HijackExe vír

[Brunot]

Zdravím, dnes som sa dostal k problému s vírusom. Len tak som hľadal niečo týkajúce sa akordov k gitare a naraz sa spustil update Adobe Readeru. Samozrejme mi to prišlo zvláštne, tak som ho samozrejme zakázal spustiť. Potom som rýchlo skontrolovat či sa neobjavilo niečo podozrelé v Task manageri. Nič zvláštneho som nevidel, ale potom som zistil, že antivirus bol deaktivovaný(Avira). Potom naraz nešiel spustiť žiaden .exe súbor(tabuľka "aký program chcete použiť k spusteniu") a defaultny prehliadavač bol nastavený na internet explorer. Rýchlo som reštartoval PC a išiel do Safe modu, a odtamdiaľ stiahol Kasperky Virus RT a MBAM. Po skene MBAMom boli nájdené tri súbory, po ktorých sa vyriešil problém s EXE spustanim a inym podozrivym chovanim.
Log z MBAM:
19. 8. 2011 18:46:31
mbam-log-2011-08-19 (18-46-31).txt

Typ kontroly: Rýchla kontrola
Objektov kontrolovaných: 204696
Uplynutý čas: 2 min, 56 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 2
Infikované položky registračných dát: 1
Infikované priečinky: 0
Infikované súbory: 0

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
(Škodlivé položky neboli zistené)

Infikované registračné hodnoty:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1538500272 (Trojan.FakeAlert) -> Value: 1538500272 -> Quarantined and deleted successfully.

Infikované položky registračných dát:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Users\Bruni\AppData\Local\pua.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
(Škodlivé položky neboli zistené)


Vymazal som dočasné dáta a cookies z prehliadača pomocou CC cleaner. Potom som spustil PC normálne, a som teda tu. Ale aj tak mám zvláštny pocit. Moje využitie pamäte je vyššie ako zvyčajne, ale môže to byť spôsobené mnohými skenmi a bežiacim AV a MBAM, alebo som len paranoidný, ale aj tak som sa rozhodol napísať, hlavne po tom čo som našiel súbor TkBellExe, kde po kontroli s googlom som zistil že môže byť pridružený k W.32Lovegate.
Naviac nezdá sa mi ani nový kolónka "start" po kliknutí pravým tlačítkom na ikony. Nemyslím, že tam predtým bola, ale ani neviem k čomu patrí.
http://img710.imageshack.us/img710/4010 ... acitko.jpg

Takisto som si všimol zvýšený odber pamäte pri svchvost.exe a SearchIndexer.exe ale po konzultácií s Googlom väčšina zdrojov tvrdila, že je to bežné. Nakoniec ešte pridávam log z RSIT
Logfile of random's system information tool 1.08 (written by random/random)
Run by Bruni at 2011-08-19 21:11:26
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 56 GB (12%) free of 477 GB
Total RAM: 4094 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:11:29, on 19. 8. 2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18639)
Boot mode: Normal

Running processes:
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\Bruni\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Bruni.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Reader\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Bruni\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [HDAudDeck] "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4013114538-4148600242-2805313386-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - Startup: _uninst_.lnk = C:\Users\Bruni\AppData\Local\Temp\_uninst_.bat
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Bruni\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Bruni\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Bruni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/stati ... 0.53.2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Desura Install Service - Desura Pty Ltd - C:\Program Files (x86)\Common Files\Desura\desura_service.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10406 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files (x86)\Reader\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-08-18 414416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}]
FlashGetBHO - C:\Users\Bruni\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll [2009-12-22 157232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2008-12-10 929224]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2008-01-18 14593024]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2010-08-02 281768]
""= []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"AppleSyncNotifier"=C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2011-04-20 58656]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2011-07-06 449584]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"=grpconv -o []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1555968]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 138240]

C:\Users\Bruni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
_uninst_.lnk - C:\Users\Bruni\AppData\Local\Temp\_uninst_.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe"="C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2011-08-19 19:07:48 ----ASH---- C:\hiberfil.sys
2011-08-19 19:03:27 ----A---- C:\Windows\ntbtlog.txt
2011-08-19 19:03:22 ----D---- C:\ProgramData\Kaspersky Lab
2011-08-19 18:23:32 ----D---- C:\Windows\Minidump
2011-08-18 16:33:06 ----D---- C:\Program Files (x86)\Codemasters
2011-08-18 16:20:52 ----D---- C:\Program Files (x86)\7-Zip
2011-08-18 15:18:10 ----D---- C:\OFP
2011-08-18 00:37:16 ----D---- C:\Program Files (x86)\Common Files\xing shared
2011-08-18 00:37:04 ----A---- C:\Windows\SysWOW64\rmoc3260.dll
2011-08-18 00:36:56 ----A---- C:\Windows\SysWOW64\pndx5032.dll
2011-08-18 00:36:56 ----A---- C:\Windows\SysWOW64\pndx5016.dll
2011-08-18 00:36:55 ----A---- C:\Windows\SysWOW64\pncrt.dll
2011-08-18 00:36:41 ----D---- C:\Program Files (x86)\Real
2011-08-18 00:36:40 ----D---- C:\ProgramData\Real
2011-08-18 00:36:38 ----D---- C:\Users\Bruni\AppData\Roaming\Real
2011-08-15 23:51:30 ----D---- C:\FHII
2011-08-11 22:42:52 ----D---- C:\Program Files (x86)\Cyklotrasy SK
2011-08-09 18:49:43 ----D---- C:\Program Files (x86)\LogMeIn Hamachi
2011-08-07 18:06:30 ----A---- C:\Windows\SysWOW64\OpenCL.dll
2011-08-07 18:06:30 ----A---- C:\Windows\SysWOW64\nvwgf2um.dll
2011-08-07 18:06:30 ----A---- C:\Windows\SysWOW64\nvoglv32.dll
2011-08-07 18:06:29 ----A---- C:\Windows\SysWOW64\nvd3dum.dll
2011-08-07 18:06:29 ----A---- C:\Windows\SysWOW64\nvcuvid.dll
2011-08-07 18:06:29 ----A---- C:\Windows\SysWOW64\nvcuvenc.dll
2011-08-07 18:06:29 ----A---- C:\Windows\SysWOW64\nvcuda.dll
2011-08-07 18:06:29 ----A---- C:\Windows\SysWOW64\nvcompiler.dll
2011-08-07 18:06:29 ----A---- C:\Windows\SysWOW64\nvapi.dll
2011-08-07 16:59:13 ----D---- C:\Windows\1C4551A64743409391E41477CD655043.TMP
2011-08-07 15:55:22 ----D---- C:\Users\Bruni\AppData\Roaming\ZipGenius
2011-08-04 13:13:58 ----D---- C:\Program Files (x86)\Firaxis Games
2011-07-31 23:28:31 ----D---- C:\Program Files (x86)\Black Isle
2011-07-31 01:17:30 ----AH---- C:\U_AVA_Setup.exe_neobit.fsi
2011-07-28 16:47:01 ----D---- C:\GUN
2011-07-28 16:21:40 ----D---- C:\BGII
2011-07-25 20:41:01 ----D---- C:\Users\Bruni\AppData\Roaming\Mount&Blade Warband
2011-07-25 20:04:06 ----D---- C:\Program Files (x86)\Common Files\Desura
2011-07-25 20:02:22 ----D---- C:\ProgramData\Desura
2011-07-25 20:02:20 ----D---- C:\Program Files (x86)\Desura
2011-07-25 18:24:39 ----D---- C:\Users\Bruni\AppData\Roaming\RigNRoll_usa_ws
2011-07-25 18:23:18 ----RA---- C:\Windows\SysWOW64\tmpBAD8.tmp
2011-07-25 18:23:18 ----A---- C:\Windows\SysWOW64\wrap_oal.dll
2011-07-25 18:23:18 ----A---- C:\Windows\SysWOW64\OpenAL32.dll
2011-07-25 00:02:26 ----D---- C:\Program Files (x86)\Bonjour
2011-07-25 00:01:05 ----D---- C:\Program Files (x86)\Apple Software Update

======List of files/folders modified in the last 1 months======

2011-08-19 21:11:28 ----D---- C:\Program Files (x86)\trend micro
2011-08-19 21:09:27 ----D---- C:\Windows\Temp
2011-08-19 19:13:22 ----SHD---- C:\System Volume Information
2011-08-19 19:12:03 ----D---- C:\Windows
2011-08-19 19:08:08 ----AD---- C:\ProgramData\TEMP
2011-08-19 19:07:56 ----D---- C:\ProgramData\NVIDIA
2011-08-19 19:03:22 ----HD---- C:\ProgramData
2011-08-19 18:51:55 ----D---- C:\Windows\Debug
2011-08-19 18:41:18 ----D---- C:\Windows\SysWOW64\drivers
2011-08-19 18:41:18 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-19 18:27:36 ----D---- C:\Program Files (x86)
2011-08-19 16:53:56 ----D---- C:\Users\Bruni\AppData\Roaming\uTorrent
2011-08-19 16:53:19 ----D---- C:\Program Files (x86)\Steam
2011-08-18 16:32:20 ----RD---- C:\Program Files
2011-08-18 15:35:52 ----D---- C:\Users\Bruni\AppData\Roaming\BITS
2011-08-18 15:34:09 ----D---- C:\Downloads
2011-08-18 03:17:29 ----D---- C:\Users\Bruni\AppData\Roaming\Xfire
2011-08-18 00:37:21 ----SHD---- C:\Windows\Installer
2011-08-18 00:37:16 ----D---- C:\Program Files (x86)\Common Files
2011-08-18 00:37:04 ----D---- C:\Windows\SysWOW64
2011-08-18 00:36:49 ----A---- C:\Windows\SysWOW64\msvcp71.dll
2011-08-17 23:27:50 ----A---- C:\Windows\SysWOW64\PnkBstrB.exe
2011-08-16 00:25:54 ----D---- C:\Battlefield2
2011-08-14 19:58:52 ----D---- C:\ProgramData\Xfire
2011-08-12 10:36:55 ----D---- C:\Windows\winsxs
2011-08-10 22:30:37 ----D---- C:\Dragon Age
2011-08-08 00:17:06 ----D---- C:\Windows\System32
2011-08-08 00:11:20 ----SD---- C:\ProgramData\Microsoft
2011-08-07 18:15:55 ----D---- C:\ProgramData\BioWare
2011-08-07 18:13:59 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-08-07 18:12:35 ----D---- C:\Windows\inf
2011-08-07 18:11:08 ----RD---- C:\Users
2011-08-07 18:11:01 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2011-08-07 18:04:54 ----D---- C:\Hearts of Iron
2011-08-07 16:59:06 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-08-07 16:59:03 ----D---- C:\ProgramData\Media Center Programs
2011-08-07 16:58:49 ----D---- C:\Program Files (x86)\Common Files\BioWare
2011-08-07 16:41:29 ----D---- C:\Games
2011-08-07 03:44:18 ----D---- C:\Users\Bruni\AppData\Roaming\Skype
2011-08-04 11:59:43 ----D---- C:\Program Files (x86)\Common Files\Steam
2011-08-02 13:47:06 ----RD---- C:\Program Files (x86)\Skype
2011-08-02 13:47:03 ----D---- C:\ProgramData\Skype
2011-08-02 00:00:51 ----D---- C:\Users\Bruni\AppData\Roaming\skypePM
2011-08-01 20:00:51 ----D---- C:\ProgramData\Skype Extras
2011-08-01 12:17:24 ----D---- C:\PR
2011-07-31 20:45:04 ----D---- C:\Users\Bruni\AppData\Roaming\Mumble(PR Edition)
2011-07-31 17:22:31 ----D---- C:\GTA IV
2011-07-31 02:01:39 ----A---- C:\U_AVA_Setup.exe.part
2011-07-31 01:23:59 ----AH---- C:\U_AVA_Setup.exe.bfi
2011-07-30 23:56:39 ----D---- C:\Program Files (x86)\REACTOR
2011-07-27 12:49:07 ----A---- C:\Windows\SysWOW64\PnkBstrA.exe
2011-07-27 12:49:07 ----A---- C:\Windows\SysWOW64\pbsvc.exe
2011-07-25 18:22:51 ----RSD---- C:\Windows\assembly
2011-07-25 00:11:35 ----D---- C:\Program Files (x86)\Safari
2011-07-25 00:09:23 ----D---- C:\Program Files (x86)\iTunes
2011-07-25 00:08:30 ----D---- C:\Program Files (x86)\Common Files\Apple
2011-07-25 00:08:29 ----D---- C:\ProgramData\Apple Computer
2011-07-24 12:08:19 ----D---- C:\Windows\Microsoft.NET
2011-07-22 14:05:32 ----D---- C:\Program Files (x86)\Ask.com
2011-07-22 12:18:26 ----D---- C:\Windows\Prefetch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2007-02-07 14104]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys []
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys []
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 255552]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx64.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys []
S3 ALSysIO;ALSysIO; \??\C:\Users\Bruni\AppData\Local\Temp\ALSysIO64.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 dump_wmimmc;dump_wmimmc; \??\C:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [2005-01-02 4682]
S3 PAC207;Trust WB-1400T Webcam; C:\Windows\system32\DRIVERS\PFC027.SYS []
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-07-03 269480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2011-07-12 387944]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2011-07-27 75064]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
S3 Desura Install Service;Desura Install Service; C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2011-07-25 131400]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-11 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-07-19 934760]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2011-03-08 3986936]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-19 19968]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-08-03 411432]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[Rudy]

Ještě odinstalujte AskToolbar. Pak se ozvěte, zda ještě problém trvá.

[Brunot]

Toolbar som vymazal, mam v nich trochu neporiadok, keďže IE absolútne nepoužívam. Využite RAM je späť v normále, nevidím nič podozrivé, myslím že to je v poriadku. Ďakujem za uistenie.

[Rudy]

Nemáte zač!