Prosim kontrulu Vyřešeno

[zubr35]

Dneska se mě seklo PC a když jsem ho zapnul tak tam skočilo že program Deamonu.exe přestal pracovat. Zablokovalo to AVG a až se rozjel tak to hned našlo nějakej trojan. Pokaždé když zapnu PC tak zase program Deamonu.exe nepracuje a pořád to stejné. Kamarádi prosim help :)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:03:52, on 6.4.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Athlon\Local Settings\Data aplikací\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Documents and Settings\Athlon\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Athlon\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Athlon\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Athlon\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Athlon\Plocha\Dan\hijackthis.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts: ˙ţ
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Athlon\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF673814-08A8-4902-AEBE-BBD9352686F3}: NameServer = 89.235.6.106,212.80.66.7
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

--
End of file - 7706 bytes

[Reklama]

[Damned]

Může to být červ (worm).

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

O1 - Hosts: ˙ţ
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Athlon\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
*****************************************************************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti: Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko Konec.
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje a poté kliknutím na OK spusť program
- nech vybranou možnost Rychlá kontrola a klikni na tlačítko Prohledat

Bude-li nalezen problém:
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost Uložit protokol a ulož si log na Plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
- výsledný log mi sem zkopíruj
(zatím nic nemaž!).

Nebude-li nalezen problém:
- Klikni na tlačítko "OK" a sděl mi to

[zubr35]

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Verze databáze: v2012.04.06.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Athlon :: ATHLONX2 [administrátor]

6.4.2012 21:33:07
mbam-log-2012-04-06 (21-39-51).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 201496
Uplynulý čas: 4 minut, 8 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKCU\SOFTWARE\XTREMERAT (Malware.Trace) -> Žádná instrukce nebyla provedena.

Nalezené hodnoty v registru: 1
HKCU\Software\XtremeRAT|Mutex (Malware.Trace) -> Data: 8YMbzGLyKe0XRn -> Žádná instrukce nebyla provedena.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

[Damned]

Spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec
*****************************************************************************************************************************************************************************************
Vypni rezidentní štít antiviru.
Stáhni si ComboFix (by sUBs) nebo ComboFix (subs) a ulož si ho na Plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[zubr35]

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Verze databáze: v2012.04.06.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Athlon :: ATHLONX2 [administrátor]

7.4.2012 15:20:51
mbam-log-2012-04-07 (15-20-51).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 201472
Uplynulý čas: 4 minut, 33 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKCU\SOFTWARE\XTREMERAT (Malware.Trace) -> Umístnění do karantény a smazání se zdařilo.

Nalezené hodnoty v registru: 1
HKCU\Software\XtremeRAT|Mutex (Malware.Trace) -> Data: 8YMbzGLyKe0XRn -> Umístnění do karantény a smazání se zdařilo.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

[zubr35]

ComboFix 12-04-07.02 - Athlon 07.04.2012 15:31:11.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1314 [GMT 2:00]
Spuštěný z: c:\documents and settings\Athlon\Plocha\Dan\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Athlon\Data aplikací\Microsoft\Windows\8YMbzGLyKe0XRn.dat
c:\windows\InstallDir
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\9dd37e0e12415335.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d4eff0a44cb1517d.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-07 do 2012-04-07 )))))))))))))))))))))))))))))))
.
.
2012-04-06 19:31 . 2012-04-06 19:31 -------- d-----w- c:\documents and settings\Athlon\Data aplikací\Malwarebytes
2012-04-06 19:31 . 2012-04-06 19:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-06 19:31 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-04 21:09 . 2012-04-04 21:09 -------- d-----w- c:\documents and settings\Athlon\Data aplikací\.wtw
2012-04-04 21:09 . 2012-04-04 21:09 -------- d-----w- c:\documents and settings\Athlon\NabÝdka Start
2012-03-30 16:59 . 2012-03-30 16:59 -------- d-----w- c:\program files\Common Files\Java
2012-03-30 16:58 . 2012-03-30 16:58 -------- d-----w- c:\program files\Oracle
2012-03-30 16:58 . 2012-03-30 16:58 -------- d-----w- c:\documents and settings\Athlon\Data aplikací\Oracle
2012-03-30 16:58 . 2012-01-10 11:57 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-30 16:58 . 2012-01-10 11:57 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-30 13:54 . 2012-04-02 17:02 -------- d-----w- c:\documents and settings\Athlon\Local Settings\Data aplikací\Google
2012-03-25 17:25 . 2012-03-31 10:10 -------- d-----w- c:\documents and settings\Athlon\Data aplikací\.minecraft
2012-03-24 17:54 . 2012-03-24 18:00 -------- d-----w- c:\documents and settings\Athlon\Local Settings\Data aplikací\Abelssoft
2012-03-20 16:41 . 2012-03-20 16:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AltrixSoft
2012-03-20 16:40 . 2012-03-20 16:53 -------- d-----w- c:\program files\Common Files\AltrixSoft
2012-03-20 15:12 . 2012-03-20 15:12 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-20 15:12 . 2012-03-20 15:12 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-18 15:07 . 2012-03-18 15:07 -------- d-----w- c:\documents and settings\Athlon\Data aplikací\Charles
2012-03-14 19:04 . 2012-03-14 19:04 -------- d-----w- c:\documents and settings\Athlon\Data aplikací\AVG
2012-03-13 15:50 . 2012-03-15 15:09 -------- d-----w- c:\program files\AVG Secure Search
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 18:58 . 2011-08-09 13:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:57 . 2010-07-06 19:09 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-02-02 18:37 . 2012-02-02 18:37 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-02 18:29 . 2009-10-06 14:01 473656 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-01-16 17:34 . 2007-06-25 20:11 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-01-16 17:34 . 2007-06-25 20:11 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-01-11 19:07 . 2012-02-16 13:53 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-10 11:57 . 2010-12-31 18:23 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-09 16:20 . 2010-07-06 19:08 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-20 15:12 . 2011-10-18 18:01 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-05-15 484904]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-20 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"RTHDCPL"="RTHDCPL.EXE" [2010-11-02 19580520]
"NvMediaCenter"="NvMCTray.dll" [2011-04-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-15 982880]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Documents and Settings\\Athlon\\Plocha\\Dan\\Nová složka\\Crack\\WickedPatcher\\WP669.exe"=
"c:\\Documents and Settings\\Athlon\\Plocha\\Dan\\utorrent-portable\\utorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"56668:TCP"= 56668:TCP:Pando Media Booster
"56668:UDP"= 56668:UDP:Pando Media Booster
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"8395:TCP"= 8395:TCP:League of Legends Launcher
"8395:UDP"= 8395:UDP:League of Legends Launcher
"6910:TCP"= 6910:TCP:League of Legends Launcher
"6910:UDP"= 6910:UDP:League of Legends Launcher
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6969:TCP"= 6969:TCP:League of Legends Launcher
"6969:UDP"= 6969:UDP:League of Legends Launcher
"6939:TCP"= 6939:TCP:League of Legends Launcher
"6939:UDP"= 6939:UDP:League of Legends Launcher
"57847:TCP"= 57847:TCP:Pando Media Booster
"57847:UDP"= 57847:UDP:Pando Media Booster
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"6975:TCP"= 6975:TCP:League of Legends Launcher
"6975:UDP"= 6975:UDP:League of Legends Launcher
"6890:TCP"= 6890:TCP:League of Legends Launcher
"6890:UDP"= 6890:UDP:League of Legends Launcher
"6953:TCP"= 6953:TCP:League of Legends Launcher
"6953:UDP"= 6953:UDP:League of Legends Launcher
"6973:TCP"= 6973:TCP:League of Legends Launcher
"6973:UDP"= 6973:UDP:League of Legends Launcher
"6886:TCP"= 6886:TCP:League of Legends Launcher
"6886:UDP"= 6886:UDP:League of Legends Launcher
"6901:TCP"= 6901:TCP:League of Legends Launcher
"6901:UDP"= 6901:UDP:League of Legends Launcher
"6930:TCP"= 6930:TCP:League of Legends Launcher
"6930:UDP"= 6930:UDP:League of Legends Launcher
"6949:TCP"= 6949:TCP:League of Legends Launcher
"6949:UDP"= 6949:UDP:League of Legends Launcher
"6923:TCP"= 6923:TCP:League of Legends Launcher
"6923:UDP"= 6923:UDP:League of Legends Launcher
"6976:TCP"= 6976:TCP:League of Legends Launcher
"6976:UDP"= 6976:UDP:League of Legends Launcher
"6967:TCP"= 6967:TCP:League of Legends Launcher
"6967:UDP"= 6967:UDP:League of Legends Launcher
"6940:TCP"= 6940:TCP:League of Legends Launcher
"6940:UDP"= 6940:UDP:League of Legends Launcher
"6921:TCP"= 6921:TCP:League of Legends Launcher
"6921:UDP"= 6921:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6983:TCP"= 6983:TCP:League of Legends Launcher
"6983:UDP"= 6983:UDP:League of Legends Launcher
"6997:TCP"= 6997:TCP:League of Legends Launcher
"6997:UDP"= 6997:UDP:League of Legends Launcher
"6892:TCP"= 6892:TCP:League of Legends Launcher
"6892:UDP"= 6892:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [4.2.2008 19:04 5248]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.9.2010 16:27 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7.9.2010 4:48 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [8.12.2010 5:12 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12.11.2010 14:19 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2.8.2011 6:09 192776]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [12.3.2012 14:17 918880]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12.7.2010 5:33 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [3.8.2010 16:23 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [3.8.2010 16:23 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [3.8.2010 16:23 16720]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2.2.2012 20:37 242240]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [23.11.2011 3:36 2391832]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12.10.2011 7:25 4433248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [5.5.2011 20:37 2218600]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1.5.2011 18:46 1691480]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12.7.2010 5:33 30944]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [17.4.2011 13:13 23456]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 17:21 30720]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [6.7.2010 21:09 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-05-15 15:08 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
Trusted Zone: mojebanka.cz\www
TCP: Interfaces\{FF673814-08A8-4902-AEBE-BBD9352686F3}: NameServer = 89.235.6.106,212.80.66.7
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Athlon\Data aplikací\Mozilla\Firefox\Profiles\9ldgupk0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B1d ... &sap=ku&q=
FF - prefs.js: network.proxy.type - 4
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-07 15:36
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1844237615-776561741-839522115-1004\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:bc,d9,1c,ba,15,6b,16,93,e0,34,f2,26,27,48,7a,bb,7b,5b,35,6a,27,
7d,b4,b9,52,d3,ee,c8,bf,d0,97,46,53,f9,96,a2,cc,14,fa,82,a8,73,c2,18,a3,17,\
"rkeysecu"=hex:94,b8,10,b1,01,e7,69,33,12,2e,60,2e,c4,6d,e1,29
.
Celkový čas: 2012-04-07 15:38:29
ComboFix-quarantined-files.txt 2012-04-07 13:38
.
Před spuštěním: Volných bajtů: 315 100 381 184
Po spuštění: Volných bajtů: 315 072 737 280
.
- - End Of File - - EEBD256097969A91AA5890B25B95B20D

[memphisto]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

+ Nový log z HJT

Jak se chová PC?

[zubr35]

Když zapnu PC tak tam zase skoči to jak mam v prvnim topiku... A nejde tak 5 min net něž všechno najede.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26:12, on 7.4.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\Athlon\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Documents and Settings\Athlon\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Athlon\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Athlon\Plocha\Dan\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF673814-08A8-4902-AEBE-BBD9352686F3}: NameServer = 89.235.6.106,212.80.66.7
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

--
End of file - 6291 bytes

[memphisto]

Daemonu.exe je součást ovladačů grafiky. Updater. Pravděpodobně falešný poplach. Zkus přeinstalovat ovladače ke grafice

[Damned]

Aktualizační služba k NVIDIA. Vypni to ve Službách a soubor:

C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe zkontroluj na [uhttp://www.virustotal.com]Virustotalu[/u]. Pokud ti VT nabídne, že soubor už kontroloval, nechej zkontrolovat svůj soubor znova. Vlož mi sem pak odkaz na výsledek testu.