Windows Vista i svchost.exe (użycie cpu ~40%), dcomlaunch :/


(Matteo Net) #1

Normalnie już nie mam pomysłu :?

Od pewnego czasu w menedżerze zadań (Windows Vista HP SP2) mam plik svchost.exe, który zżera ok. 30-50% CPU.

Odwołuje się on do DCOMLAUNCH...

errmenedzer.png

NOD niczego nie wykrywa, Outpost nie alarmuje, Trojan Remover niczego nie znalazł, Spybot mówi, że czysto.

W logu ComboFix nic nie znalazłem:

http://www.wklej.org/hash/85755473894/

ComboFix 10-05-03.01 - PC 2010-05-03 19:57:35.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.48.1045.18.2046.1348 [GMT 2:00]

Uruchomiony z: c:\users\PC\Desktop\ComboFix.exe

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 * Rezydentny antywirus jest aktywny


.


((((((((((((((((((((((((( Pliki utworzone od 2010-04-03 do 2010-05-03 )))))))))))))))))))))))))))))))

.


2010-05-03 18:05 . 2010-05-03 18:05	--------	d-----w-	c:\users\PC\AppData\Local\temp

2010-05-03 18:05 . 2010-05-03 18:05	--------	d-----w-	c:\users\Default\AppData\Local\temp

2010-05-03 16:53 . 2005-01-06 11:42	18612	----a-w-	c:\windows\system32\drivers\tosrfnds.sys

2010-05-03 16:39 . 2010-05-03 16:39	--------	d-----w-	c:\program files\Common Files\Sony Shared

2010-05-03 16:39 . 2006-10-18 09:56	10216	----a-w-	c:\windows\system32\drivers\DMICall.sys

2010-05-02 23:18 . 2010-05-02 23:18	--------	d-----w-	c:\program files\ESET

2010-05-02 22:57 . 2010-05-02 22:57	--------	d-----w-	c:\program files\xp-AntiSpy

2010-05-02 20:50 . 2010-05-02 20:50	--------	d-----w-	c:\program files\Sigmatel

2010-05-02 20:50 . 2007-09-13 13:45	102400	----a-w-	c:\windows\system32\stacsv.exe

2010-05-02 20:50 . 2007-09-13 13:44	1753088	----a-w-	c:\windows\system32\stlang.dll

2010-05-02 20:49 . 2007-09-13 13:45	146944	----a-w-	c:\windows\system32\staco.dll

2010-05-02 20:49 . 2007-09-13 13:46	330240	----a-w-	c:\windows\system32\drivers\stwrt.sys

2010-05-02 20:49 . 2007-09-13 13:45	328704	----a-w-	c:\windows\system32\stcplx.dll

2010-05-02 20:49 . 2007-09-13 13:45	595456	----a-w-	c:\windows\system32\stapo.dll

2010-05-02 20:49 . 2007-09-13 13:44	299520	----a-w-	c:\windows\system32\stapi32.dll

2010-05-02 20:48 . 2010-05-02 20:50	--------	d-----w-	c:\program files\IDT

2010-05-02 20:48 . 2007-09-13 13:44	56832	----a-w-	c:\windows\system32\asiovist.dll

2010-05-02 18:39 . 2010-05-02 19:17	--------	d-----w-	c:\programdata\Spybot - Search Destroy

2010-05-02 18:39 . 2010-05-02 18:42	--------	d-----w-	c:\program files\Spybot - Search Destroy

2010-04-21 20:22 . 2010-04-21 20:22	--------	d-----w-	c:\program files\Gabest

2010-04-18 11:58 . 2010-02-12 10:32	293376	----a-w-	c:\windows\system32\browserchoice.exe

2010-04-18 11:52 . 2010-04-18 11:56	--------	d-----w-	c:\users\PC\AppData\Roaming\Auslogics

