Zdravím vás,
něco o tomhle problému jsem tu už četl, ale jsem víceméně laik tak bych potřeboval pomoc přímo mně na míru. Jde o to, že mi na notebooku zabírá svchost 99-100% vytížení CPU a NTB je prakticky nepoužitelný. Jestli to pomůže tak vkládám log z HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:03, on 7.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\programy\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\programy\LAUNCH~1\LManager.exe
C:\programy\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\programy\iTunes\iTunesHelper.exe
C:\programy\Java\jre6\bin\jusched.exe
C:\programy\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\programy\WIDCOMM\Bluetooth Software\BTTray.exe
C:\programy\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\programy\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\programy\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\programy\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\programy\Java\jre6\bin\jqs.exe
C:\programy\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\programy\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\DOKUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\dokumenty\Administrator\Plocha\hijackthis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\programy\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\programy\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\programy\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\programy\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\programy\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\programy\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LManager] C:\programy\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [NSLauncher] C:\programy\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\programy\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\programy\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\programy\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\programy\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\programy\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\programy\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\programy\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: siszyd32.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\programy\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\programy\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\programy\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\programy\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\programy\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\programy\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\programy\ICQ6.5\ICQ.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6635954640
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\programy\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\programy\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\programy\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\programy\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\programy\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\programy\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate1ca0983e64f85dc) (gupdate1ca0983e64f85dc) - Google Inc. - C:\programy\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\programy\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\programy\Java\jre6\bin\jqs.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 8359 bytes
SVCHOST zabírá 100% CPU
Moderátor: Moderátoři Živě.cz
Stránka 1 z 1
od miso1999 7. 1. 2010 11:12
Zas ta mrška siszyd32.exe. ![:-\](./images/smilies/14.gif ":-\")
Stiahni a presuň Combofix na plochu.
Pred spustením vypni všetky rezidentné štíti!
Spusť pod administrátorským účtom!
Ak sa ťa opýta či má vytvoriť konzolu pre zotavenie daj áno!
Neklikaj do okna!
Čakaj!
Daj sem celý log ktorý nájdeš v C:/Combofix
Combofix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Stiahni a presuň Combofix na plochu.
Pred spustením vypni všetky rezidentné štíti!
Spusť pod administrátorským účtom!
Ak sa ťa opýta či má vytvoriť konzolu pre zotavenie daj áno!
Neklikaj do okna!
Čakaj!
Daj sem celý log ktorý nájdeš v C:/Combofix
Combofix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- miso1999
- Junior
-
od Ruuzha 7. 1. 2010 12:47
Tak tady je ten log
ComboFix 10-01-04.01 - Administrator 07.01.2010 12:07:54.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.502.185 [GMT 1:00]
Spuštěný z: c:\dokumenty\Administrator\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-07 do 2010-01-07 )))))))))))))))))))))))))))))))
.
2010-01-04 08:34 . 2010-01-04 08:34 -------- d-sh--w- c:\dokumenty\Administrator\IECompatCache
2010-01-04 08:12 . 2010-01-04 08:12 -------- d-----w- c:\programy\ESET
2010-01-04 08:00 . 2010-01-04 08:00 -------- d-----w- c:\programy\winbox
2010-01-04 08:00 . 2010-01-04 08:00 -------- d-----w- c:\programy\putty
2010-01-04 07:57 . 2010-01-04 07:57 -------- d-----w- c:\programy\MSECache
2010-01-04 07:54 . 2010-01-04 07:54 -------- d-----w- c:\programy\Common Files\Adobe
2010-01-04 07:52 . 2010-01-04 07:52 -------- d-----w- c:\programy\7-Zip
2010-01-04 07:51 . 2007-10-15 10:16 196608 ----a-w- c:\windows\system32\bzpdf101.dll
2010-01-04 07:51 . 2005-09-08 00:03 86728 ----a-w- c:\windows\system32\msxml6r.dll
2010-01-04 07:51 . 2010-01-04 07:51 -------- d-----w- c:\programy\STORMWARE
2010-01-04 07:51 . 2005-09-08 00:03 1330888 ----a-w- c:\windows\system32\msxml6.dll
2010-01-04 07:51 . 2010-01-04 07:51 -------- d-----w- c:\programy\GPLGS
2009-12-24 10:56 . 2009-12-24 10:56 -------- d-sh--w- c:\dokumenty\Administrator\PrivacIE
2009-12-24 10:52 . 2009-12-24 10:52 -------- d-sh--w- c:\dokumenty\Administrator\IETldCache
2009-12-24 10:38 . 2009-12-24 10:38 -------- d-----w- c:\windows\ie8updates
2009-12-24 10:06 . 2009-12-24 10:34 -------- dc-h--w- c:\windows\ie8
2009-12-24 10:06 . 2009-12-24 10:19 -------- d-----w- c:\windows\system32\cs-CZ
2009-12-24 09:37 . 2009-10-29 07:43 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-24 09:37 . 2009-10-29 07:43 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-24 09:37 . 2009-10-29 07:43 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-24 09:36 . 2009-10-29 07:43 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-24 09:36 . 2009-10-29 07:43 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-24 09:36 . 2009-10-29 07:43 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-24 09:35 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-20 22:36 . 2009-12-20 22:36 -------- d-----w- c:\programy\iPod
2009-12-20 22:34 . 2009-12-20 22:39 -------- d-----w- c:\programy\iTunes
2009-12-20 22:27 . 2009-12-20 22:27 -------- d-----w- c:\programy\Bonjour
2009-12-20 22:16 . 2009-12-20 22:23 -------- d-----w- c:\programy\QuickTime
2009-12-20 21:50 . 2009-12-20 21:50 -------- d-----w- c:\programy\Apple Software Update
2009-12-20 19:53 . 2004-08-03 21:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-12-20 19:53 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-12-20 19:53 . 2001-10-24 11:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-12-20 19:53 . 2004-08-17 14:49 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-12-17 15:41 . 2009-12-17 15:41 132 ----a-w- c:\windows\system32\fjhdyfhsn.bat
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-07 09:18 . 2007-12-18 20:42 -------- d-----w- c:\programy\Common Files\PCSuite
2010-01-07 09:01 . 2002-09-23 11:00 46394 ----a-w- c:\windows\system32\perfc005.dat
2010-01-07 09:01 . 2002-09-23 11:00 310228 ----a-w- c:\windows\system32\perfh005.dat
2010-01-07 08:42 . 2008-10-29 09:55 -------- d-----w- c:\programy\LimeWire
2010-01-07 08:30 . 2007-12-18 20:42 -------- d-----w- c:\programy\Nokia
2010-01-07 08:20 . 2007-04-19 19:15 -------- d-----w- c:\programy\BearShare Applications
2010-01-04 08:10 . 2008-10-29 10:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-04 08:01 . 2010-01-04 08:01 -------- d-----w- c:\programy\kodeky
2010-01-04 07:49 . 2007-04-14 13:00 -------- d-----w- c:\programy\primopdf
2010-01-04 07:47 . 2009-09-07 12:14 -------- d-----w- c:\programy\Mozilla Thunderbird
2010-01-04 07:47 . 2007-04-14 12:58 -------- d-----w- c:\programy\DivX
2009-12-20 22:35 . 2007-12-18 23:05 -------- d-----w- c:\programy\Common Files\Apple
2009-12-11 18:00 . 2010-01-04 08:01 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-29 07:43 . 2006-12-16 16:55 916480 ----a-w- c:\windows\system32\wininet.dll
.
------- Sigcheck -------
[-] 2006-12-16 . A0A035949444D2984A63B08E05EF5EE1 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"AzMixerSel"="c:\programy\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"SynTPEnh"="c:\programy\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-11-11 1236992]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]
"LManager"="c:\programy\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"NSLauncher"="c:\programy\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 2658304]
"QuickTime Task"="c:\programy\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\programy\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe Reader Speed Launcher"="c:\programy\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programy\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\programy\Java\jre6\bin\jusched.exe" [2010-01-04 149280]
"egui"="c:\programy\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\dokumenty\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
siszyd32.exe [2004-8-17 31744]
c:\dokumenty\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\programy\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-17 618557]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\programy\\LimeWire\\LimeWire.exe"=
"c:\\programy\\ICQ6.5\\ICQ.exe"=
"c:\\programy\\ORmanager\\ORmanager.exe"=
"c:\\programy\\Bonjour\\mDNSResponder.exe"=
"c:\\programy\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360]
R2 ekrn;ESET Service;c:\programy\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
S2 gupdate1ca0983e64f85dc;Služba Google Update (gupdate1ca0983e64f85dc);c:\programy\Google\Update\GoogleUpdate.exe [20.7.2009 22:49 133104]
.
Obsah adresáře 'Naplánované úlohy'
2009-12-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programy\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programy\Google\Update\GoogleUpdate.exe [2009-07-20 21:48]
2010-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programy\Google\Update\GoogleUpdate.exe [2009-07-20 21:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\programy\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\programy\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\dokumenty\Administrator\Data aplikací\Mozilla\Firefox\Profiles\0epiv8ua.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\programy\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programy\kodeky\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programy\kodeky\Real\browser\plugins\nprpjplug.dll
---- NASTAVENÍ FIREFOXU ----
c:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-PcSync - c:\programy\Nokia\Nokia PC Suite 6\PcSync2.exe
HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-07 12:27
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-746137067-1770027372-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,61,09,8f,d2,ca,d6,4f,8a,6c,b2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,61,09,8f,d2,ca,d6,4f,8a,6c,b2,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3740)
c:\windows\system32\webcheck.dll
c:\windows\system32\msi.dll
.
Celkový čas: 2010-01-07 12:36:48
ComboFix-quarantined-files.txt 2010-01-07 11:35
Před spuštěním: Volných bajtů: 82 662 805 504
Po spuštění: Volných bajtů: 82 635 730 944
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 3DFC78C79142152233736B5DF369711D
ComboFix 10-01-04.01 - Administrator 07.01.2010 12:07:54.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.502.185 [GMT 1:00]
Spuštěný z: c:\dokumenty\Administrator\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-07 do 2010-01-07 )))))))))))))))))))))))))))))))
.
2010-01-04 08:34 . 2010-01-04 08:34 -------- d-sh--w- c:\dokumenty\Administrator\IECompatCache
2010-01-04 08:12 . 2010-01-04 08:12 -------- d-----w- c:\programy\ESET
2010-01-04 08:00 . 2010-01-04 08:00 -------- d-----w- c:\programy\winbox
2010-01-04 08:00 . 2010-01-04 08:00 -------- d-----w- c:\programy\putty
2010-01-04 07:57 . 2010-01-04 07:57 -------- d-----w- c:\programy\MSECache
2010-01-04 07:54 . 2010-01-04 07:54 -------- d-----w- c:\programy\Common Files\Adobe
2010-01-04 07:52 . 2010-01-04 07:52 -------- d-----w- c:\programy\7-Zip
2010-01-04 07:51 . 2007-10-15 10:16 196608 ----a-w- c:\windows\system32\bzpdf101.dll
2010-01-04 07:51 . 2005-09-08 00:03 86728 ----a-w- c:\windows\system32\msxml6r.dll
2010-01-04 07:51 . 2010-01-04 07:51 -------- d-----w- c:\programy\STORMWARE
2010-01-04 07:51 . 2005-09-08 00:03 1330888 ----a-w- c:\windows\system32\msxml6.dll
2010-01-04 07:51 . 2010-01-04 07:51 -------- d-----w- c:\programy\GPLGS
2009-12-24 10:56 . 2009-12-24 10:56 -------- d-sh--w- c:\dokumenty\Administrator\PrivacIE
2009-12-24 10:52 . 2009-12-24 10:52 -------- d-sh--w- c:\dokumenty\Administrator\IETldCache
2009-12-24 10:38 . 2009-12-24 10:38 -------- d-----w- c:\windows\ie8updates
2009-12-24 10:06 . 2009-12-24 10:34 -------- dc-h--w- c:\windows\ie8
2009-12-24 10:06 . 2009-12-24 10:19 -------- d-----w- c:\windows\system32\cs-CZ
2009-12-24 09:37 . 2009-10-29 07:43 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-24 09:37 . 2009-10-29 07:43 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-24 09:37 . 2009-10-29 07:43 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-24 09:36 . 2009-10-29 07:43 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-24 09:36 . 2009-10-29 07:43 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-24 09:36 . 2009-10-29 07:43 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-24 09:35 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-20 22:36 . 2009-12-20 22:36 -------- d-----w- c:\programy\iPod
2009-12-20 22:34 . 2009-12-20 22:39 -------- d-----w- c:\programy\iTunes
2009-12-20 22:27 . 2009-12-20 22:27 -------- d-----w- c:\programy\Bonjour
2009-12-20 22:16 . 2009-12-20 22:23 -------- d-----w- c:\programy\QuickTime
2009-12-20 21:50 . 2009-12-20 21:50 -------- d-----w- c:\programy\Apple Software Update
2009-12-20 19:53 . 2004-08-03 21:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-12-20 19:53 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-12-20 19:53 . 2001-10-24 11:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-12-20 19:53 . 2004-08-17 14:49 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-12-17 15:41 . 2009-12-17 15:41 132 ----a-w- c:\windows\system32\fjhdyfhsn.bat
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-07 09:18 . 2007-12-18 20:42 -------- d-----w- c:\programy\Common Files\PCSuite
2010-01-07 09:01 . 2002-09-23 11:00 46394 ----a-w- c:\windows\system32\perfc005.dat
2010-01-07 09:01 . 2002-09-23 11:00 310228 ----a-w- c:\windows\system32\perfh005.dat
2010-01-07 08:42 . 2008-10-29 09:55 -------- d-----w- c:\programy\LimeWire
2010-01-07 08:30 . 2007-12-18 20:42 -------- d-----w- c:\programy\Nokia
2010-01-07 08:20 . 2007-04-19 19:15 -------- d-----w- c:\programy\BearShare Applications
2010-01-04 08:10 . 2008-10-29 10:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-04 08:01 . 2010-01-04 08:01 -------- d-----w- c:\programy\kodeky
2010-01-04 07:49 . 2007-04-14 13:00 -------- d-----w- c:\programy\primopdf
2010-01-04 07:47 . 2009-09-07 12:14 -------- d-----w- c:\programy\Mozilla Thunderbird
2010-01-04 07:47 . 2007-04-14 12:58 -------- d-----w- c:\programy\DivX
2009-12-20 22:35 . 2007-12-18 23:05 -------- d-----w- c:\programy\Common Files\Apple
2009-12-11 18:00 . 2010-01-04 08:01 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-29 07:43 . 2006-12-16 16:55 916480 ----a-w- c:\windows\system32\wininet.dll
.
------- Sigcheck -------
[-] 2006-12-16 . A0A035949444D2984A63B08E05EF5EE1 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"AzMixerSel"="c:\programy\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"SynTPEnh"="c:\programy\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-11-11 1236992]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]
"LManager"="c:\programy\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"NSLauncher"="c:\programy\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 2658304]
"QuickTime Task"="c:\programy\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\programy\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe Reader Speed Launcher"="c:\programy\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programy\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\programy\Java\jre6\bin\jusched.exe" [2010-01-04 149280]
"egui"="c:\programy\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\dokumenty\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
siszyd32.exe [2004-8-17 31744]
c:\dokumenty\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\programy\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-17 618557]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\programy\\LimeWire\\LimeWire.exe"=
"c:\\programy\\ICQ6.5\\ICQ.exe"=
"c:\\programy\\ORmanager\\ORmanager.exe"=
"c:\\programy\\Bonjour\\mDNSResponder.exe"=
"c:\\programy\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360]
R2 ekrn;ESET Service;c:\programy\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
S2 gupdate1ca0983e64f85dc;Služba Google Update (gupdate1ca0983e64f85dc);c:\programy\Google\Update\GoogleUpdate.exe [20.7.2009 22:49 133104]
.
Obsah adresáře 'Naplánované úlohy'
2009-12-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programy\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programy\Google\Update\GoogleUpdate.exe [2009-07-20 21:48]
2010-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programy\Google\Update\GoogleUpdate.exe [2009-07-20 21:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\programy\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\programy\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\dokumenty\Administrator\Data aplikací\Mozilla\Firefox\Profiles\0epiv8ua.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\programy\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programy\kodeky\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programy\kodeky\Real\browser\plugins\nprpjplug.dll
---- NASTAVENÍ FIREFOXU ----
c:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-PcSync - c:\programy\Nokia\Nokia PC Suite 6\PcSync2.exe
HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-07 12:27
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-746137067-1770027372-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,61,09,8f,d2,ca,d6,4f,8a,6c,b2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,61,09,8f,d2,ca,d6,4f,8a,6c,b2,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3740)
c:\windows\system32\webcheck.dll
c:\windows\system32\msi.dll
.
Celkový čas: 2010-01-07 12:36:48
ComboFix-quarantined-files.txt 2010-01-07 11:35
Před spuštěním: Volných bajtů: 82 662 805 504
Po spuštění: Volných bajtů: 82 635 730 944
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 3DFC78C79142152233736B5DF369711D
- Ruuzha
- Junior
od miso1999 7. 1. 2010 23:54
Prepáš že tak neskoro.
Stiahni OTM http://oldtimer.geekstogo.com/OTM.exe
Spusť dvojklikom.
Do ľavého okna 'Paste Instructions for Items to be Moved' vkopírujte nasledujúci skript:
:processes
Explorer.EXE
:reg
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://seznam.cz"
"Default_Search_URL"=-
"Search Bar"=-
"Search Page"=-
[HKCU\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"=-
:files
C:\Documents and Settings\Dana\Nabídka Start\Programy\Po spuštění\siszyd32.exe
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
:services
JavaQuickStarterService
:commands
[emptytemp]
[reboot]
Potom stlač moveit !
V zelenom okne vpravo by se mal zobraziť log, ten vkopírujte sem do fóra. Ked sa zobrazí hláška k reštartovaniu kliknite na Yes. Po reštarte log nájdete v C:\_OTM\MovedFiles
Stiahni OTM http://oldtimer.geekstogo.com/OTM.exe
Spusť dvojklikom.
Do ľavého okna 'Paste Instructions for Items to be Moved' vkopírujte nasledujúci skript:
:processes
Explorer.EXE
:reg
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://seznam.cz"
"Default_Search_URL"=-
"Search Bar"=-
"Search Page"=-
[HKCU\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"=-
:files
C:\Documents and Settings\Dana\Nabídka Start\Programy\Po spuštění\siszyd32.exe
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
:services
JavaQuickStarterService
:commands
[emptytemp]
[reboot]
Potom stlač moveit !
V zelenom okne vpravo by se mal zobraziť log, ten vkopírujte sem do fóra. Ked sa zobrazí hláška k reštartovaniu kliknite na Yes. Po reštarte log nájdete v C:\_OTM\MovedFiles
Naposledy upravil miso1999 dne 7. 1. 2010 23:59, celkově upraveno 1
- miso1999
- Junior
-
od miso1999 7. 1. 2010 23:56
Potom stiahni a spusť MBAM http://fileforum.betanews.com/download/ ... 86760019/1
Daj úplnú kontrolu a daj sem celý log ktorý vyskočí! Nič nemaž !
Daj úplnú kontrolu a daj sem celý log ktorý vyskočí! Nič nemaž !
- miso1999
- Junior
-
od Ruuzha 11. 1. 2010 09:30
Ahoj, takže udělal jsem to co jsi psal a tady jsou logy.
jen pro upřesnění svchost, už nezlobí, teď zabírá nejvíc cmd.exe
OTM:
All processes killed
========== PROCESSES ==========
No active process named Explorer.EXE was found!
========== REGISTRY ==========
HKCU\Software\Microsoft\Internet Explorer\Main\\"Default_Page_URL"|"http://seznam.cz" /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search not found.
========== FILES ==========
File/Folder C:\Documents and Settings\Dana\Nabídka Start\Programy\Po spuštění\siszyd32.exe not found.
File/Folder C:\WINDOWS\tasks\Google Software Updater.job not found.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== SERVICES/DRIVERS ==========
Service JavaQuickStarterService stopped successfully!
Service JavaQuickStarterService deleted successfully!
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 1100201 bytes
->Temporary Internet Files folder emptied: 1277978 bytes
->Java cache emptied: 28702181 bytes
->FireFox cache emptied: 49359393 bytes
->Apple Safari cache emptied: 1112306 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114584 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 20320650 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 99,00 mb
OTM by OldTimer - Version 3.1.5.0 log created on 01112010_074425
Files moved on Reboot...
Registry entries deleted on Reboot...
MBAM:
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3510
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
11.1.2010 9:16:52
malware.txt
Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 158391
Uplynulý čas: 27 minute(s), 31 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 1
Infikované datové položky registru: 1
Infikované adresáře: 0
Infikované soubory: 6
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysgif32 (Trojan.Agent) -> No action taken.
Infikované datové položky registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> No action taken.
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
C:\System Volume Information\_restore{8AEFF6E3-41E7-4506-BEE0-0BD3F30337FC}\RP1\A0000045.sys (Malware.Trace) -> No action taken.
C:\dokumenty\Administrator\Nabídka Start\Programy\Po spuštění\siszyd32.exe (Trojan.Agent) -> No action taken.
C:\dokumenty\Administrator\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.
C:\dokumenty\Administrator\Data aplikací\fvgqad.dat (Malware.Trace) -> No action taken.
C:\dokumenty\NetworkService\Data aplikací\fvgqad.dat (Malware.Trace) -> No action taken.
C:\programy\ICQToolbar\toolbaru.dll (Trojan.BHO) -> No action taken.
jen pro upřesnění svchost, už nezlobí, teď zabírá nejvíc cmd.exe
OTM:
All processes killed
========== PROCESSES ==========
No active process named Explorer.EXE was found!
========== REGISTRY ==========
HKCU\Software\Microsoft\Internet Explorer\Main\\"Default_Page_URL"|"http://seznam.cz" /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search not found.
========== FILES ==========
File/Folder C:\Documents and Settings\Dana\Nabídka Start\Programy\Po spuštění\siszyd32.exe not found.
File/Folder C:\WINDOWS\tasks\Google Software Updater.job not found.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== SERVICES/DRIVERS ==========
Service JavaQuickStarterService stopped successfully!
Service JavaQuickStarterService deleted successfully!
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 1100201 bytes
->Temporary Internet Files folder emptied: 1277978 bytes
->Java cache emptied: 28702181 bytes
->FireFox cache emptied: 49359393 bytes
->Apple Safari cache emptied: 1112306 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114584 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 20320650 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 99,00 mb
OTM by OldTimer - Version 3.1.5.0 log created on 01112010_074425
Files moved on Reboot...
Registry entries deleted on Reboot...
MBAM:
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3510
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
11.1.2010 9:16:52
malware.txt
Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 158391
Uplynulý čas: 27 minute(s), 31 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 1
Infikované datové položky registru: 1
Infikované adresáře: 0
Infikované soubory: 6
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysgif32 (Trojan.Agent) -> No action taken.
Infikované datové položky registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> No action taken.
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
C:\System Volume Information\_restore{8AEFF6E3-41E7-4506-BEE0-0BD3F30337FC}\RP1\A0000045.sys (Malware.Trace) -> No action taken.
C:\dokumenty\Administrator\Nabídka Start\Programy\Po spuštění\siszyd32.exe (Trojan.Agent) -> No action taken.
C:\dokumenty\Administrator\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.
C:\dokumenty\Administrator\Data aplikací\fvgqad.dat (Malware.Trace) -> No action taken.
C:\dokumenty\NetworkService\Data aplikací\fvgqad.dat (Malware.Trace) -> No action taken.
C:\programy\ICQToolbar\toolbaru.dll (Trojan.BHO) -> No action taken.
- Ruuzha
- Junior
Příspěvků: 15 • Stránka 1 z 1
Kdo je online
Uživatelé procházející toto fórum: Žádní registrovaní uživatelé a 0 návštevníků