VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

schvost.exe cpu100%

https://forum.viry.cz:443/viewtopic.php?t=97223

Stránka 1 z 1

schvost.exe cpu100%

Napsal: 04 úno 2010 18:22
od ibika
Počítač stále beží na 100%. Proccess explorer ukazuje na schvost.exe

Re: schvost.exe cpu100%

Napsal: 04 úno 2010 18:32
od ibika
DDS (Ver_09-12-01.01) - NTFSx86
Run by PC01 at 18:30:41,64 on çt 04.02.2010
Internet Explorer: 8.0.6001.18702
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.495.141 [GMT 1:00]

AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\PC01\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant =
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uURLSearchHooks: H - No File
mWinlogon: UIHost=c:\program files\tgtsoft\stylexp\logon\CurrentLogon.EXE
BHO: XTTBPos00 Class: {055fd26d-3a88-4e15-963d-dc8493744b1d} - c:\progra~1\icqtoo~1\toolbaru.dll
BHO: Podpora odkazu pro Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No File
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [STYLEXP] c:\program files\tgtsoft\stylexp\StyleXP.exe -Hide
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [IMONTRAY] c:\program files\intel\intel(r) active monitor\imontray.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\pc01\start menu\programs\startup\wwwpos32.exe
IE: &ICQ Toolbar Search - c:\program files\icqtoolbar\toolbaru.dll/SEARCH.HTML
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: imon.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {D25A9538-F962-4501-9E68-D7C3DDECB148} - hxxp://192.168.16.210:15555/template/xWebView2.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll

============= SERVICES / DRIVERS ===============

R1 NHostNT1;NetOp Driver 1 ver. 9.00 (2007058);c:\windows\system32\drivers\NHOSTNT1.SYS [2008-3-11 92432]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-2-15 15424]
R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [2005-8-29 120320]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-5-26 47640]
R3 NHOSTNT3;NetOp Driver 3 ver. 9.00 (2007058) (NHOSTNT3);c:\windows\system32\drivers\NHOSTNT3.SYS [2008-3-11 3216]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2002-8-29 69120]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys --> c:\windows\system32\drivers\vaxscsi.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-01-30 16:15:36 12 ----a-w- c:\docume~1\pc01\applic~1\anvkgp.dat
2010-01-30 16:15:11 4 ----a-w- c:\docume~1\pc01\applic~1\avdrn.dat
2010-01-19 17:27:39 108 ----a-w- c:\windows\wcx_ftp.ini
2010-01-19 17:22:03 0 d-----w- c:\docume~1\pc01\applic~1\TeamViewer
2010-01-19 17:21:49 0 d-----w- c:\program files\TeamViewer
2010-01-13 05:26:59 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

==================== Find3M ====================

2010-02-04 16:52:02 96384 ----a-w- c:\windows\system32\drivers\sptddrv1.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2008-01-24 18:11:30 32768 --sha-w- c:\windows\temp\cookies\index.dat
2008-01-24 18:11:30 49152 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 18:32:10,21 ===============

Re: schvost.exe cpu100%

Napsal: 04 úno 2010 18:45
od ibika
pc ide v pohode, schvost nemá žiadne percentá, tu je ten log

========== PROCESSES ==========
No active process named wwwpos32.exe was found!
========== FILES ==========
File move failed. c:\documents and settings\pc01\start menu\programs\startup\wwwpos32.exe scheduled to be moved on reboot.
========== COMMANDS ==========

OTM by OldTimer - Version 3.1.7.1 log created on 02042010_184041

Files moved on Reboot...
c:\documents and settings\pc01\start menu\programs\startup\wwwpos32.exe moved successfully.

Registry entries deleted on Reboot...

Re: schvost.exe cpu100%

Napsal: 04 úno 2010 18:48
od ibika
log z dds


DDS (Ver_09-12-01.01) - NTFSx86
Run by PC01 at 18:46:25,40 on çt 04.02.2010
Internet Explorer: 8.0.6001.18702
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.495.144 [GMT 1:00]

AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\PC01\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant =
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uURLSearchHooks: H - No File
mWinlogon: UIHost=c:\program files\tgtsoft\stylexp\logon\CurrentLogon.EXE
BHO: XTTBPos00 Class: {055fd26d-3a88-4e15-963d-dc8493744b1d} - c:\progra~1\icqtoo~1\toolbaru.dll
BHO: Podpora odkazu pro Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No File
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [STYLEXP] c:\program files\tgtsoft\stylexp\StyleXP.exe -Hide
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [IMONTRAY] c:\program files\intel\intel(r) active monitor\imontray.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &ICQ Toolbar Search - c:\program files\icqtoolbar\toolbaru.dll/SEARCH.HTML
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: imon.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {D25A9538-F962-4501-9E68-D7C3DDECB148} - hxxp://192.168.16.210:15555/template/xWebView2.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll

============= SERVICES / DRIVERS ===============

R1 NHostNT1;NetOp Driver 1 ver. 9.00 (2007058);c:\windows\system32\drivers\NHOSTNT1.SYS [2008-3-11 92432]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-2-15 15424]
R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [2005-8-29 120320]
R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2009-10-16 222968]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-5-26 47640]
R2 NetOp Host for NT Service;NetOp Helper ver. 9.00 (2007058);c:\program files\danware data\netop remote control\host\NHOSTSVC.EXE [2008-3-11 1372432]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2005-1-28 552064]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-1-12 185640]
R3 NHOSTNT3;NetOp Driver 3 ver. 9.00 (2007058) (NHOSTNT3);c:\windows\system32\drivers\NHOSTNT3.SYS [2008-3-11 3216]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2002-8-29 69120]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys --> c:\windows\system32\drivers\vaxscsi.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-02-04 17:40:41 0 d-----w- C:\_OTM
2010-01-30 16:15:36 12 ----a-w- c:\docume~1\pc01\applic~1\anvkgp.dat
2010-01-30 16:15:11 4 ----a-w- c:\docume~1\pc01\applic~1\avdrn.dat
2010-01-19 17:27:39 108 ----a-w- c:\windows\wcx_ftp.ini
2010-01-19 17:22:03 0 d-----w- c:\docume~1\pc01\applic~1\TeamViewer
2010-01-19 17:21:49 0 d-----w- c:\program files\TeamViewer
2010-01-13 05:26:59 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

==================== Find3M ====================

2010-02-04 16:52:02 96384 ----a-w- c:\windows\system32\drivers\sptddrv1.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2008-01-24 18:11:30 32768 --sha-w- c:\windows\temp\cookies\index.dat
2008-01-24 18:11:30 49152 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 18:47:05,39 ===============

Re: schvost.exe cpu100%

Napsal: 04 úno 2010 19:16
od ibika
ComboFix 10-02-03.08 - PC01 04.02.2010 19:03:55.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.495.205 [GMT 1:00]
Running from: c:\documents and settings\PC01\Desktop\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\PC01\Application Data\avdrn.dat
c:\program files\ICQ6.5\ICQLRun.exe
c:\program files\NetProject
c:\program files\NetProject\ot.icoww
c:\program files\NetProject\ts.ico
c:\windows\regedit.com
c:\windows\system32\kernel1.exe
c:\windows\system32\MSPRPSK.DLL
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2010-01-04 to 2010-02-04 )))))))))))))))))))))))))))))))
.