2010-04-13 21:00 . 2010-04-13 21:00	--------	d-----w-	c:\program files\MSXML 4.0

2010-04-13 21:00 . 2010-02-18 14:07	904576	----a-w-	c:\windows\system32\drivers\tcpip.sys

2010-04-13 21:00 . 2010-02-18 11:28	25088	----a-w-	c:\windows\system32\drivers\tunnel.sys

2010-04-13 21:00 . 2010-02-18 13:30	200704	----a-w-	c:\windows\system32\iphlpsvc.dll

2010-04-13 20:59 . 2010-02-18 14:07	3548040	----a-w-	c:\windows\system32\ntoskrnl.exe

2010-04-13 20:59 . 2010-02-18 14:07	3600776	----a-w-	c:\windows\system32\ntkrnlpa.exe

2010-04-13 20:59 . 2010-02-23 11:10	79360	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys

2010-04-13 20:59 . 2010-02-23 11:10	212992	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys

2010-04-13 20:59 . 2010-02-23 11:10	106496	----a-w-	c:\windows\system32\drivers\mrxsmb.sys

2010-04-13 20:59 . 2010-03-05 14:01	420352	----a-w-	c:\windows\system32\vbscript.dll

2010-04-13 20:58 . 2009-12-23 11:33	172032	----a-w-	c:\windows\system32\wintrust.dll

2010-04-13 20:57 . 2010-01-13 17:34	98304	----a-w-	c:\windows\system32\cabview.dll

2010-04-13 20:18 . 2010-05-02 18:06	--------	d-----w-	c:\program files\SpeedFan

2010-04-13 17:40 . 2010-04-13 17:40	--------	d-----w-	c:\programdata\Nokia

2010-04-13 17:08 . 2010-04-13 17:08	--------	d-----w-	c:\users\PC\AppData\Roaming\Nokia Ovi Suite

2010-04-13 17:06 . 2010-04-13 17:08	--------	d-----w-	c:\users\PC\AppData\Roaming\Nokia

2010-04-13 17:04 . 2010-04-13 17:07	--------	d-----w-	c:\users\PC\AppData\Local\Nokia

2010-04-13 17:04 . 2010-04-13 17:06	--------	d-----w-	c:\programdata\PC Suite

2010-04-13 17:04 . 2010-04-13 17:07	--------	d-----w-	c:\users\PC\AppData\Roaming\PC Suite

2010-04-13 17:04 . 2010-05-01 12:20	--------	d-----w-	c:\users\PC\AppData\Local\NokiaAccount

2010-04-13 17:02 . 2010-05-01 12:53	--------	d-----w-	c:\program files\Common Files\Nokia

2010-04-13 17:01 . 2010-04-13 17:01	--------	d-----w-	c:\program files\DIFX

2010-04-13 17:01 . 2008-08-26 07:26	18816	----a-w-	c:\windows\system32\drivers\pccsmcfd.sys

2010-04-13 17:00 . 2010-04-13 17:00	--------	d-----w-	c:\program files\PC Connectivity Solution

2010-04-13 16:58 . 2009-12-30 09:30	91136	----a-w-	c:\windows\system32\nmwcdcls.dll

2010-04-13 16:57 . 2010-05-01 11:49	12212040	----a-w-	c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe

2010-04-13 16:57 . 2010-05-01 11:49	13930312	----a-w-	c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe

2010-04-13 16:57 . 2010-05-01 11:49	61440	----a-w-	c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx86.exe

2010-04-13 16:57 . 2010-05-01 11:49	58880	----a-w-	c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx64.exe

2010-04-13 16:57 . 2010-05-01 11:49	77824	----a-w-	c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe

2010-04-13 16:57 . 2010-05-01 11:49	50000	----a-w-	c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe

2010-04-13 16:57 . 2010-04-13 16:56	98366952	----a-w-	c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_webinstaller_ALL_v2.1.exe

2010-04-13 16:57 . 2010-04-13 17:01	--------	d-----w-	c:\program files\Nokia

2010-04-13 16:57 . 2010-04-13 16:57	--------	d-----w-	c:\programdata\OviInstallerCache

2010-04-10 13:16 . 2010-04-10 13:27	--------	d-----w-	c:\users\PC\AppData\Roaming\gtk-2.0

2010-04-10 13:13 . 2010-04-10 13:13	--------	d-----w-	c:\users\PC\.thumbnails

2010-04-10 13:06 . 2010-04-10 15:22	--------	d-----w-	c:\users\PC\.gimp-2.6

2010-04-10 13:03 . 2010-04-10 13:04	--------	d-----w-	c:\program files\GIMP-2.0

2010-04-10 10:02 . 2010-02-19 19:07	85504	----a-w-	c:\windows\system32\ff_vfw.dll

2010-04-10 10:02 . 2010-04-10 10:02	--------	d-----w-	c:\program files\FFDshow

2010-04-10 09:47 . 2010-05-01 11:39	--------	d-----w-	c:\users\PC\AppData\Roaming\Moyea

2010-04-08 18:56 . 2010-04-13 20:54	--------	d-----w-	c:\program files\MPC HomeCinema

2010-04-07 19:08 . 2010-04-07 19:08	96896	----a-w-	c:\windows\system32\drivers\epfwwfpr.sys

2010-04-07 19:07 . 2010-04-07 19:07	114984	----a-w-	c:\windows\system32\drivers\ehdrv.sys

2010-04-07 19:03 . 2010-04-07 19:03	133512	----a-w-	c:\windows\system32\drivers\eamonm.sys

2010-04-07 18:28 . 2010-04-07 18:28	--------	d-----w-	c:\windows\Sun

2010-04-05 21:25 . 2010-04-05 21:25	--------	d-----w-	c:\program files\VirtualDub

2010-04-05 21:07 . 2010-04-05 21:07	--------	d-----w-	c:\users\PC\AppData\Roaming\Publish Providers

2010-04-05 21:06 . 2010-04-05 22:02	--------	d-----w-	c:\users\PC\AppData\Roaming\Sony

2010-04-05 21:05 . 2010-04-05 21:07	--------	d-----w-	c:\users\PC\AppData\Local\Sony

2010-04-05 21:03 . 2010-04-05 21:03	--------	d-----w-	c:\programdata\Sony

2010-04-05 21:02 . 2010-04-18 11:48	--------	d-----w-	c:\program files\Sony

2010-04-05 21:00 . 2010-04-05 21:00	--------	d-----w-	c:\program files\Sony Setup

2010-04-05 17:27 . 2010-04-05 21:07	80	----a-w-	c:\windows\msocreg32.dat

2010-04-05 17:22 . 2010-05-03 16:39	--------	d--h--w-	c:\program files\InstallShield Installation Information

2010-04-05 17:22 . 2010-04-05 17:22	--------	d-----w-	c:\users\PC\AppData\Roaming\InstallShield

2010-04-05 15:40 . 2010-04-05 15:40	--------	d-----w-	c:\program files\HJSplit

2010-04-05 09:07 . 2010-04-05 09:07	--------	d-----w-	c:\program files\Common Files\Java

2010-04-05 09:07 . 2010-04-05 09:07	411368	----a-w-	c:\windows\system32\deploytk.dll

2010-04-05 09:06 . 2010-04-05 09:06	--------	d-----w-	c:\program files\Java

2010-04-04 21:29 . 2006-11-06 09:22	499712	----a-w-	c:\windows\system32\msvcp71.dll

2010-04-04 21:29 . 2006-11-06 09:22	348160	----a-w-	c:\windows\system32\msvcr71.dll

2010-04-04 21:29 . 2005-12-15 17:30	1060864	----a-w-	c:\windows\system32\MFC71.dll

2010-04-04 21:28 . 2003-06-20 11:28	1777664	----a-w-	c:\windows\system32\gdiplus.dll

2010-04-04 18:49 . 2010-04-04 21:13	--------	d-----w-	c:\users\PC\AppData\Local\Adobe

2010-04-04 18:28 . 2010-04-04 18:29	--------	d-----w-	c:\users\PC\AppData\Roaming\XnView

2010-04-04 08:59 . 2010-05-01 17:32	--------	d-----w-	c:\users\PC\AppData\Roaming\BESTplayer

2010-04-04 07:45 . 2010-04-04 07:45	--------	d-----w-	c:\users\PC\AppData\Roaming\Apple Computer

2010-04-04 07:41 . 2010-04-04 07:41	--------	d-----w-	c:\users\PC\AppData\Local\Apple Computer

2010-04-04 07:37 . 2010-04-04 07:40	--------	d-----w-	c:\programdata\Apple Computer

2010-04-04 07:37 . 2010-04-04 07:38	--------	d-----w-	c:\program files\QuickTime

2010-04-04 07:36 . 2010-04-04 07:36	--------	d-----w-	c:\program files\Common Files\Apple

2010-04-04 07:36 . 2010-04-04 07:36	--------	d-----w-	c:\users\PC\AppData\Local\Apple

2010-04-04 07:36 . 2010-04-04 07:36	--------	d-----w-	c:\programdata\Apple

2010-04-04 07:36 . 2010-04-04 07:36	--------	d-----w-	c:\program files\Apple Software Update

2010-04-03 22:29 . 2010-04-03 22:29	--------	d-----w-	c:\programdata\Uniblue

2010-04-03 21:44 . 2007-08-10 14:12	53248	----a-w-	c:\windows\system32\CSVer.dll


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-03 18:03 . 2009-04-13 08:01	662056	----a-w-	c:\windows\system32\perfh015.dat

2010-05-03 18:03 . 2009-04-13 08:01	126908	----a-w-	c:\windows\system32\perfc015.dat

2010-05-02 18:18 . 2010-04-03 11:47	--------	d-----w-	c:\program files\Uniblue

2010-05-01 11:59 . 2010-05-01 11:59	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2010-05-01 09:06 . 2010-04-03 11:30	--------	d-----w-	c:\program files\Opera

2010-04-30 22:50 . 2010-04-30 22:50	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2010-04-25 20:24 . 2010-04-03 13:32	--------	d-----w-	c:\programdata\Easy CD-DA Extractor

2010-04-25 20:24 . 2010-04-03 13:32	--------	d-----w-	c:\program files\Easy CD-DA Extractor 2010

2010-04-17 12:34 . 2010-04-03 13:39	--------	d-----w-	c:\program files\ReNamer

2010-04-13 21:09 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail

2010-04-13 17:07 . 2010-04-13 17:07	0	---ha-w-	c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf

2010-04-10 13:36 . 2010-04-03 13:45	--------	d-----w-	c:\program files\Total Commander

2010-04-06 16:26 . 2010-04-06 16:26	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf

2010-04-03 22:29 . 2010-04-03 11:47	--------	d-----w-	c:\users\PC\AppData\Roaming\Uniblue

2010-04-03 18:57 . 2010-04-03 16:38	--------	d-----w-	c:\programdata\DivX

2010-04-03 18:57 . 2010-04-03 16:39	--------	d-----w-	c:\program files\DivX

2010-04-03 18:57 . 2010-04-03 13:47	--------	d-----w-	c:\program files\Common Files\PX Storage Engine

2010-04-03 18:52 . 2010-04-03 14:06	27934	----a-w-	c:\users\PC\AppData\Roaming\nvModes.dat

2010-04-03 16:53 . 2010-04-03 16:46	--------	d-----w-	c:\users\PC\AppData\Roaming\DivX

2010-04-03 16:38 . 2010-04-03 16:46	986904	----a-w-	c:\programdata\DivX\Setup\DivXSetup.exe

2010-04-03 13:56 . 2010-04-03 13:56	--------	d-----w-	c:\program files\XnView

2010-04-03 13:52 . 2010-04-03 13:52	--------	d-----w-	c:\program files\BESTplayer

2010-04-03 13:50 . 2010-04-03 13:47	--------	d-----w-	c:\users\PC\AppData\Roaming\Winamp

2010-04-03 13:50 . 2010-04-03 13:49	--------	d-----w-	c:\program files\Common Files\Adobe

2010-04-03 13:48 . 2010-04-03 13:47	--------	d-----w-	c:\program files\Winamp

2010-04-03 13:48 . 2010-04-03 13:36	--------	d-----w-	c:\users\PC\AppData\Roaming\Media Player Classic

2010-04-03 13:45 . 2010-04-03 13:45	--------	d-----w-	c:\users\PC\AppData\Roaming\GHISLER

2010-04-03 13:37 . 2010-04-03 13:37	--------	d-----w-	c:\program files\Moyea

2010-04-03 13:22 . 2010-04-03 13:22	--------	d-----w-	c:\program files\Common Files\Diskeeper Corporation

2010-04-03 13:22 . 2010-04-03 13:22	--------	d-----w-	c:\programdata\Diskeeper Corporation

2010-04-03 13:22 . 2010-04-03 13:22	--------	d-----w-	c:\program files\Windows Home Server

2010-04-03 13:22 . 2010-04-03 13:22	--------	d-----w-	c:\program files\Diskeeper Corporation

2010-04-03 12:15 . 2010-04-03 10:18	55552	----a-w-	c:\users\PC\AppData\Local\GDIPFONTCACHEV1.DAT

2010-04-03 12:08 . 2010-04-03 12:08	--------	d-----w-	c:\program files\Toshiba

2010-04-03 12:07 . 2010-04-03 12:01	--------	d-----w-	c:\programdata\Microsoft Help

2010-04-03 12:05 . 2010-04-03 12:05	--------	d-----w-	c:\program files\Microsoft Works

2010-04-03 12:04 . 2010-04-03 12:04	--------	d-----w-	c:\program files\Microsoft.NET

2010-04-03 11:45 . 2010-04-03 11:45	--------	d-----w-	c:\program files\CCleaner

2010-04-03 11:31 . 2010-04-03 11:31	--------	d-----w-	c:\program files\Intel

2010-04-03 11:23 . 2010-04-03 11:23	--------	d-----w-	c:\programdata\NVIDIA

2010-04-03 11:17 . 2010-04-03 11:17	--------	d-----w-	c:\program files\Common Files\InstallShield

2010-04-03 11:15 . 2010-04-03 10:17	680	----a-w-	c:\users\PC\AppData\Local\d3d9caps.dat

2010-04-03 11:14 . 2010-04-03 11:14	--------	d-----w-	c:\program files\Agnitum

2010-04-03 11:13 . 2010-04-03 11:13	--------	d-----w-	c:\programdata\Agnitum

2010-04-03 10:58 . 2010-04-03 10:58	--------	d-----w-	c:\program files\Windows Portable Devices

2010-04-03 10:58 . 2006-11-02 10:25	665600	----a-w-	c:\windows\inf\drvindex.dat

2010-04-03 10:15 . 2010-04-03 10:15	--------	d-sh--we	c:\programdata\Ulubione

2010-04-03 10:15 . 2010-04-03 10:15	--------	d-sh--we	c:\programdata\Szablony

2010-04-03 10:15 . 2010-04-03 10:15	--------	d-sh--we	c:\programdata\Pulpit

2010-04-03 10:15 . 2010-04-03 10:15	--------	d-sh--we	c:\programdata\Menu Start

2010-04-03 10:15 . 2010-04-03 10:15	--------	d-sh--we	c:\programdata\Dokumenty

2010-04-03 10:15 . 2010-04-03 10:15	--------	d-sh--we	c:\programdata\Dane aplikacji

2010-02-24 08:16 . 2010-04-03 10:31	181632	------w-	c:\windows\system32\MpSigStub.exe

2010-02-23 06:39 . 2010-04-03 10:47	916480	----a-w-	c:\windows\system32\wininet.dll

2010-02-23 06:33 . 2010-04-03 10:47	71680	----a-w-	c:\windows\system32\iesetup.dll

2010-02-23 06:33 . 2010-04-03 10:47	109056	----a-w-	c:\windows\system32\iesysprep.dll

2010-02-23 04:55 . 2010-04-03 10:47	133632	----a-w-	c:\windows\system32\ieUnatt.exe

2010-02-20 23:06 . 2010-04-03 10:43	24064	----a-w-	c:\windows\system32\nshhttp.dll

2010-02-20 23:05 . 2010-04-03 10:43	30720	----a-w-	c:\windows\system32\httpapi.dll

2010-02-20 20:53 . 2010-04-03 10:43	411648	----a-w-	c:\windows\system32\drivers\http.sys

2010-02-09 11:32 . 2010-04-03 11:17	715000	----a-w-	c:\windows\system32\drivers\SandBox.sys

2010-02-04 08:01 . 2010-04-13 20:53	74072	----a-w-	c:\windows\system32\XAPOFX1_4.dll

2010-02-04 08:01 . 2010-04-13 20:53	528216	----a-w-	c:\windows\system32\XAudio2_6.dll

2010-02-04 08:01 . 2010-04-13 20:53	238936	----a-w-	c:\windows\system32\xactengine3_6.dll

2010-02-04 08:01 . 2010-04-13 20:53	22360	----a-w-	c:\windows\system32\X3DAudio1_7.dll

.


((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2010-02-11 2447488]

"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" [2010-02-09 439784]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000]


c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-2-2 2756608]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(b):62,22,80,d4,a9,ba,c9,01


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3413416236-1275736440-1433409148-1000]

"EnableNotificationsRef"=dword:00000001


R3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [2010-02-09 34488]

S1 afw;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [2009-02-18 29208]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-07 114984]

S1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2010-02-09 715000]

S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2010-02-11 1338160]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-04-07 133512]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-04-07 810120]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-04-07 96896]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-11-02 319000]

S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2009-12-10 45616]

S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2007-05-23 74240]

S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2007-05-23 43904]

S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-04-23 812544]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation	REG_MULTI_SZ FontCache

.

.

------- Skan uzupełniający -------

.

IE: Eksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.


**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-03 20:05

Windows 6.0.6002 Service Pack 2 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Czas ukończenia: 2010-05-03 20:08:21

ComboFix-quarantined-files.txt 2010-05-03 18:08


Przed: 25 315 463 168 bajtów wolnych

Po: 25 137 963 008 bajtów wolnych


- - End Of File - - CAE2E280E478EE4640AA4589752B6736

Jak mogę się uwolnić od tego cholerstwa? HELP! :frowning:


(=Bogdan=) #2

Spróbuj wykonać to...

Panel sterowania ->Dzwięk,wideo i kontrolery gier -> prawy przycisk myszy na ATI HDMI Audio ->wyłącz ->restart kompa.

Napisz czy pomogło.


(Matteo Net) #3

Ummmm... to chyba instrukcja dla Windowsa XP...

A w Viście gdzie to znaleźć? :wink:

-- Dodane 04 maja 2010, 20:55 --

Uffff... jak się okazało (najprawdopodobniej) problem tkwił w sterownikach od Bluetooth zainstalowanych przez WU.

Poza tym odinstalowałem też Nokia Ovi Suite, bo po pierwszym restarcie (odinstalowanie Bluetooth) svchost.exe

z 40% użycia CPU spadł na 15% i tak mnie coś tchnęło, żeby usunąć wszystkie wynalazki (program, sterowniki) od Nokii.

Nokia PC Suite był niezły, nie wiem po co Nokia wypuściła taki szajs jak Ovi :?

Tak czy inaczej, problem został szczęśliwie rozwiązany :slight_smile: