10-31 14:10 -------- d-----w- c:\program files\HP
2009-12-12 11:50 . 2008-01-14 11:03 -------- d-----w- c:\program files\Kalina
2009-12-12 11:44 . 2007-05-31 19:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-12 11:44 . 2009-12-11 14:47 -------- d-----w- c:\program files\Carambis
2009-12-12 10:12 . 2009-12-12 09:32 -------- d-----w- c:\program files\iXi Tools
2009-12-10 07:24 . 2006-03-02 12:00 79040 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 07:24 . 2006-03-02 12:00 431998 ----a-w- c:\windows\system32\perfh005.dat
2009-11-27 13:54 . 2008-10-31 14:43 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-24 12:35 . 2008-12-03 13:17 -------- d-----w- c:\program files\EPSON
2009-11-24 12:03 . 2009-11-24 11:44 111835 ----a-w- c:\windows\hpqins07.dat
2009-11-21 16:03 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 07:52 . 2009-11-20 07:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-11-20 07:52 . 2009-11-20 07:52 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-11-20 07:51 . 2009-11-20 07:51 -------- d-----w- c:\program files\Synaptics
2009-11-20 07:39 . 2009-11-20 07:39 -------- d-----w- c:\program files\Realtek
2009-11-20 07:35 . 2009-11-20 07:35 -------- d-----w- c:\program files\Intel
2009-11-20 07:29 . 2009-11-20 07:28 -------- d-----w- c:\program files\Realtek AC97
2009-11-18 12:09 . 2009-11-18 12:09 -------- d-----w- c:\program files\Driver-Soft
2009-10-29 07:43 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2006-03-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2006-03-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-03-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-06-25 07:54 . 2009-06-01 06:59 548 ----a-w- c:\program files\NetSpares.sct
2009-06-25 07:54 . 2009-06-01 06:59 39 ----a-w- c:\program files\NetSpares.bat
2009-06-25 07:52 . 2009-06-01 06:58 258 ----a-w- c:\program files\pippo.bat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}"= "c:\program files\Spesoft\tbSpes.dll" [2007-10-28 1502232]
[HKEY_CLASSES_ROOT\clsid\{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}]
2007-10-28 14:45 1502232 ----a-w- c:\program files\Spesoft\tbSpes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}"= "c:\program files\Spesoft\tbSpes.dll" [2007-10-28 1502232]
[HKEY_CLASSES_ROOT\clsid\{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{94817C02-FEAC-4AA8-99D8-1CB47BF4D4C0}"= "c:\program files\Spesoft\tbSpes.dll" [2007-10-28 1502232]
[HKEY_CLASSES_ROOT\clsid\{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"WheelMouse"="c:\progra~1\A4Tech\Mouse\Amoumain.exe" [2001-06-13 139264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Internet Keyboard.lnk - c:\program files\SAMSUNG\Samsung Internet Keyboard\MMKbd.exe [2007-9-2 1126400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-02 06:06 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^RAMASST.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\RAMASST.lnk
backup=c:\windows\pss\RAMASST.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Servis^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.2.lnk]
path=c:\documents and settings\Servis\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.2.lnk
backup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-02-06 15:27 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3200]
2002-09-23 18:25 74752 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S10IC2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 20:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 12:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2007-08-03 14:09 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
2005-03-24 12:52 94770 ----a-w- c:\program files\Ringz Studio\Storm Codec\StormSet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Avant Browser\\avant.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CamthWDM.sys [11.1.2007 6:39 243584]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [11.6.2009 14:45 222968]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [3.8.2007 15:09 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [28.1.2008 15:02 47640]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [14.6.2001 19:27 10195]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
2009-11-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-01-15 c:\windows\Tasks\User_Feed_Synchronization-{AF93C7B5-BA1A-4DDF-A1D2-4A0521CBC767}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://netportalpro.agrotec.cz:58200/irj/portal
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - ?p=ZNxdm795YYCZ
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Servis\Data aplikací\Mozilla\Firefox\Profiles\6ypn2xbo.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/skinit/icq/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\progra~1\MOZILL~1\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npdeploytk.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npnul32.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\NPOFFICE.DLL
FF - plugin: c:\progra~1\MOZILL~1\plugins\nppdf32.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Opera\program\plugins\NPDocBox.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll
FF - plugin: f:\instal picaso\Google\Picasa3\npPicasa2.dll
FF - plugin: f:\instal picaso\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{9e35e959-d723-4b5f-9207-2a94f8ab9068} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
MSConfigStartUp-ICQ - c:\program files\ICQ6\ICQ.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-update_vp - c:\program files\Vyčistit Počítač\UUpdate.exe
MSConfigStartUp-VycistitPocitac - c:\program files\Vyčistit Počítač\VycistitPocitac.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-15 19:58
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1957994488-1085031214-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Celkový čas: 2010-01-15 20:01:32
ComboFix-quarantined-files.txt 2010-01-15 19:01
Před spuštěním: 4 109 434 880
Po spuštění: 4 766 912 512
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - BD71C79893AF17F0DFA4E59C365B8328
už si nevím rady .. Na "vyčištění" PC byl použit NOD + Spybot Search&Destroy a CC Cleaner .., bohužel svchost.exe prakticky stále na 99 % CPU
Díky za případnou pomoc ...
