prosim o kontrolu logu, sluzba services.exe mi zabira pres 80% cpu.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:08:28, on 5.9.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Silvercrest NM1005 driver\KMWDSrv.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Stardock\MyColors\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Kacula\Plocha\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Kacula\mvj.exe \s
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Silvercrest NM1005 driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\CursorFX\CursorFX.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: DiaryOne: Save full text - C:\Program Files\DiaryOne\Script\fullcatcher.htm
O8 - Extra context menu item: DiaryOne: Save selected text - C:\Program Files\DiaryOne\Script\catcher.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-be ... canner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Silvercrest NM1005 driver\KMWDSrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
cpu vytizeno na 100%, services.exe
Re: cpu vytizeno na 100%, services.exe
Ahoj. Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.
Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!
Ten vloz sem.
Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Re: cpu vytizeno na 100%, services.exe
ComboFix 09-09-04.02 - Kacula 05.09.2009 16:33.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.615 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kacula\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Mozilla Firefox\components\iamfamous.dll
C:\resycled
c:\windows\Installer\1aa6ad7.msi
c:\windows\Installer\3830f6.msi
c:\windows\Installer\3b6ce.msp
c:\windows\Installer\3b6cf.msp
c:\windows\system32\ieuinit.inf
c:\windows\system32\kr_done1
c:\windows\system32\oem0.inf
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_gaopdxserv.sys
-------\Service_gaopdxserv.sys
((((((((((((((((((((((((( Soubory vytvořené od 2009-08-05 do 2009-09-05 )))))))))))))))))))))))))))))))
.
2009-08-31 20:20 . 2009-08-31 20:21 -------- d-----w- c:\program files\PapíííClock
2009-08-28 13:19 . 2009-08-28 19:10 -------- d-----w- c:\program files\Active Desktop Calendar
2009-08-27 20:29 . 2009-08-27 20:29 -------- d-----w- c:\program files\Yahoo!
2009-08-23 15:59 . 2009-08-23 16:00 -------- d-----w- c:\program files\Defraggler
2009-08-22 15:41 . 2009-08-22 15:42 -------- d-----w- c:\program files\Speeditup Free
2009-08-22 15:41 . 2009-08-22 15:41 -------- d-----w- c:\windows\Speeditup Free
2009-08-18 08:28 . 2009-08-18 08:28 -------- d-----w- c:\program files\IconDeveloper
2009-08-16 07:38 . 2009-08-16 07:38 -------- d-----w- C:\fcfac9e65ebf366e3ee7d5ba72
2009-08-15 21:20 . 2009-08-15 21:20 -------- d-----w- c:\program files\Stardock
2009-08-15 21:20 . 2009-08-15 21:20 -------- d-----w- c:\program files\Common Files\Stardock
2009-08-10 17:09 . 2009-08-10 17:09 -------- d-----w- c:\windows\system32\URTTEMP
2009-08-07 17:47 . 2009-08-07 17:47 -------- d-----w- c:\program files\Magic Photo Editor
2009-08-07 16:08 . 2009-08-07 16:08 -------- d-sh--r- C:\sys
2009-08-07 14:35 . 2001-08-17 19:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-08-07 14:35 . 2001-08-17 19:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2009-08-06 16:10 . 2009-08-06 16:11 -------- d-----w- c:\program files\mp3DirectCut
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-05 14:22 . 2008-04-14 12:00 84030 ----a-w- c:\windows\system32\perfc005.dat
2009-09-05 14:22 . 2008-04-14 12:00 440828 ----a-w- c:\windows\system32\perfh005.dat
2009-09-05 13:08 . 2009-01-23 11:15 -------- d-----w- c:\program files\Spyware Terminator
2009-09-05 07:54 . 2009-03-30 14:15 -------- d-----w- c:\program files\Fillets
2009-09-01 07:31 . 2009-04-28 16:14 -------- d-----w- c:\program files\World of Warcraft
2009-08-23 09:49 . 2009-02-02 12:53 -------- d-----w- c:\program files\BitComet
2009-08-18 09:38 . 2009-05-18 06:33 -------- d-----w- c:\program files\Sjboy Emulator
2009-08-15 21:22 . 2008-11-30 19:33 -------- d-----w- c:\program files\The KMPlayer
2009-08-14 10:17 . 2009-07-14 06:54 -------- d-----w- c:\program files\Warcraft III
2009-08-05 17:21 . 2009-08-05 17:21 -------- d-----w- c:\program files\Ashampoo
2009-08-05 17:16 . 2009-06-21 17:47 -------- d-----w- c:\program files\Common Files\Nero
2009-08-05 09:01 . 2008-04-14 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-27 12:02 . 2009-07-27 12:02 65536 ----a-w- c:\windows\IFinst27.exe
2009-07-24 06:08 . 2009-01-23 10:56 -------- d-----w- c:\program files\ESET
2009-07-17 19:04 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 07:05 . 2009-07-14 06:58 21910 ----a-w- c:\windows\War3Unin.dat
2009-07-14 06:58 . 2009-07-14 06:58 2829 ----a-w- c:\windows\War3Unin.pif
2009-07-14 06:58 . 2009-07-14 06:58 126976 ----a-w- c:\windows\War3Unin.exe
2009-07-13 21:43 . 2008-04-14 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-26 16:51 . 2008-04-14 12:00 667648 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:51 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-16 14:40 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:45 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:15 . 2008-04-14 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2008-11-06 19:18 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2008-04-14 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 13:54 1555480 ----a-w- c:\program files\free-downloads.net\tbfre0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]
"CursorFX"="c:\program files\CursorFX\CursorFX.exe" [2008-02-19 418632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2008-05-14 61440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-22 137752]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]
"KMCONFIG"="c:\program files\Silvercrest NM1005 driver\StartAutorun.exe" [2007-03-06 212992]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-01-23 949376]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-01-23 2267136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2008-12-15 13:06 30000 ----a-w- c:\program files\Stardock\MyColors\fastload.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\EverStep\\Program\\EverStep.exe"=
"c:\\Program Files\\Crawler\\Toolbar\\CToolbar.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21983:TCP"= 21983:TCP:BitComet 21983 TCP
"21983:UDP"= 21983:UDP:BitComet 21983 UDP
"15095:TCP"= 15095:TCP:BitComet 15095 TCP
"15095:UDP"= 15095:UDP:BitComet 15095 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [23.1.2009 13:04 15424]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [23.1.2009 13:15 142592]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Silvercrest NM1005 driver\KMWDSrv.exe [16.6.2007 10:30 208896]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [6.11.2008 22:00 193840]
S3 lredbooo;lredbooo;\??\c:\docume~1\Kacula\LOCALS~1\Temp\lredbooo.sys --> c:\docume~1\Kacula\LOCALS~1\Temp\lredbooo.sys [?]
S3 PAC7302;iLook 300;c:\windows\system32\drivers\PAC7302.SYS [3.5.2009 10:42 458112]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2009-09-04 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 13:13]
.
.
------- Doplňkový sken -------
.
IE: Crawler Search - tbr:iemenu
IE: DiaryOne: Save full text - c:\program files\DiaryOne\Script\fullcatcher.htm
IE: DiaryOne: Save selected text - c:\program files\DiaryOne\Script\catcher.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-be ... canner.cab
FF - ProfilePath - c:\documents and settings\Kacula\Data aplikací\Mozilla\Firefox\Profiles\hw9355q0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\documents and settings\Kacula\Data aplikací\Mozilla\Firefox\Profiles\hw9355q0.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 18
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-05 16:46
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????|?M?|?????M?|??@
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-854245398-1897051121-1417001333-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1308)
c:\program files\Stardock\MyColors\fastload.dll
- - - - - - - > 'lsass.exe'(1428)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(3024)
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ESET\nod32krn.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Silvercrest NM1005 driver\KMCONFIG.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Silvercrest NM1005 driver\KMProcess.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Celkový čas: 2009-09-05 16:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-09-05 14:50
Před spuštěním: Volných bajtů: 25 794 027 520
Po spuštění: Volných bajtů: 25 726 242 816
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=2A0SAQ /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=2A0SAQ-BAK
234 --- E O F --- 2009-09-04 18:00
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.615 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kacula\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Mozilla Firefox\components\iamfamous.dll
C:\resycled
c:\windows\Installer\1aa6ad7.msi
c:\windows\Installer\3830f6.msi
c:\windows\Installer\3b6ce.msp
c:\windows\Installer\3b6cf.msp
c:\windows\system32\ieuinit.inf
c:\windows\system32\kr_done1
c:\windows\system32\oem0.inf
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_gaopdxserv.sys
-------\Service_gaopdxserv.sys
((((((((((((((((((((((((( Soubory vytvořené od 2009-08-05 do 2009-09-05 )))))))))))))))))))))))))))))))
.