2010-02-04 17:56 . 2010-02-04 22:52 -------- d-----w- C:\32788R22FWJFW
2010-02-04 17:40 . 2010-02-04 17:40 -------- d-----w- C:\_OTM
2010-02-01 22:34 . 2010-02-01 22:34 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-02-01 22:20 . 2010-02-01 22:20 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-01 22:05 . 2010-02-01 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-19 17:22 . 2010-01-24 19:47 -------- d-----w- c:\documents and settings\PC01\Application Data\TeamViewer
2010-01-19 17:21 . 2010-01-19 17:21 -------- d-----w- c:\program files\TeamViewer
2010-01-13 05:26 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 18:08 . 2009-10-16 14:25 -------- d-----w- c:\program files\ICQ6.5
2010-02-04 16:52 . 2002-08-28 23:27 96384 ----a-w- c:\windows\system32\drivers\sptddrv1.sys
2010-01-30 16:15 . 2010-01-30 16:15 12 ----a-w- c:\documents and settings\PC01\Application Data\anvkgp.dat
2010-01-28 12:06 . 2007-08-17 13:53 -------- d-----w- c:\documents and settings\PC01\Application Data\Skype
2010-01-28 12:06 . 2008-03-30 12:57 -------- d-----w- c:\documents and settings\PC01\Application Data\skypePM
2009-12-21 19:14 . 2002-08-29 01:41 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 15:51 . 2002-08-29 01:40 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"IMONTRAY"="c:\program files\Intel\Intel(R) Active Monitor\imontray.exe" [2003-01-10 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-02-15 949376]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\program files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-02 09:49 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\3Com\\ControlCenter\\Instupdt.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Danware Data\\NetOp Remote Control\\HOST\\Nhstw32.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\WINCMD\\WINCMD32.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 NHostNT1;NetOp Driver 1 ver. 9.00 (2007058);c:\windows\system32\drivers\NHOSTNT1.SYS [11.3.2008 9:13 92432]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [15.2.2007 7:37 15424]
R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [29.8.2005 13:48 120320]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [16.10.2009 15:29 222968]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [26.5.2009 10:42 47640]
R2 NetOp Host for NT Service;NetOp Helper ver. 9.00 (2007058);c:\program files\Danware Data\NetOp Remote Control\HOST\NHOSTSVC.EXE [11.3.2008 9:13 1372432]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [12.1.2010 15:57 185640]
R3 NHOSTNT3;NetOp Driver 3 ver. 9.00 (2007058) (NHOSTNT3);c:\windows\system32\drivers\NHOSTNT3.SYS [11.3.2008 9:13 3216]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.11.2006 17:17 611064]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 vaxscsi;vaxscsi;c:\windows\system32\Drivers\vaxscsi.sys --> c:\windows\system32\Drivers\vaxscsi.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
TermService
wuauserv
BITS
ShellHWDetection
helpsvc
Ip6FwHlp
xmlprov
wscsvc
WmdmPmSN
napagent
hkmsvc
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
LSP: imon.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {D25A9538-F962-4501-9E68-D7C3DDECB148} - hxxp://192.168.16.210:15555/template/xWebView2.cab
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-04 19:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-789336058-308236825-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(500)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'lsass.exe'(556)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Completion time: 2010-02-04 19:14:11
ComboFix-quarantined-files.txt 2010-02-04 18:14

Pre-Run: 33 097 879 552 bytes free
Post-Run: 18 adresárov, 33 299 791 872 voľných bajtov

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 8B5AD4242CC25D5F544F70203A16D529

Re: schvost.exe cpu100%

Napsal: 04 úno 2010 19:32
od ibika
Neviem čo je to za program. Moja priateľka ma poprosila či by som jej nepomohol s týmto problémom. Pc slúži aj ako manažér pokladní. Taktiež je tu napojený kamerový systém a spústa iných vecí. Nechcem jej do toho zasahovať a s týmto výrusom som si nevedel pomôcť tak som to nehal radšej na odborníkov. Kedy by som sa mohol zajtra ozvať?

Re: schvost.exe cpu100%

Napsal: 04 úno 2010 19:43
od ibika
ok

Re: schvost.exe cpu100%

Napsal: 05 úno 2010 16:08
od ibika
za 10 min budem ready

Re: schvost.exe cpu100%

Napsal: 05 úno 2010 16:17
od ibika
Zde a pripraven :shock:

Re: schvost.exe cpu100%

Napsal: 05 úno 2010 16:35
od ibika
:o

Re: schvost.exe cpu100%

Napsal: 05 úno 2010 16:53
od ibika
Potrebuje opravit netsvc, vie mi s tým niekto pomôcť. Nemôžem zastihúť naughty-ho a povedal že mám ešte s týmto problém. Diq
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz