Prosim o kontrolu logu, na notesu obcas zcela nahodne BSOD

bluu · Příspěvekod **bluu** » 17 črc 2012 09:35

[url=]httpswww.virustotal.comfile1d9d3c213e1c7650ed3827e39303994fbf0decbb51002e63e7f801340d11e87danalysis1342472170[url]

ComboFix 12-07-16.01 - majmo 17.07.2012 9:17:53.10.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2230 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\majmo\Plocha\Downloads\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\majmo\Plocha\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

((((((((((((((((((((((((( Soubory vytvořené od 2012-06-17 do 2012-07-17 )))))))))))))))))))))))))))))))

2012-07-16 15:18:18 . 2012-07-16 15:18:18 -------- d-----w- C:\Documents and Settings\majmo\Data aplikací\Avira
2012-07-16 15:12:43 . 2012-04-27 08:20:04 137928 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys
2012-07-16 15:12:43 . 2012-04-24 22:32:27 83392 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys
2012-07-16 15:12:43 . 2012-04-16 19:18:01 36000 ----a-w- C:\WINDOWS\system32\drivers\avkmgr.sys
2012-07-16 15:12:42 . 2012-07-16 15:12:42 -------- d-----w- C:\Program Files\Avira
2012-07-16 15:12:42 . 2012-07-16 15:12:42 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\Avira
2012-07-14 15:43:05 . 2012-07-14 15:43:11 -------- d-----w- C:\Program Files\CrystalDiskInfo
2012-07-14 15:36:06 . 2012-07-14 15:39:36 -------- d-----w- C:\Program Files\WhoCrashed
2012-07-14 15:26:28 . 2012-07-14 15:26:31 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-07-14 15:26:28 . 2012-07-03 11:46:44 22344 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2012-07-14 11:52:55 . 2012-07-14 11:52:55 388096 ----a-r- C:\Documents and Settings\majmo\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-14 11:52:55 . 2012-07-14 11:52:55 -------- d-----w- C:\Program Files\Trend Micro
2012-07-12 10:17:04 . 2012-07-12 10:17:04 967 ----a-w- C:\WINDOWS\ScUnin.pif
2012-07-12 10:17:04 . 2012-07-12 10:17:04 68096 ----a-w- C:\WINDOWS\ScUnin.exe
2012-07-11 10:13:49 . 2012-07-11 10:13:49 -------- d-----w- C:\Program Files\LG Electronics
2012-07-11 10:13:49 . 2012-03-02 14:02:00 25728 ----a-w- C:\WINDOWS\system32\drivers\lgandadb.sys
2012-07-11 10:13:49 . 2012-03-02 14:02:00 25088 ----a-w- C:\WINDOWS\system32\drivers\lgandmodem.sys
2012-07-11 10:13:49 . 2012-03-02 14:02:00 20736 ----a-w- C:\WINDOWS\system32\drivers\lganddiag.sys
2012-07-11 10:13:49 . 2012-03-02 14:02:00 20096 ----a-w- C:\WINDOWS\system32\drivers\lgandgps.sys
2012-07-11 10:13:49 . 2012-03-02 14:02:00 14336 ----a-w- C:\WINDOWS\system32\drivers\lgandbus.sys
2012-07-02 06:07:27 . 2012-07-14 11:50:49 -------- d-----w- C:\zaloha 2 gb
2012-06-30 21:43:08 . 2012-07-12 07:25:24 70344 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2012-06-30 21:43:08 . 2012-07-12 07:25:24 426184 ----a-w- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-06-27 16:33:37 . 2012-06-27 16:33:37 -------- d-----w- C:\Documents and Settings\majmo\Data aplikací\.minecraft_xray
2012-06-23 07:30:29 . 2012-07-12 07:25:21 9822920 ----a-w- C:\WINDOWS\system32\FlashPlayerInstaller.exe
.

(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-07-11 15:02:22 . 2011-04-18 14:37:10 6544 ----a-w- C:\WINDOWS\system32\PerfStringBackup.TMP
2012-06-13 13:55:23 . 2008-04-14 12:00:00 1866112 ----a-w- C:\WINDOWS\system32\win32k.sys
2012-06-08 10:22:40 . 2012-06-08 10:22:40 175104 ----a-w- C:\WINDOWS\system32\msiovq32.dll
2012-06-05 15:49:58 . 2008-04-14 12:00:00 1372672 ----a-w- C:\WINDOWS\system32\msxml6.dll
2012-06-05 15:49:57 . 2008-04-14 12:00:00 1172480 ----a-w- C:\WINDOWS\system32\msxml3.dll
2012-06-04 04:32:38 . 2008-04-14 12:00:00 152576 ----a-w- C:\WINDOWS\system32\schannel.dll
2012-06-02 13:19:46 . 2008-10-16 12:07:46 15384 ----a-w- C:\WINDOWS\system32\wuaucpl.cpl.mui
2012-06-02 13:19:44 . 2008-10-16 12:08:56 22552 ----a-w- C:\WINDOWS\system32\wucltui.dll.mui
2012-06-02 13:19:38 . 2009-09-19 19:23:59 210968 ----a-w- C:\WINDOWS\system32\wuweb.dll
2012-06-02 13:19:38 . 2009-09-19 19:23:58 329240 ----a-w- C:\WINDOWS\system32\wucltui.dll
2012-06-02 13:19:38 . 2009-09-19 19:23:58 219160 ----a-w- C:\WINDOWS\system32\wuaucpl.cpl
2012-06-02 13:19:34 . 2009-09-19 19:23:58 53784 ----a-w- C:\WINDOWS\system32\wuauclt.exe
2012-06-02 13:19:34 . 2009-09-19 19:23:58 35864 ----a-w- C:\WINDOWS\system32\wups.dll
2012-06-02 13:19:34 . 2008-10-16 12:09:44 45080 ----a-w- C:\WINDOWS\system32\wups2.dll
2012-06-02 13:19:34 . 2008-10-16 12:07:48 15384 ----a-w- C:\WINDOWS\system32\wuapi.dll.mui
2012-06-02 13:19:34 . 2008-10-16 12:07:14 18456 ----a-w- C:\WINDOWS\system32\wuaueng.dll.mui
2012-06-02 13:19:34 . 2008-04-14 12:00:00 97304 ----a-w- C:\WINDOWS\system32\cdm.dll
2012-06-02 13:19:24 . 2009-09-19 19:23:58 577048 ----a-w- C:\WINDOWS\system32\wuapi.dll
2012-06-02 13:19:18 . 2009-09-19 19:23:58 1933848 ----a-w- C:\WINDOWS\system32\wuaueng.dll
2012-05-31 13:22:06 . 2008-04-14 12:00:00 602112 ----a-w- C:\WINDOWS\system32\crypt32.dll
2012-05-16 07:59:11 . 2008-04-14 12:00:00 668160 ----a-w- C:\WINDOWS\system32\wininet.dll
2012-05-05 03:14:53 . 2008-04-14 12:00:00 2150400 ----a-w- C:\WINDOWS\system32\ntoskrnl.exe
2012-05-05 03:14:53 . 2008-04-14 06:06:44 2028544 ----a-w- C:\WINDOWS\system32\ntkrnlpa.exe
2012-05-02 13:46:39 . 2009-09-19 19:21:55 139656 ----a-w- C:\WINDOWS\system32\drivers\rdpwd.sys
2012-04-20 19:30:25 . 2008-04-14 12:00:00 81920 ----a-w- C:\WINDOWS\system32\ieencode.dll
2012-04-20 19:30:25 . 2008-04-14 12:00:00 61952 ----a-w- C:\WINDOWS\system32\tdc.ocx
2012-04-20 19:28:54 . 2008-04-14 12:00:00 370176 ----a-w- C:\WINDOWS\system32\html.iec
2012-06-18 04:46:08 . 2011-03-24 21:12:21 85472 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[-] 2009-09-16 17:38:14 . AE54240559D3E4F5D6D1AA661FA71247 . 1571840 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll

((((((((((((((((((((((((((((( SnapShot@2012-07-16_14.41.01 )))))))))))))))))))))))))))))))))))))))))

+ 2012-07-16 14:44:00 . 2012-07-16 14:44:00 16384 C:\WINDOWS\temp\Perflib_Perfdata_6ec.dat
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 51024 C:\WINDOWS\system32\vcomp100.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 81744 C:\WINDOWS\system32\mfcm100u.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 81744 C:\WINDOWS\system32\mfcm100.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 60752 C:\WINDOWS\system32\mfc100rus.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 43344 C:\WINDOWS\system32\mfc100kor.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 43856 C:\WINDOWS\system32\mfc100jpn.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 62288 C:\WINDOWS\system32\mfc100ita.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 36176 C:\WINDOWS\system32\mfc100cht.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 36176 C:\WINDOWS\system32\mfc100chs.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 64336 C:\WINDOWS\system32\mfc100fra.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 63824 C:\WINDOWS\system32\mfc100esn.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 55120 C:\WINDOWS\system32\mfc100enu.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 64336 C:\WINDOWS\system32\mfc100deu.dll
+ 2012-07-16 15:12:45 . 2010-06-17 13:14:27 28520 C:\WINDOWS\system32\drivers\ssmdrv.sys
+ 2011-02-18 22:40:50 . 2011-02-18 22:40:50 773968 C:\WINDOWS\system32\msvcr100.dll
- 2010-03-18 07:15:26 . 2010-03-18 07:15:26 421200 C:\WINDOWS\system32\msvcp100.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 421200 C:\WINDOWS\system32\msvcp100.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 138056 C:\WINDOWS\system32\atl100.dll
+ 2012-07-16 15:11:25 . 2012-07-16 15:11:25 160768 C:\WINDOWS\Installer\19b45b.msi
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 4422992 C:\WINDOWS\system32\mfc100u.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 4397384 C:\WINDOWS\system32\mfc100.dll

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))

*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 14:06:06 1840424]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 09:20:12 1305408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-02-27 05:22:10 1368064]
"IntelWireless"="C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-02-27 04:40:52 1202448]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 06:31:00 16857600]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 05:32:00 89541]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2009-11-20 19:32:14 12669544]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2009-11-20 19:32:14 110184]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 07:55:10 55824]

Reklama

bluu · Příspěvekod **bluu** » 17 črc 2012 09:38

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:37:21, on 17.7.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\System Control Manager\edd.exe
C:\Program Files\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Garage\Mouse without Borders\DDHelper.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 10282 bytes

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-17 09:36:00
-----------------------------
09:36:00.468 OS Version: Windows 5.1.2600 Service Pack 3
09:36:00.468 Number of processors: 2 586 0xF0D
09:36:00.468 ComputerName: MSI UserName:
09:36:01.093 Initialize success
09:36:04.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
09:36:04.968 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
09:36:04.984 Disk 0 MBR read successfully
09:36:04.984 Disk 0 MBR scan
09:36:04.984 Disk 0 Windows XP default MBR code
09:36:04.984 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 80003 MB offset 63
09:36:04.984 Disk 0 Partition - 00 0F Extended LBA 158461 MB offset 163846935
09:36:05.000 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99998 MB offset 163846998
09:36:05.000 Disk 0 Partition - 00 05 Extended 14001 MB offset 368643555
09:36:05.015 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14001 MB offset 368643618
09:36:05.015 Disk 0 Partition - 00 05 Extended 44461 MB offset 602116200
09:36:05.031 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 44461 MB offset 397319643
09:36:05.046 Disk 0 scanning sectors +488376000
09:36:05.125 Disk 0 scanning C:\WINDOWS\system32\drivers
09:36:14.625 Service scanning
09:36:23.437 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
09:36:26.328 Modules scanning
09:36:34.640 Disk 0 trace - called modules:
09:36:34.671 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spmw.sys hal.dll >>UNKNOWN [0x8b223938]<<
09:36:34.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b1d7030]
09:36:34.671 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8b1df028]
09:36:34.687 Scan finished successfully
09:36:45.406 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\majmo\Plocha\MBR.dat"
09:36:45.468 The log file has been saved successfully to "C:\Documents and Settings\majmo\Plocha\aswMBR.txt"

Příspěvekod **jaro3** » 17 črc 2012 10:41

Virustotal neodkazuje , je tam nějaká nákaza?

Log z Combofixu není celý.

bluu · Příspěvekod **bluu** » 17 črc 2012 15:54

ComboFix 12-07-16.01 - majmo 17.07.2012 15:42:27.11.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2657 [GMT 2:00]
Spuštěný z: c:\documents and settings\majmo\Plocha\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\majmo\Plocha\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-17 do 2012-07-17 )))))))))))))))))))))))))))))))
.
.
2012-07-16 15:18 . 2012-07-16 15:18 -------- d-----w- c:\documents and settings\majmo\Data aplikací\Avira
2012-07-16 15:12 . 2012-04-27 08:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-16 15:12 . 2012-04-24 22:32 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-16 15:12 . 2012-04-16 19:18 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-16 15:12 . 2012-07-16 15:12 -------- d-----w- c:\program files\Avira
2012-07-16 15:12 . 2012-07-16 15:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avira
2012-07-14 15:43 . 2012-07-14 15:43 -------- d-----w- c:\program files\CrystalDiskInfo
2012-07-14 15:36 . 2012-07-14 15:39 -------- d-----w- c:\program files\WhoCrashed
2012-07-14 15:26 . 2012-07-14 15:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-14 15:26 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-14 11:52 . 2012-07-14 11:52 388096 ----a-r- c:\documents and settings\majmo\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-14 11:52 . 2012-07-14 11:52 -------- d-----w- c:\program files\Trend Micro
2012-07-12 10:17 . 2012-07-12 10:17 967 ----a-w- c:\windows\ScUnin.pif
2012-07-12 10:17 . 2012-07-12 10:17 68096 ----a-w- c:\windows\ScUnin.exe
2012-07-11 10:13 . 2012-07-11 10:13 -------- d-----w- c:\program files\LG Electronics
2012-07-11 10:13 . 2012-03-02 14:02 25728 ----a-w- c:\windows\system32\drivers\lgandadb.sys
2012-07-11 10:13 . 2012-03-02 14:02 25088 ----a-w- c:\windows\system32\drivers\lgandmodem.sys
2012-07-11 10:13 . 2012-03-02 14:02 20736 ----a-w- c:\windows\system32\drivers\lganddiag.sys
2012-07-11 10:13 . 2012-03-02 14:02 20096 ----a-w- c:\windows\system32\drivers\lgandgps.sys
2012-07-11 10:13 . 2012-03-02 14:02 14336 ----a-w- c:\windows\system32\drivers\lgandbus.sys
2012-07-02 06:07 . 2012-07-14 11:50 -------- d-----w- C:\zaloha 2 gb
2012-06-30 21:43 . 2012-07-12 07:25 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-30 21:43 . 2012-07-12 07:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-27 16:33 . 2012-06-27 16:33 -------- d-----w- c:\documents and settings\majmo\Data aplikací\.minecraft_xray
2012-06-23 07:30 . 2012-07-12 07:25 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 15:02 . 2011-04-18 14:37 6544 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-06-13 13:55 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-08 10:22 . 2012-06-08 10:22 175104 ----a-w- c:\windows\system32\msiovq32.dll
2012-06-05 15:49 . 2008-04-14 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-14 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2008-10-16 12:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-10-16 12:08 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-09-19 19:23 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-09-19 19:23 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2009-09-19 19:23 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2009-09-19 19:23 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2009-09-19 19:23 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-10-16 12:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-10-16 12:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-10-16 12:07 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-09-19 19:23 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2009-09-19 19:23 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2008-04-14 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 07:59 . 2008-04-14 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2012-05-05 03:14 . 2008-04-14 12:00 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2008-04-14 06:06 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2009-09-19 19:21 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-20 19:30 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-04-20 19:30 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-04-20 19:28 . 2008-04-14 12:00 370176 ----a-w- c:\windows\system32\html.iec
2012-06-18 04:46 . 2011-03-24 21:12 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-09-16 . AE54240559D3E4F5D6D1AA661FA71247 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-07-16_14.41.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-19 21:03 . 2011-02-19 21:03 51024 c:\windows\system32\vcomp100.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 81744 c:\windows\system32\mfcm100u.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 81744 c:\windows\system32\mfcm100.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 60752 c:\windows\system32\mfc100rus.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 43344 c:\windows\system32\mfc100kor.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 43856 c:\windows\system32\mfc100jpn.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 62288 c:\windows\system32\mfc100ita.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 36176 c:\windows\system32\mfc100cht.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 36176 c:\windows\system32\mfc100chs.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 64336 c:\windows\system32\mfc100fra.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 63824 c:\windows\system32\mfc100esn.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 55120 c:\windows\system32\mfc100enu.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 64336 c:\windows\system32\mfc100deu.dll
+ 2012-07-16 15:12 . 2010-06-17 13:14 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2011-02-18 22:40 . 2011-02-18 22:40 773968 c:\windows\system32\msvcr100.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 421200 c:\windows\system32\msvcp100.dll
- 2010-03-18 07:15 . 2010-03-18 07:15 421200 c:\windows\system32\msvcp100.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 138056 c:\windows\system32\atl100.dll
+ 2012-07-16 15:11 . 2012-07-16 15:11 160768 c:\windows\Installer\19b45b.msi
+ 2011-02-19 21:03 . 2011-02-19 21:03 4422992 c:\windows\system32\mfc100u.dll
+ 2011-02-19 21:03 . 2011-02-19 21:03 4397384 c:\windows\system32\mfc100.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-02-27 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-02-27 1202448]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 89541]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2007-11-21 180224]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2007-11-1 421888]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2009-7-21 323584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"NoHotStart"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoHotStart"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Vypress Chat StartUp.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Vypress Chat StartUp.lnk
backup=c:\windows\pss\Vypress Chat StartUp.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^majmo^Nabídka Start^Programy^Po spuštění^twhirl.lnk]
path=c:\documents and settings\majmo\Nabídka Start\Programy\Po spuštění\twhirl.lnk
backup=c:\windows\pss\twhirl.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-04-16 07:41 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2012-03-28 00:53 404568 ----a-w- c:\documents and settings\All Users\Data aplikací\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonHK]
2007-03-15 14:37 32768 ----a-w- c:\windows\BisonCam\BisonHK.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BsMnt]
2007-03-15 14:34 172032 ----a-w- c:\windows\BisonCam\BsMnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 11:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-09 13:39 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 07:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-03 09:30 1242448 ----a-w- c:\games\Steam\Steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\Vypress Chat\\VyChat.exe"=
"d:\\WPMP150\\miranda32.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Games\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Games\\Steam\\steamapps\\_majmo\\opposing force\\hl.exe"=
"c:\\Games\\Steam\\steamapps\\common\\grand theft auto\\WINO\\Grand Theft Auto.exe"=
"c:\\Games\\Steam\\steamapps\\common\\grand theft auto 3\\gta3.exe"=
"c:\\Games\\Steam\\steamapps\\common\\grand theft auto 2\\gta2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Garage\\Mouse without Borders\\MouseWithoutBorders.exe"=
"c:\\Games\\Steam\\steamapps\\common\\magic the gathering tactics\\LaunchPad.exe"=
"c:\\Games\\Steam\\steamapps\\_majmo\\counter-strike\\hl.exe"=
"c:\\Games\\Steam\\steamapps\\_majmo\\source sdk base 2007\\hl2.exe"=
"c:\\Games\\Steam\\steamapps\\_majmo\\half-life\\hl.exe"=
"c:\\Games\\Steam\\steamapps\\common\\realm of the mad god\\Realm of the Mad God.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"47624:TCP"= 47624:TCP:gta port
"47624:UDP"= 47624:UDP:gta port 2
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.9.2009 11:18 722416]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [8.2.2011 17:06 218688]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [4.10.2009 11:07 270888]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [20.9.2009 10:42 51160]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [20.9.2009 10:42 43736]
S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [16.7.2012 17:12 36000]
S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 04:54 66600]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [23.11.2009 18:52 158512]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [23.11.2009 18:48 91440]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [16.7.2012 17:12 86224]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [15.6.2011 16:53 233472]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [25.6.2010 11:36 10384]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [14.7.2012 17:26 655944]
S2 MouseWithoutBordersSvc;Mouse without Borders Service;c:\program files\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [19.9.2011 16:56 17920]
S2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [16.11.2010 19:57 40960]
S2 NTPCI;NTPCI;c:\windows\system32\drivers\ntpci.sys [20.9.2009 10:42 5632]
S2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [8.6.2012 09:52 578264]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 07:24 95528]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 07:24 1365288]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30.6.2012 23:43 250056]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [10.2.2007 02:04 14336]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [11.7.2012 12:13 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [11.7.2012 12:13 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [11.7.2012 12:13 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [11.7.2012 12:13 25088]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\lgandadb.sys [11.7.2012 12:13 25728]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [15.6.2011 16:53 36608]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [9.1.2010 11:02 13352]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [14.7.2012 17:26 22344]
S3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [16.11.2010 19:57 9088]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [3.5.2012 15:49 113120]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [4.10.2009 11:07 65576]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [23.11.2009 18:51 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [19.12.2011 15:11 116016]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - LBEEPKE
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-30 07:25]
.
.
------- Doplňkový sken -------
.
IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: ÓĂ±ČĚŘľ«ÁéĎÂÔŘ(&B)
FF - ProfilePath - c:\documents and settings\majmo\Data aplikací\Mozilla\Firefox\Profiles\w5k2or00.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - user.js: extensions.softonic_i.newTab - false
FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00005/tb_ ... e=1&cc=&q=
FF - user.js: extensions.softonic_i.id - f450c33a000000000000002185db789a
FF - user.js: extensions.softonic_i.instlDay - 15363
FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.516:12
FF - user.js: extensions.softonic_i.prtnrId - softonic
FF - user.js: extensions.softonic_i.prdct - softonic
FF - user.js: extensions.softonic_i.aflt - SD
FF - user.js: extensions.softonic_i.smplGrp - eng7
FF - user.js: extensions.softonic_i.tlbrId - en11DECdefault
FF - user.js: extensions.softonic_i.instlRef - MON00005
FF - user.js: extensions.softonic_i.dfltLng -
FF - user.js: extensions.softonic_i.excTlbr - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-17 15:48
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|˙˙˙˙¤•€|ů•6~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(272)
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(928)
c:\windows\system32\msi.dll
.
Celkový čas: 2012-07-17 15:49:47
ComboFix-quarantined-files.txt 2012-07-17 13:49
.
Před spuštěním: Volných bajtů: 13 246 918 656
Po spuštění: Volných bajtů: 13 221 896 192
.
- - End Of File - - 0DB981BEF8B12E00C9BEF3A7DAD8C92C

Teď by to mělo být celé, Virustotal nic nenašel.

Příspěvekod **jaro3** » 17 črc 2012 22:59

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\msiovq32.dll
c:\windows\Installer\19b45b.msi

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

bluu · Příspěvekod **bluu** » 17 črc 2012 23:14

msiovq32.dll se nechce uploadnout ani na jeden ze serverů, vždy jen písknout reproduktory. ten druhý jsem vůbec nenašel :/

EDIT: zapnuté všechna zobrazování jsem měl

Příspěvekod **jaro3** » 18 črc 2012 00:08

msiovq32.dll nejspíše:
BACKDOOR/TDSS

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
Collect::
c:\windows\system32\msiovq32.dll

File::
c:\windows\system32\PerfStringBackup.TMP

RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|˙˙˙˙¤•€|ů•6~ *]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

bluu · Příspěvekod **bluu** » 20 črc 2012 13:32

Combofix vždy v závěru scanu vyvolal BSOD, nicméně, tady je scan:

ComboFix 12-07-16.01 - majmo 20.07.2012 13:14:48.13.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2659 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\majmo\Plocha\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\majmo\Plocha\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

FILE ::
"c:\windows\system32\PerfStringBackup.TMP"

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))

---- Předchozí spuštění -------

C:\WINDOWS\system32\msiovq32.dll
c:\windows\system32\PerfStringBackup.TMP

-- Předchozí spuštění --

Nakažená kopie C:\WINDOWS\system32\samsrv.dll byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{1B55DE49-3831-42ED-8A0B-4F3CACDBE394}\RP6\A0003641.dll

--------

((((((((((((((((((((((((( Soubory vytvořené od 2012-06-20 do 2012-07-20 )))))))))))))))))))))))))))))))

2012-07-19 09:52:19 . 2012-07-19 09:54:23 -------- d-----w- C:\Documents and Settings\majmo\Data aplikací\FreeCAD
2012-07-19 09:51:31 . 2012-07-19 09:51:31 -------- d-----w- C:\Program Files\FreeCAD0.12
2012-07-19 08:54:18 . 2012-07-19 08:54:18 -------- d-----w- C:\Program Files\Google
2012-07-18 10:59:30 . 2012-07-18 10:59:31 -------- d-----w- C:\Program Files\DVD Shrink
2012-07-18 10:51:15 . 2012-07-18 11:14:09 -------- d-----w- C:\Program Files\Chopper XP
2012-07-16 15:18:18 . 2012-07-16 15:18:18 -------- d-----w- C:\Documents and Settings\majmo\Data aplikací\Avira
2012-07-16 15:12:43 . 2012-04-27 08:20:04 137928 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys
2012-07-16 15:12:43 . 2012-04-24 22:32:27 83392 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys
2012-07-16 15:12:43 . 2012-04-16 19:18:01 36000 ----a-w- C:\WINDOWS\system32\drivers\avkmgr.sys
2012-07-16 15:12:42 . 2012-07-16 15:12:42 -------- d-----w- C:\Program Files\Avira
2012-07-16 15:12:42 . 2012-07-16 15:12:42 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\Avira
2012-07-14 15:43:05 . 2012-07-14 15:43:11 -------- d-----w- C:\Program Files\CrystalDiskInfo
2012-07-14 15:36:06 . 2012-07-14 15:39:36 -------- d-----w- C:\Program Files\WhoCrashed
2012-07-14 15:26:28 . 2012-07-14 15:26:31 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-07-14 15:26:28 . 2012-07-03 11:46:44 22344 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2012-07-14 11:52:55 . 2012-07-14 11:52:55 388096 ----a-r- C:\Documents and Settings\majmo\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-14 11:52:55 . 2012-07-14 11:52:55 -------- d-----w- C:\Program Files\Trend Micro
2012-07-12 10:17:04 . 2012-07-12 10:17:04 967 ----a-w- C:\WINDOWS\ScUnin.pif
2012-07-12 10:17:04 . 2012-07-12 10:17:04 68096 ----a-w- C:\WINDOWS\ScUnin.exe
2012-07-11 10:13:49 . 2012-07-11 10:13:49 -------- d-----w- C:\Program Files\LG Electronics
2012-07-11 10:13:49 . 2012-03-02 14:02:00 25728 ----a-w- C:\WINDOWS\system32\drivers\lgandadb.sys
2012-07-11 10:13:49 . 2012-03-02 14:02:00 25088 ----a-w- C:\WINDOWS\system32\drivers\lgandmodem.sys
2012-07-11 10:13:49 . 2012-03-02 14:02:00 20736 ----a-w- C:\WINDOWS\system32\drivers\lganddiag.sys
2012-07-11 10:13:49 . 2012-03-02 14:02:00 20096 ----a-w- C:\WINDOWS\system32\drivers\lgandgps.sys
2012-07-11 10:13:49 . 2012-03-02 14:02:00 14336 ----a-w- C:\WINDOWS\system32\drivers\lgandbus.sys
2012-07-02 06:07:27 . 2012-07-14 11:50:49 -------- d-----w- C:\zaloha 2 gb
2012-06-30 21:43:08 . 2012-07-12 07:25:24 70344 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2012-06-30 21:43:08 . 2012-07-12 07:25:24 426184 ----a-w- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-06-27 16:33:37 . 2012-06-27 16:33:37 -------- d-----w- C:\Documents and Settings\majmo\Data aplikací\.minecraft_xray
2012-06-23 07:30:29 . 2012-07-12 07:25:21 9822920 ----a-w- C:\WINDOWS\system32\FlashPlayerInstaller.exe
.

(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-06-13 13:55:23 . 2008-04-14 12:00:00 1866112 ----a-w- C:\WINDOWS\system32\win32k.sys
2012-06-05 15:49:58 . 2008-04-14 12:00:00 1372672 ----a-w- C:\WINDOWS\system32\msxml6.dll
2012-06-05 15:49:57 . 2008-04-14 12:00:00 1172480 ----a-w- C:\WINDOWS\system32\msxml3.dll
2012-06-04 04:32:38 . 2008-04-14 12:00:00 152576 ----a-w- C:\WINDOWS\system32\schannel.dll
2012-06-02 13:19:46 . 2008-10-16 12:07:46 15384 ----a-w- C:\WINDOWS\system32\wuaucpl.cpl.mui
2012-06-02 13:19:44 . 2008-10-16 12:08:56 22552 ----a-w- C:\WINDOWS\system32\wucltui.dll.mui
2012-06-02 13:19:38 . 2009-09-19 19:23:59 210968 ----a-w- C:\WINDOWS\system32\wuweb.dll
2012-06-02 13:19:38 . 2009-09-19 19:23:58 329240 ----a-w- C:\WINDOWS\system32\wucltui.dll
2012-06-02 13:19:38 . 2009-09-19 19:23:58 219160 ----a-w- C:\WINDOWS\system32\wuaucpl.cpl
2012-06-02 13:19:34 . 2009-09-19 19:23:58 53784 ----a-w- C:\WINDOWS\system32\wuauclt.exe
2012-06-02 13:19:34 . 2009-09-19 19:23:58 35864 ----a-w- C:\WINDOWS\system32\wups.dll
2012-06-02 13:19:34 . 2008-10-16 12:09:44 45080 ----a-w- C:\WINDOWS\system32\wups2.dll
2012-06-02 13:19:34 . 2008-10-16 12:07:48 15384 ----a-w- C:\WINDOWS\system32\wuapi.dll.mui
2012-06-02 13:19:34 . 2008-10-16 12:07:14 18456 ----a-w- C:\WINDOWS\system32\wuaueng.dll.mui
2012-06-02 13:19:34 . 2008-04-14 12:00:00 97304 ----a-w- C:\WINDOWS\system32\cdm.dll
2012-06-02 13:19:24 . 2009-09-19 19:23:58 577048 ----a-w- C:\WINDOWS\system32\wuapi.dll
2012-06-02 13:19:18 . 2009-09-19 19:23:58 1933848 ----a-w- C:\WINDOWS\system32\wuaueng.dll
2012-05-31 13:22:06 . 2008-04-14 12:00:00 602112 ----a-w- C:\WINDOWS\system32\crypt32.dll
2012-05-16 07:59:11 . 2008-04-14 12:00:00 668160 ----a-w- C:\WINDOWS\system32\wininet.dll
2012-05-05 03:14:53 . 2008-04-14 12:00:00 2150400 ----a-w- C:\WINDOWS\system32\ntoskrnl.exe
2012-05-05 03:14:53 . 2008-04-14 06:06:44 2028544 ----a-w- C:\WINDOWS\system32\ntkrnlpa.exe
2012-05-02 13:46:39 . 2009-09-19 19:21:55 139656 ----a-w- C:\WINDOWS\system32\drivers\rdpwd.sys
2012-06-18 04:46:08 . 2011-03-24 21:12:21 85472 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[-] 2009-09-16 17:38:14 . AE54240559D3E4F5D6D1AA661FA71247 . 1571840 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll

((((((((((((((((((((((((((((( SnapShot@2012-07-16_14.41.01 )))))))))))))))))))))))))))))))))))))))))

+ 2011-05-13 23:06:18 . 2011-05-13 23:06:18 57856 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-13 23:23:14 . 2011-05-13 23:23:14 69632 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-13 16:37:56 . 2011-05-13 16:37:56 97280 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
+ 2012-07-20 11:22:18 . 2012-07-20 11:22:18 16384 C:\WINDOWS\temp\Perflib_Perfdata_30c.dat
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 51024 C:\WINDOWS\system32\vcomp100.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 81744 C:\WINDOWS\system32\mfcm100u.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 81744 C:\WINDOWS\system32\mfcm100.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 60752 C:\WINDOWS\system32\mfc100rus.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 43344 C:\WINDOWS\system32\mfc100kor.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 43856 C:\WINDOWS\system32\mfc100jpn.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 62288 C:\WINDOWS\system32\mfc100ita.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 36176 C:\WINDOWS\system32\mfc100cht.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 36176 C:\WINDOWS\system32\mfc100chs.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 64336 C:\WINDOWS\system32\mfc100fra.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 63824 C:\WINDOWS\system32\mfc100esn.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 55120 C:\WINDOWS\system32\mfc100enu.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 64336 C:\WINDOWS\system32\mfc100deu.dll
+ 2012-07-16 15:12:45 . 2010-06-17 13:14:27 28520 C:\WINDOWS\system32\drivers\ssmdrv.sys
+ 2012-07-19 09:51:40 . 2012-07-19 09:51:40 18944 C:\WINDOWS\Installer\{81ABC4A0-DE63-11DE-8A39-0800200C9A66}\FreeCADCMDIcon.exe
+ 2009-07-11 22:02:02 . 2009-07-11 22:02:02 653120 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02:00 . 2009-07-11 22:02:00 569664 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 22:05:16 . 2009-07-11 22:05:16 225280 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2011-05-13 23:17:40 . 2011-05-13 23:17:40 632656 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
+ 2011-05-13 23:12:34 . 2011-05-13 23:12:34 554832 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
+ 2011-05-13 23:11:32 . 2011-05-13 23:11:32 479232 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
+ 2011-02-18 22:40:50 . 2011-02-18 22:40:50 773968 C:\WINDOWS\system32\msvcr100.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 421200 C:\WINDOWS\system32\msvcp100.dll
- 2010-03-18 07:15:26 . 2010-03-18 07:15:26 421200 C:\WINDOWS\system32\msvcp100.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 138056 C:\WINDOWS\system32\atl100.dll
+ 2012-07-16 15:11:25 . 2012-07-16 15:11:25 160768 C:\WINDOWS\Installer\19b45b.msi
+ 2012-07-19 09:51:40 . 2012-07-19 09:51:40 125952 C:\WINDOWS\Installer\{81ABC4A0-DE63-11DE-8A39-0800200C9A66}\FreeCADIcon.exe
+ 2011-05-13 18:04:20 . 2011-05-13 18:04:20 1093120 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
+ 2011-05-13 18:04:20 . 2011-05-13 18:04:20 1101824 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 4422992 C:\WINDOWS\system32\mfc100u.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 4397384 C:\WINDOWS\system32\mfc100.dll
+ 2012-07-19 09:51:40 . 2012-07-19 09:51:40 1269248 C:\WINDOWS\Installer\96eaf7f.msi
+ 2012-07-19 08:54:35 . 2012-07-19 08:54:35 16799744 C:\WINDOWS\Installer\93a37cb.msi

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))

*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 14:06:06 1840424]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 09:20:12 1305408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-02-27 05:22:10 1368064]
"IntelWireless"="C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-02-27 04:40:52 1202448]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 06:31:00 16857600]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 05:32:00 89541]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2009-11-20 19:32:14 12669544]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2009-11-20 19:32:14 110184]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 07:55:10 55824]
"MGSysCtrl"="C:\Program Files\System Control Manager\MGSysCtrl.exe" [2007-11-21 09:33:20 180224]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 22:31:38 348624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 12:00:00 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2007-11-1 421888]
SetPointII.lnk - C:\Program Files\Logitech\SetPoint II\SetpointII.exe [2009-7-21 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"NoHotStart"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoHotStart"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Vypress Chat StartUp.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Vypress Chat StartUp.lnk
backup=C:\WINDOWS\pss\Vypress Chat StartUp.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^majmo^Nabídka Start^Programy^Po spuštění^twhirl.lnk]
path=C:\Documents and Settings\majmo\Nabídka Start\Programy\Po spuštění\twhirl.lnk
backup=C:\WINDOWS\pss\twhirl.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07:56 843712 ----a-r- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41:07 37296 ----a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-04-16 07:41:18 102400 ----a-w- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2012-03-28 00:53:14 404568 ----a-w- C:\Documents and Settings\All Users\Data aplikací\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonHK]
2007-03-15 14:37:20 32768 ----a-w- C:\WINDOWS\BisonCam\BisonHK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BsMnt]
2007-03-15 14:34:06 172032 ----a-w- C:\WINDOWS\BisonCam\BsMnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 11:46:44 462920 ----a-w- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-09 13:39:52 570664 ----a-w- C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 07:27:14 17351304 ----a-r- C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-03 09:30:44 1242448 ----a-w- C:\Games\Steam\Steam.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"C:\\Program Files\\Vypress Chat\\VyChat.exe"=
"D:\\WPMP150\\miranda32.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Games\\Steam\\Steam.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Games\\Steam\\steamapps\\_majmo\\opposing force\\hl.exe"=
"C:\\Games\\Steam\\steamapps\\common\\grand theft auto\\WINO\\Grand Theft Auto.exe"=
"C:\\Games\\Steam\\steamapps\\common\\grand theft auto 3\\gta3.exe"=
"C:\\Games\\Steam\\steamapps\\common\\grand theft auto 2\\gta2.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Microsoft Garage\\Mouse without Borders\\MouseWithoutBorders.exe"=
"C:\\Games\\Steam\\steamapps\\common\\magic the gathering tactics\\LaunchPad.exe"=
"C:\\Games\\Steam\\steamapps\\_majmo\\counter-strike\\hl.exe"=
"C:\\Games\\Steam\\steamapps\\_majmo\\source sdk base 2007\\hl2.exe"=
"C:\\Games\\Steam\\steamapps\\_majmo\\half-life\\hl.exe"=
"C:\\Games\\Steam\\steamapps\\common\\realm of the mad god\\Realm of the Mad God.exe"=
"C:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"47624:TCP"= 47624:TCP:gta port
"47624:UDP"= 47624:UDP:gta port 2

R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [20.9.2009 11:18:27 722416]
R1 avkmgr;avkmgr;C:\WINDOWS\system32\drivers\avkmgr.sys [16.7.2012 17:12:43 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\WINDOWS\system32\drivers\dtsoftbus01.sys [8.2.2011 17:06:30 218688]
R1 SbFw;SbFw;C:\WINDOWS\system32\drivers\SbFw.sys [4.10.2009 11:07:28 270888]
R1 sbhips;Sunbelt HIPS Driver;C:\WINDOWS\system32\drivers\sbhips.sys [21.6.2008 04:54:54 66600]
R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\drivers\VBoxDrv.sys [23.11.2009 18:52:06 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\drivers\VBoxUSBMon.sys [23.11.2009 18:48:57 91440]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [16.7.2012 17:12:44 86224]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [15.6.2011 16:53:02 233472]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\drivers\LBeepKE.sys [25.6.2010 11:36:46 10384]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [14.7.2012 17:26:29 655944]
R2 NishService;SCM Driver Daemon;C:\Program Files\System Control Manager\edd.exe [16.11.2010 19:57:01 40960]
R2 NTPCI;NTPCI;C:\WINDOWS\system32\drivers\ntpci.sys [20.9.2009 10:42:03 5632]
R2 PanService;PandoraService;C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [8.6.2012 09:52:38 578264]
R2 SbPF.Launcher;SbPF.Launcher;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 07:24:28 95528]
R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 07:24:28 1365288]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [15.6.2011 16:53:02 36608]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\system32\drivers\mbam.sys [14.7.2012 17:26:28 22344]
R3 MGHwCtrl;MGHwCtrl;C:\WINDOWS\system32\drivers\MGHwCtrl.sys [16.11.2010 19:57:01 9088]
R3 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\drivers\o2media.sys [20.9.2009 10:42:03 51160]
R3 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\drivers\o2sd.sys [20.9.2009 10:42:04 43736]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\WINDOWS\system32\drivers\SbFwIm.sys [4.10.2009 11:07:28 65576]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\WINDOWS\system32\drivers\VBoxNetAdp.sys [23.11.2009 18:51:09 104752]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;C:\WINDOWS\system32\drivers\VBoxNetFlt.sys [19.12.2011 15:11:58 116016]
S2 MouseWithoutBordersSvc;Mouse without Borders Service;C:\Program Files\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [19.9.2011 16:56:20 17920]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30.6.2012 23:43:08 250056]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\drivers\Amps2prt.sys [10.2.2007 02:04:50 14336]
S3 Andbus;LGE Android Platform Composite USB Device;C:\WINDOWS\system32\drivers\lgandbus.sys [11.7.2012 12:13:49 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\WINDOWS\system32\drivers\lganddiag.sys [11.7.2012 12:13:49 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\WINDOWS\system32\drivers\lgandgps.sys [11.7.2012 12:13:49 20096]
S3 ANDModem;LGE Android Platform USB Modem;C:\WINDOWS\system32\drivers\lgandmodem.sys [11.7.2012 12:13:49 25088]
S3 androidusb;ADB Interface Driver;C:\WINDOWS\system32\drivers\lgandadb.sys [11.7.2012 12:13:49 25728]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\drivers\ggflt.sys [9.1.2010 11:02:14 13352]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [3.5.2012 15:49:54 113120]

Obsah adresáře 'Naplánované úlohy'

2012-07-20 C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-30 21:43:08 . 2012-07-12 07:25:24]

------- Doplňkový sken -------

IE: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
IE: ÓĂ±ČĚŘľ«ÁéĎÂÔŘ(&B)
TCP: DhcpNameServer = 10.3.1.1 192.168.0.1
FF - ProfilePath - C:\Documents and Settings\majmo\Data aplikací\Mozilla\Firefox\Profiles\w5k2or00.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - user.js: extensions.softonic_i.newTab - false
FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00005/tb_ ... e=1&cc=&q=
FF - user.js: extensions.softonic_i.id - f450c33a000000000000002185db789a
FF - user.js: extensions.softonic_i.instlDay - 15363
FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.516:12:07
FF - user.js: extensions.softonic_i.prtnrId - softonic
FF - user.js: extensions.softonic_i.prdct - softonic
FF - user.js: extensions.softonic_i.aflt - SD
FF - user.js: extensions.softonic_i.smplGrp - eng7
FF - user.js: extensions.softonic_i.tlbrId - en11DECdefault
FF - user.js: extensions.softonic_i.instlRef - MON00005
FF - user.js: extensions.softonic_i.dfltLng -
FF - user.js: extensions.softonic_i.excTlbr - false

**************************************************************************

bluu · Příspěvekod **bluu** » 20 črc 2012 13:33

Tady je HijackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:32:23, on 20.7.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
C:\Program Files\System Control Manager\edd.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
C:\Program Files\Microsoft Garage\Mouse without Borders\DDHelper.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\majmo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 11107 bytes

Příspěvekod **jaro3** » 21 črc 2012 11:01

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

DDS::
IE: ÓĂ±ČĚŘľ«ÁéĎÂÔŘ(&B)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\WINDOWS\system32\samsrv.dll

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

bluu · Příspěvekod **bluu** » 23 črc 2012 11:01

ComboFix 12-07-21.01 - majmo 23.07.2012 10:37:02.14.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2662 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\majmo\Plocha\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\majmo\Plocha\CFScript.txt
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))

-- Předchozí spuštění --

Nakažená kopie C:\WINDOWS\system32\samsrv.dll byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{1B55DE49-3831-42ED-8A0B-4F3CACDBE394}\RP6\A0003641.dll

--------

Nakažená kopie C:\WINDOWS\system32\Services.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\WINDOWS\ERDNT\cache\services.exe

((((((((((((((((((((((((( Soubory vytvořené od 2012-06-23 do 2012-07-23 )))))))))))))))))))))))))))))))

2012-07-20 15:27:34 . 2012-07-22 17:14:22 -------- d-----w- C:\100_PANA
2012-07-19 09:52:19 . 2012-07-19 09:54:23 -------- d-----w- C:\Documents and Settings\majmo\Data aplikací\FreeCAD
2012-07-19 09:51:31 . 2012-07-19 09:51:31 -------- d-----w- C:\Program Files\FreeCAD0.12
2012-07-19 08:54:18 . 2012-07-19 08:54:18 -------- d-----w- C:\Program Files\Google
2012-07-18 10:59:30 . 2012-07-18 10:59:31 -------- d-----w- C:\Program Files\DVD Shrink
2012-07-18 10:51:15 . 2012-07-18 11:14:09 -------- d-----w- C:\Program Files\Chopper XP
2012-07-14 15:43:05 . 2012-07-14 15:43:11 -------- d-----w- C:\Program Files\CrystalDiskInfo
2012-07-14 15:36:06 . 2012-07-14 15:39:36 -------- d-----w- C:\Program Files\WhoCrashed
2012-07-14 15:26:28 . 2012-07-14 15:26:31 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-07-14 15:26:28 . 2012-07-03 11:46:44 22344 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2012-07-14 11:52:55 . 2012-07-14 11:52:55 388096 ----a-r- C:\Documents and Settings\majmo\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-14 11:52:55 . 2012-07-14 11:52:55 -------- d-----w- C:\Program Files\Trend Micro
2012-07-12 10:17:04 . 2012-07-22 14:32:31 967 ----a-w- C:\WINDOWS\ScUnin.pif
2012-07-12 10:17:04 . 2012-07-22 14:32:31 70656 ----a-w- C:\WINDOWS\ScUnin.exe
2012-07-11 10:13:49 . 2012-07-11 10:13:49 -------- d-----w- C:\Program Files\LG Electronics
2012-07-11 10:13:49 . 2012-03-02 14:02:00 25728 ----a-w- C:\WINDOWS\system32\drivers\lgandadb.sys
2012-07-11 10:13:49 . 2012-03-02 14:02:00 25088 ----a-w- C:\WINDOWS\system32\drivers\lgandmodem.sys
2012-07-11 10:13:49 . 2012-03-02 14:02:00 20736 ----a-w- C:\WINDOWS\system32\drivers\lganddiag.sys
2012-07-11 10:13:49 . 2012-03-02 14:02:00 20096 ----a-w- C:\WINDOWS\system32\drivers\lgandgps.sys
2012-07-11 10:13:49 . 2012-03-02 14:02:00 14336 ----a-w- C:\WINDOWS\system32\drivers\lgandbus.sys
2012-06-30 21:43:08 . 2012-07-12 07:25:24 70344 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2012-06-30 21:43:08 . 2012-07-12 07:25:24 426184 ----a-w- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-06-27 16:33:37 . 2012-06-27 16:33:37 -------- d-----w- C:\Documents and Settings\majmo\Data aplikací\.minecraft_xray
.

(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-07-12 07:25:21 . 2012-06-23 07:30:29 9822920 ----a-w- C:\WINDOWS\system32\FlashPlayerInstaller.exe
2012-06-13 13:55:23 . 2008-04-14 12:00:00 1866112 ----a-w- C:\WINDOWS\system32\win32k.sys
2012-06-05 15:49:58 . 2008-04-14 12:00:00 1372672 ----a-w- C:\WINDOWS\system32\msxml6.dll
2012-06-05 15:49:57 . 2008-04-14 12:00:00 1172480 ----a-w- C:\WINDOWS\system32\msxml3.dll
2012-06-04 04:32:38 . 2008-04-14 12:00:00 152576 ----a-w- C:\WINDOWS\system32\schannel.dll
2012-06-02 13:19:46 . 2008-10-16 12:07:46 15384 ----a-w- C:\WINDOWS\system32\wuaucpl.cpl.mui
2012-06-02 13:19:44 . 2008-10-16 12:08:56 22552 ----a-w- C:\WINDOWS\system32\wucltui.dll.mui
2012-06-02 13:19:38 . 2009-09-19 19:23:59 210968 ----a-w- C:\WINDOWS\system32\wuweb.dll
2012-06-02 13:19:38 . 2009-09-19 19:23:58 329240 ----a-w- C:\WINDOWS\system32\wucltui.dll
2012-06-02 13:19:38 . 2009-09-19 19:23:58 219160 ----a-w- C:\WINDOWS\system32\wuaucpl.cpl
2012-06-02 13:19:34 . 2009-09-19 19:23:58 53784 ----a-w- C:\WINDOWS\system32\wuauclt.exe
2012-06-02 13:19:34 . 2009-09-19 19:23:58 35864 ----a-w- C:\WINDOWS\system32\wups.dll
2012-06-02 13:19:34 . 2008-10-16 12:09:44 45080 ----a-w- C:\WINDOWS\system32\wups2.dll
2012-06-02 13:19:34 . 2008-10-16 12:07:48 15384 ----a-w- C:\WINDOWS\system32\wuapi.dll.mui
2012-06-02 13:19:34 . 2008-10-16 12:07:14 18456 ----a-w- C:\WINDOWS\system32\wuaueng.dll.mui
2012-06-02 13:19:34 . 2008-04-14 12:00:00 97304 ----a-w- C:\WINDOWS\system32\cdm.dll
2012-06-02 13:19:24 . 2009-09-19 19:23:58 577048 ----a-w- C:\WINDOWS\system32\wuapi.dll
2012-06-02 13:19:18 . 2009-09-19 19:23:58 1933848 ----a-w- C:\WINDOWS\system32\wuaueng.dll
2012-05-31 13:22:06 . 2008-04-14 12:00:00 602112 ----a-w- C:\WINDOWS\system32\crypt32.dll
2012-05-16 07:59:11 . 2008-04-14 12:00:00 668160 ----a-w- C:\WINDOWS\system32\wininet.dll
2012-05-05 03:14:53 . 2008-04-14 12:00:00 2150400 ----a-w- C:\WINDOWS\system32\ntoskrnl.exe
2012-05-05 03:14:53 . 2008-04-14 06:06:44 2028544 ----a-w- C:\WINDOWS\system32\ntkrnlpa.exe
2012-05-02 13:46:39 . 2009-09-19 19:21:55 139656 ----a-w- C:\WINDOWS\system32\drivers\rdpwd.sys
2012-06-18 04:46:08 . 2011-03-24 21:12:21 85472 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[-] 2009-09-16 17:38:14 . AE54240559D3E4F5D6D1AA661FA71247 . 1571840 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll

((((((((((((((((((((((((((((( SnapShot@2012-07-16_14.41.01 )))))))))))))))))))))))))))))))))))))))))

+ 2011-05-13 23:06:18 . 2011-05-13 23:06:18 57856 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-13 23:23:14 . 2011-05-13 23:23:14 69632 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-13 16:37:56 . 2011-05-13 16:37:56 97280 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
+ 2012-07-23 08:49:02 . 2012-07-23 08:49:02 16384 C:\WINDOWS\temp\Perflib_Perfdata_608.dat
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 51024 C:\WINDOWS\system32\vcomp100.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 81744 C:\WINDOWS\system32\mfcm100u.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 81744 C:\WINDOWS\system32\mfcm100.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 60752 C:\WINDOWS\system32\mfc100rus.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 43344 C:\WINDOWS\system32\mfc100kor.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 43856 C:\WINDOWS\system32\mfc100jpn.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 62288 C:\WINDOWS\system32\mfc100ita.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 36176 C:\WINDOWS\system32\mfc100cht.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 36176 C:\WINDOWS\system32\mfc100chs.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 64336 C:\WINDOWS\system32\mfc100fra.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 63824 C:\WINDOWS\system32\mfc100esn.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 55120 C:\WINDOWS\system32\mfc100enu.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 64336 C:\WINDOWS\system32\mfc100deu.dll
+ 2012-07-12 10:17:06 . 2012-07-22 14:32:32 29257 C:\WINDOWS\scunin.dat
+ 2012-07-19 09:51:40 . 2012-07-19 09:51:40 18944 C:\WINDOWS\Installer\{81ABC4A0-DE63-11DE-8A39-0800200C9A66}\FreeCADCMDIcon.exe
+ 2009-07-11 22:02:02 . 2009-07-11 22:02:02 653120 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02:00 . 2009-07-11 22:02:00 569664 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 22:05:16 . 2009-07-11 22:05:16 225280 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2011-05-13 23:17:40 . 2011-05-13 23:17:40 632656 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
+ 2011-05-13 23:12:34 . 2011-05-13 23:12:34 554832 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
+ 2011-05-13 23:11:32 . 2011-05-13 23:11:32 479232 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
+ 2011-02-18 22:40:50 . 2011-02-18 22:40:50 773968 C:\WINDOWS\system32\msvcr100.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 421200 C:\WINDOWS\system32\msvcp100.dll
- 2010-03-18 07:15:26 . 2010-03-18 07:15:26 421200 C:\WINDOWS\system32\msvcp100.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 138056 C:\WINDOWS\system32\atl100.dll
+ 2012-07-16 15:11:25 . 2012-07-16 15:11:25 160768 C:\WINDOWS\Installer\19b45b.msi
+ 2012-07-19 09:51:40 . 2012-07-19 09:51:40 125952 C:\WINDOWS\Installer\{81ABC4A0-DE63-11DE-8A39-0800200C9A66}\FreeCADIcon.exe
+ 2011-05-13 18:04:20 . 2011-05-13 18:04:20 1093120 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
+ 2011-05-13 18:04:20 . 2011-05-13 18:04:20 1101824 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 4422992 C:\WINDOWS\system32\mfc100u.dll
+ 2011-02-19 21:03:12 . 2011-02-19 21:03:12 4397384 C:\WINDOWS\system32\mfc100.dll
+ 2012-07-19 09:51:40 . 2012-07-19 09:51:40 1269248 C:\WINDOWS\Installer\96eaf7f.msi
+ 2012-07-19 08:54:35 . 2012-07-19 08:54:35 16799744 C:\WINDOWS\Installer\93a37cb.msi

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))

*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 14:06:06 1840424]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 09:20:12 1305408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-02-27 05:22:10 1368064]
"IntelWireless"="C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-02-27 04:40:52 1202448]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 06:31:00 16857600]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 05:32:00 89541]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2009-11-20 19:32:14 12669544]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2009-11-20 19:32:14 110184]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 07:55:10 55824]
"MGSysCtrl"="C:\Program Files\System Control Manager\MGSysCtrl.exe" [2007-11-21 09:33:20 180224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 12:00:00 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2007-11-1 421888]
SetPointII.lnk - C:\Program Files\Logitech\SetPoint II\SetpointII.exe [2009-7-21 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"NoHotStart"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoHotStart"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Vypress Chat StartUp.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Vypress Chat StartUp.lnk
backup=C:\WINDOWS\pss\Vypress Chat StartUp.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^majmo^Nabídka Start^Programy^Po spuštění^twhirl.lnk]
path=C:\Documents and Settings\majmo\Nabídka Start\Programy\Po spuštění\twhirl.lnk
backup=C:\WINDOWS\pss\twhirl.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07:56 843712 ----a-r- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41:07 37296 ----a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-04-16 07:41:18 102400 ----a-w- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2012-03-28 00:53:14 404568 ----a-w- C:\Documents and Settings\All Users\Data aplikací\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonHK]
2007-03-15 14:37:20 32768 ----a-w- C:\WINDOWS\BisonCam\BisonHK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BsMnt]
2007-03-15 14:34:06 172032 ----a-w- C:\WINDOWS\BisonCam\BsMnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 11:46:44 462920 ----a-w- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-09 13:39:52 570664 ----a-w- C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 07:27:14 17351304 ----a-r- C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-03 09:30:44 1242448 ----a-w- C:\Games\Steam\Steam.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"C:\\Program Files\\Vypress Chat\\VyChat.exe"=
"D:\\WPMP150\\miranda32.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Games\\Steam\\Steam.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Games\\Steam\\steamapps\\_majmo\\opposing force\\hl.exe"=
"C:\\Games\\Steam\\steamapps\\common\\grand theft auto\\WINO\\Grand Theft Auto.exe"=
"C:\\Games\\Steam\\steamapps\\common\\grand theft auto 3\\gta3.exe"=
"C:\\Games\\Steam\\steamapps\\common\\grand theft auto 2\\gta2.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Microsoft Garage\\Mouse without Borders\\MouseWithoutBorders.exe"=
"C:\\Games\\Steam\\steamapps\\common\\magic the gathering tactics\\LaunchPad.exe"=
"C:\\Games\\Steam\\steamapps\\_majmo\\counter-strike\\hl.exe"=
"C:\\Games\\Steam\\steamapps\\_majmo\\source sdk base 2007\\hl2.exe"=
"C:\\Games\\Steam\\steamapps\\_majmo\\half-life\\hl.exe"=
"C:\\Games\\Steam\\steamapps\\common\\realm of the mad god\\Realm of the Mad God.exe"=
"C:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"47624:TCP"= 47624:TCP:gta port
"47624:UDP"= 47624:UDP:gta port 2

R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [20.9.2009 11:18:27 722416]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\WINDOWS\system32\drivers\dtsoftbus01.sys [8.2.2011 17:06:30 218688]
R1 SbFw;SbFw;C:\WINDOWS\system32\drivers\SbFw.sys [4.10.2009 11:07:28 270888]
R1 sbhips;Sunbelt HIPS Driver;C:\WINDOWS\system32\drivers\sbhips.sys [21.6.2008 04:54:54 66600]
R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\drivers\VBoxDrv.sys [23.11.2009 18:52:06 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\drivers\VBoxUSBMon.sys [23.11.2009 18:48:57 91440]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [15.6.2011 16:53:02 233472]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\drivers\LBeepKE.sys [25.6.2010 11:36:46 10384]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [14.7.2012 17:26:29 655944]
R2 NishService;SCM Driver Daemon;C:\Program Files\System Control Manager\edd.exe [16.11.2010 19:57:01 40960]
R2 NTPCI;NTPCI;C:\WINDOWS\system32\drivers\ntpci.sys [20.9.2009 10:42:03 5632]
R2 PanService;PandoraService;C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [8.6.2012 09:52:38 578264]
R2 SbPF.Launcher;SbPF.Launcher;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 07:24:28 95528]
R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 07:24:28 1365288]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [15.6.2011 16:53:02 36608]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\system32\drivers\mbam.sys [14.7.2012 17:26:28 22344]
R3 MGHwCtrl;MGHwCtrl;C:\WINDOWS\system32\drivers\MGHwCtrl.sys [16.11.2010 19:57:01 9088]
R3 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\drivers\o2media.sys [20.9.2009 10:42:03 51160]
R3 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\drivers\o2sd.sys [20.9.2009 10:42:04 43736]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\WINDOWS\system32\drivers\SbFwIm.sys [4.10.2009 11:07:28 65576]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\WINDOWS\system32\drivers\VBoxNetAdp.sys [23.11.2009 18:51:09 104752]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;C:\WINDOWS\system32\drivers\VBoxNetFlt.sys [19.12.2011 15:11:58 116016]
S2 MouseWithoutBordersSvc;Mouse without Borders Service;C:\Program Files\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [19.9.2011 16:56:20 17920]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30.6.2012 23:43:08 250056]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\drivers\Amps2prt.sys [10.2.2007 02:04:50 14336]
S3 Andbus;LGE Android Platform Composite USB Device;C:\WINDOWS\system32\drivers\lgandbus.sys [11.7.2012 12:13:49 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\WINDOWS\system32\drivers\lganddiag.sys [11.7.2012 12:13:49 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\WINDOWS\system32\drivers\lgandgps.sys [11.7.2012 12:13:49 20096]
S3 ANDModem;LGE Android Platform USB Modem;C:\WINDOWS\system32\drivers\lgandmodem.sys [11.7.2012 12:13:49 25088]
S3 androidusb;ADB Interface Driver;C:\WINDOWS\system32\drivers\lgandadb.sys [11.7.2012 12:13:49 25728]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\drivers\ggflt.sys [9.1.2010 11:02:14 13352]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [3.5.2012 15:49:54 113120]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - FSUSBEXDISK

Obsah adresáře 'Naplánované úlohy'

2012-07-23 C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-30 21:43:08 . 2012-07-12 07:25:24]

------- Doplňkový sken -------

IE: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
IE: ÓĂ±ČĚŘľ«ÁéĎÂÔŘ(&B)
TCP: DhcpNameServer = 10.3.1.1 192.168.0.1
FF - ProfilePath - C:\Documents and Settings\majmo\Data aplikací\Mozilla\Firefox\Profiles\w5k2or00.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - user.js: extensions.softonic_i.newTab - false
FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00005/tb_ ... e=1&cc=&q=
FF - user.js: extensions.softonic_i.id - f450c33a000000000000002185db789a
FF - user.js: extensions.softonic_i.instlDay - 15363
FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.516:12:07
FF - user.js: extensions.softonic_i.prtnrId - softonic
FF - user.js: extensions.softonic_i.prdct - softonic
FF - user.js: extensions.softonic_i.aflt - SD
FF - user.js: extensions.softonic_i.smplGrp - eng7
FF - user.js: extensions.softonic_i.tlbrId - en11DECdefault
FF - user.js: extensions.softonic_i.instlRef - MON00005
FF - user.js: extensions.softonic_i.dfltLng -
FF - user.js: extensions.softonic_i.excTlbr - false

Virus total nic nenašel.

Příspěvekod **jaro3** » 23 črc 2012 11:09

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\WINDOWS\system32\Services.exe
C:\WINDOWS\system32\samsrv.dll

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

Prosim o kontrolu logu, na notesu obcas zcela nahodne BSOD Vyřešeno

Re: Prosim o kontrolu logu, na notesu obcas zcela nahodne BS

Re: Prosim o kontrolu logu, na notesu obcas zcela nahodne BS

Re: Prosim o kontrolu logu, na notesu obcas zcela nahodne BS

Re: Prosim o kontrolu logu, na notesu obcas zcela nahodne BS

Re: Prosim o kontrolu logu, na notesu obcas zcela nahodne BS

Re: Prosim o kontrolu logu, na notesu obcas zcela nahodne BS

Re: Prosim o kontrolu logu, na notesu obcas zcela nahodne BS

Re: Prosim o kontrolu logu, na notesu obcas zcela nahodne BS

Re: Prosim o kontrolu logu, na notesu obcas zcela nahodne BS

Re: Prosim o kontrolu logu, na notesu obcas zcela nahodne BS

Re: Prosim o kontrolu logu, na notesu obcas zcela nahodne BS

Re: Prosim o kontrolu logu, na notesu obcas zcela nahodne BS

Kdo je online