----------------
ComboFix 10-01-15.01 - Servis 15.01.2010 19:52:37.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1535.1037 [GMT 1:00]
Spuštěný z: c:\documents and settings\Servis\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ICQ6.5\ICQLRun.exe
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-15 do 2010-01-15 )))))))))))))))))))))))))))))))
.
2010-01-15 15:54 . 2010-01-15 15:54 -------- d-----w- c:\program files\ESET
2010-01-15 05:43 . 2010-01-15 05:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-14 19:21 . 2010-01-14 19:21 -------- d-----w- c:\program files\CCleaner
2010-01-14 18:50 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-13 05:56 . 2010-01-13 05:56 -------- d-----w- c:\program files\Common Files\Skype
2010-01-12 09:02 . 2010-01-12 09:02 -------- d-----w- c:\program files\Alwil Software
2010-01-08 06:48 . 2010-01-08 06:48 -------- d-----w- C:\pvdatastore
2009-12-29 15:02 . 2009-12-29 15:37 151277 ----a-w- c:\windows\hpwins05.dat
2009-12-23 11:54 . 2009-12-28 07:03 -------- d-----w- c:\windows\SxsCaPendDel
2009-12-23 11:50 . 2010-01-04 09:26 -------- d-----w- c:\program files\Paint.NET
2009-12-23 11:23 . 2009-12-23 11:25 -------- d-----w- c:\program files\Common Files\HP
2009-12-23 10:57 . 2007-07-05 03:42 1275480 ----a-w- c:\windows\hpzshl01.exe
2009-12-23 10:57 . 2007-07-05 03:42 1132120 ----a-w- c:\windows\hpzmsi01.exe
2009-12-23 10:57 . 2007-09-14 16:11 16050 ----a-w- c:\windows\hpwscr05.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 18:57 . 2009-06-12 04:55 -------- d-----w- c:\program files\ICQ6.5
2010-01-15 05:27 . 2008-01-28 14:01 -------- d-----w- c:\program files\LogMeIn
2010-01-13 05:57 . 2009-02-16 13:26 -------- d-----r- c:\program files\Skype
2010-01-07 07:08 . 2009-04-22 08:10 -------- d-----w- c:\program files\AVG
2010-01-06 06:00 . 2008-01-14 14:02 -------- d-----w- c:\program files\Java
2010-01-04 09:28 . 2009-04-10 10:49 -------- d-----w- c:\program files\CaseCaseIH
2009-12-23 11:27 . 2008-10-31 14:10 -------- d-----w- c:\program files\HP
2009-12-12 11:50 . 2008-01-14 11:03 -------- d-----w- c:\program files\Kalina
2009-12-12 11:44 . 2007-05-31 19:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-12 11:44 . 2009-12-11 14:47 -------- d-----w- c:\program files\Carambis
2009-12-12 10:12 . 2009-12-12 09:32 -------- d-----w- c:\program files\iXi Tools
2009-12-10 07:24 . 2006-03-02 12:00 79040 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 07:24 . 2006-03-02 12:00 431998 ----a-w- c:\windows\system32\perfh005.dat
2009-11-27 13:54 . 2008-10-31 14:43 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-24 12:35 . 2008-12-03 13:17 -------- d-----w- c:\program files\EPSON
2009-11-24 12:03 . 2009-11-24 11:44 111835 ----a-w- c:\windows\hpqins07.dat
2009-11-21 16:03 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 07:52 . 2009-11-20 07:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-11-20 07:52 . 2009-11-20 07:52 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-11-20 07:51 . 2009-11-20 07:51 -------- d-----w- c:\program files\Synaptics
2009-11-20 07:39 . 2009-11-20 07:39 -------- d-----w- c:\program files\Realtek
2009-11-20 07:35 . 2009-11-20 07:35 -------- d-----w- c:\program files\Intel
2009-11-20 07:29 . 2009-11-20 07:28 -------- d-----w- c:\program files\Realtek AC97
2009-11-18 12:09 . 2009-11-18 12:09 -------- d-----w- c:\program files\Driver-Soft
2009-10-29 07:43 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2006-03-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2006-03-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-03-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-06-25 07:54 . 2009-06-01 06:59 548 ----a-w- c:\program files\NetSpares.sct
2009-06-25 07:54 . 2009-06-01 06:59 39 ----a-w- c:\program files\NetSpares.bat
2009-06-25 07:52 . 2009-06-01 06:58 258 ----a-w- c:\program files\pippo.bat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}"= "c:\program files\Spesoft\tbSpes.dll" [2007-10-28 1502232]
[HKEY_CLASSES_ROOT\clsid\{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}]
2007-10-28 14:45 1502232 ----a-w- c:\program files\Spesoft\tbSpes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}"= "c:\program files\Spesoft\tbSpes.dll" [2007-10-28 1502232]
[HKEY_CLASSES_ROOT\clsid\{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{94817C02-FEAC-4AA8-99D8-1CB47BF4D4C0}"= "c:\program files\Spesoft\tbSpes.dll" [2007-10-28 1502232]
[HKEY_CLASSES_ROOT\clsid\{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"WheelMouse"="c:\progra~1\A4Tech\Mouse\Amoumain.exe" [2001-06-13 139264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Internet Keyboard.lnk - c:\program files\SAMSUNG\Samsung Internet Keyboard\MMKbd.exe [2007-9-2 1126400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-02 06:06 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^RAMASST.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\RAMASST.lnk
backup=c:\windows\pss\RAMASST.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Servis^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.2.lnk]
path=c:\documents and settings\Servis\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.2.lnk
backup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-02-06 15:27 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3200]
2002-09-23 18:25 74752 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S10IC2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 20:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 12:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2007-08-03 14:09 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
2005-03-24 12:52 94770 ----a-w- c:\program files\Ringz Studio\Storm Codec\StormSet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Avant Browser\\avant.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CamthWDM.sys [11.1.2007 6:39 243584]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [11.6.2009 14:45 222968]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [3.8.2007 15:09 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [28.1.2008 15:02 47640]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [14.6.2001 19:27 10195]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
2009-11-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-01-15 c:\windows\Tasks\User_Feed_Synchronization-{AF93C7B5-BA1A-4DDF-A1D2-4A0521CBC767}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://netportalpro.agrotec.cz:58200/irj/portal
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - ?p=ZNxdm795YYCZ
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Servis\Data aplikací\Mozilla\Firefox\Profiles\6ypn2xbo.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/skinit/icq/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\progra~1\MOZILL~1\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npdeploytk.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npnul32.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\NPOFFICE.DLL
FF - plugin: c:\progra~1\MOZILL~1\plugins\nppdf32.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Opera\program\plugins\NPDocBox.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll
FF - plugin: f:\instal picaso\Google\Picasa3\npPicasa2.dll
FF - plugin: f:\instal picaso\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{9e35e959-d723-4b5f-9207-2a94f8ab9068} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
MSConfigStartUp-ICQ - c:\program files\ICQ6\ICQ.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-update_vp - c:\program files\Vyčistit Počítač\UUpdate.exe
MSConfigStartUp-VycistitPocitac - c:\program files\Vyčistit Počítač\VycistitPocitac.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-15 19:58
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1957994488-1085031214-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Celkový čas: 2010-01-15 20:01:32
ComboFix-quarantined-files.txt 2010-01-15 19:01
Před spuštěním: 4 109 434 880
Po spuštění: 4 766 912 512
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - BD71C79893AF17F0DFA4E59C365B8328