2009-08-31 20:20 . 2009-08-31 20:21 -------- d-----w- c:\program files\PapíííClock
2009-08-28 13:19 . 2009-08-28 19:10 -------- d-----w- c:\program files\Active Desktop Calendar
2009-08-27 20:29 . 2009-08-27 20:29 -------- d-----w- c:\program files\Yahoo!
2009-08-23 15:59 . 2009-08-23 16:00 -------- d-----w- c:\program files\Defraggler
2009-08-22 15:41 . 2009-08-22 15:42 -------- d-----w- c:\program files\Speeditup Free
2009-08-22 15:41 . 2009-08-22 15:41 -------- d-----w- c:\windows\Speeditup Free
2009-08-18 08:28 . 2009-08-18 08:28 -------- d-----w- c:\program files\IconDeveloper
2009-08-16 07:38 . 2009-08-16 07:38 -------- d-----w- C:\fcfac9e65ebf366e3ee7d5ba72
2009-08-15 21:20 . 2009-08-15 21:20 -------- d-----w- c:\program files\Stardock
2009-08-15 21:20 . 2009-08-15 21:20 -------- d-----w- c:\program files\Common Files\Stardock
2009-08-10 17:09 . 2009-08-10 17:09 -------- d-----w- c:\windows\system32\URTTEMP
2009-08-07 17:47 . 2009-08-07 17:47 -------- d-----w- c:\program files\Magic Photo Editor
2009-08-07 16:08 . 2009-08-07 16:08 -------- d-sh--r- C:\sys
2009-08-07 14:35 . 2001-08-17 19:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-08-07 14:35 . 2001-08-17 19:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2009-08-06 16:10 . 2009-08-06 16:11 -------- d-----w- c:\program files\mp3DirectCut
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-05 14:22 . 2008-04-14 12:00 84030 ----a-w- c:\windows\system32\perfc005.dat
2009-09-05 14:22 . 2008-04-14 12:00 440828 ----a-w- c:\windows\system32\perfh005.dat
2009-09-05 13:08 . 2009-01-23 11:15 -------- d-----w- c:\program files\Spyware Terminator
2009-09-05 07:54 . 2009-03-30 14:15 -------- d-----w- c:\program files\Fillets
2009-09-01 07:31 . 2009-04-28 16:14 -------- d-----w- c:\program files\World of Warcraft
2009-08-23 09:49 . 2009-02-02 12:53 -------- d-----w- c:\program files\BitComet
2009-08-18 09:38 . 2009-05-18 06:33 -------- d-----w- c:\program files\Sjboy Emulator
2009-08-15 21:22 . 2008-11-30 19:33 -------- d-----w- c:\program files\The KMPlayer
2009-08-14 10:17 . 2009-07-14 06:54 -------- d-----w- c:\program files\Warcraft III
2009-08-05 17:21 . 2009-08-05 17:21 -------- d-----w- c:\program files\Ashampoo
2009-08-05 17:16 . 2009-06-21 17:47 -------- d-----w- c:\program files\Common Files\Nero
2009-08-05 09:01 . 2008-04-14 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-27 12:02 . 2009-07-27 12:02 65536 ----a-w- c:\windows\IFinst27.exe
2009-07-24 06:08 . 2009-01-23 10:56 -------- d-----w- c:\program files\ESET
2009-07-17 19:04 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 07:05 . 2009-07-14 06:58 21910 ----a-w- c:\windows\War3Unin.dat
2009-07-14 06:58 . 2009-07-14 06:58 2829 ----a-w- c:\windows\War3Unin.pif
2009-07-14 06:58 . 2009-07-14 06:58 126976 ----a-w- c:\windows\War3Unin.exe
2009-07-13 21:43 . 2008-04-14 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-26 16:51 . 2008-04-14 12:00 667648 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:51 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-16 14:40 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:45 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:15 . 2008-04-14 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2008-11-06 19:18 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2008-04-14 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 13:54 1555480 ----a-w- c:\program files\free-downloads.net\tbfre0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]
"CursorFX"="c:\program files\CursorFX\CursorFX.exe" [2008-02-19 418632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2008-05-14 61440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-22 137752]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]
"KMCONFIG"="c:\program files\Silvercrest NM1005 driver\StartAutorun.exe" [2007-03-06 212992]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-01-23 949376]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-01-23 2267136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2008-12-15 13:06 30000 ----a-w- c:\program files\Stardock\MyColors\fastload.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\EverStep\\Program\\EverStep.exe"=
"c:\\Program Files\\Crawler\\Toolbar\\CToolbar.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21983:TCP"= 21983:TCP:BitComet 21983 TCP
"21983:UDP"= 21983:UDP:BitComet 21983 UDP
"15095:TCP"= 15095:TCP:BitComet 15095 TCP
"15095:UDP"= 15095:UDP:BitComet 15095 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [23.1.2009 13:04 15424]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [23.1.2009 13:15 142592]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Silvercrest NM1005 driver\KMWDSrv.exe [16.6.2007 10:30 208896]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [6.11.2008 22:00 193840]
S3 lredbooo;lredbooo;\??\c:\docume~1\Kacula\LOCALS~1\Temp\lredbooo.sys --> c:\docume~1\Kacula\LOCALS~1\Temp\lredbooo.sys [?]
S3 PAC7302;iLook 300;c:\windows\system32\drivers\PAC7302.SYS [3.5.2009 10:42 458112]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2009-09-04 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 13:13]
.
.
------- Doplňkový sken -------
.
IE: Crawler Search - tbr:iemenu
IE: DiaryOne: Save full text - c:\program files\DiaryOne\Script\fullcatcher.htm
IE: DiaryOne: Save selected text - c:\program files\DiaryOne\Script\catcher.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-be ... canner.cab
FF - ProfilePath - c:\documents and settings\Kacula\Data aplikací\Mozilla\Firefox\Profiles\hw9355q0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\documents and settings\Kacula\Data aplikací\Mozilla\Firefox\Profiles\hw9355q0.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 18
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-05 16:46
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????|?M?|?????M?|??@
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-854245398-1897051121-1417001333-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1308)
c:\program files\Stardock\MyColors\fastload.dll
- - - - - - - > 'lsass.exe'(1428)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(3024)
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ESET\nod32krn.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Silvercrest NM1005 driver\KMCONFIG.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Silvercrest NM1005 driver\KMProcess.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Celkový čas: 2009-09-05 16:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-09-05 14:50
Před spuštěním: Volných bajtů: 25 794 027 520
Po spuštění: Volných bajtů: 25 726 242 816
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=2A0SAQ /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=2A0SAQ-BAK
234 --- E O F --- 2009-09-04 18:00
Re: cpu vytizeno na 100%, services.exe
uz to funguje!!Ale hrozne moc dekuju za ochotu, byla jsem z toho celkem vyjukana.
Re: cpu vytizeno na 100%, services.exe
Este sme neskoncili :)
1) Stiahni DDS. Uloz na plochu, ukonci vsetky spustene programy a spust ho. Po skonceni scanu sa otvoria vysledky v 2 oknach - DDS.txt a Attach.txt. Obsah oboch by som rad videl.
2) Otestuj subor(y) na VIRUSTOTALe:
Ak vypise, ze subor uz bol testovany, daj ho otestovat znovu. Vysledok posli ako LINK.
1) Stiahni DDS. Uloz na plochu, ukonci vsetky spustene programy a spust ho. Po skonceni scanu sa otvoria vysledky v 2 oknach - DDS.txt a Attach.txt. Obsah oboch by som rad videl.
2) Otestuj subor(y) na VIRUSTOTALe:
Kód: Vybrat vše
c:\windows\IFinst27.exeAk vypise, ze subor uz bol testovany, daj ho otestovat znovu. Vysledok posli ako LINK.
Nemam rad amaterizmus...
A adresat odkazu to vie :)
A adresat odkazu to vie :)
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 9 hostů