Poprosím o kontrolu logu ZNOVA :(

Zpráva

MotorolaE680i · #1 Příspěvek od **MotorolaE680i** » 20 čer 2010 21:13

Po starte a nabehnuti windows trosku zamrzne na 10-20s a az potom zacne reagovat. Toto iste plati pre windows explorer a aj pre Operu browser. Dakujem za pomoc

Logfile of random's system information tool 1.07 (written by random/random)
Run by Lubino at 2010-06-20 22:10:28
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 51 GB (53%) free of 96 GB
Total RAM: 3032 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:10:52, on 20. 6. 2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\OEM\OSD_1.16\osd.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
D:\Program Files\OO Software\Defrag\oodtray.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
D:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Windows\explorer.exe
D:\Program Files\Opera\opera.exe
D:\Program Files\QIP\qip.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Users\Lubino\Desktop\RSIT.exe
C:\Program Files\trend micro\Lubino.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Lubino\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {43F31A50-EBB0-4926-A058-9F89EDC21C41} - C:\PROGRA~1\TNS Audit meter\iaudit_t.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Lubino\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [OSD] C:\Program Files\OEM\OSD_1.16\osd.exe
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [OODefragTray] D:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (User 'Default user')
O4 - Startup: Kalendár.lnk = C:\Windows\MENINY.EXE
O8 - Extra context menu item: &Stiahnuť položku pomocou FlashGetu - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stiahnuť všetky položky pomocou FlashGetu - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://D:\Microsoft Office\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Informácie o aplikácii TNS Audit - meter - {912B1533-A668-41B3-92E6-627B150EDB90} - http://monitor.idot.sk/info (file missing)
O9 - Extra 'Tools' menuitem: Plugin TNS Audit - meter - {912B1533-A668-41B3-92E6-627B150EDB90} - http://monitor.idot.sk/info (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - http://content.systemrequirementslab.co ... 1.64.0.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - http://srtest-cdn.systemrequirementslab ... detect.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.co ... 1.66.0.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - D:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: OSD Service (OsdService) - TODO: <????> - C:\Program Files\OEM\OSD_1.16\OsdService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Fujitsu Diagnostic Testhandler (TestHandler) - Fujitsu Technology Solutions - C:\Program Files\Fujitsu Siemens Computers\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: @D:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - D:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 9878 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43F31A50-EBB0-4926-A058-9F89EDC21C41}]
C:\PROGRA~1\TNS Audit meter\iaudit_t.dll [2008-04-28 641536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Users\Lubino\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2009-07-24 150768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - D:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"OSD"=C:\Program Files\OEM\OSD_1.16\osd.exe [2008-06-18 376832]
"avgnt"=D:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-24 282792]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-03-03 284696]
"OODefragTray"=D:\Program Files\OO Software\Defrag\oodtray.exe [2009-09-12 2524416]
"Malwarebytes' Anti-Malware"=D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-04-26 136216]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-04-26 171032]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-04-26 169496]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSCRecovery]
c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe [2008-06-18 268096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

C:\Users\Lubino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Kalendár.lnk - C:\Windows\MENINY.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-04-21 227328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8df5d5d9-cdcf-11de-bfb9-b046b6f72a31}]
shell\AutoRun\command - I:\laucher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d6ea765-236c-11de-90ad-0011679c93e6}]
shell\AutoRun\command - G:\AUTORUN.exe

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-06-20 22:10:28 ----D---- C:\rsit
2010-06-20 22:10:28 ----D---- C:\Program Files\trend micro
2010-06-18 18:24:10 ----AD---- C:\.Trash-1000
2010-06-14 00:12:54 ----D---- C:\Program Files\PC Connectivity Solution
2010-06-14 00:12:37 ----SHD---- C:\Config.Msi
2010-06-10 10:23:54 ----D---- C:\Program Files\Microsoft Silverlight
2010-06-10 10:06:47 ----A---- C:\Windows\system32\asycfilt.dll
2010-06-10 10:06:46 ----A---- C:\Windows\system32\mshtml.dll
2010-06-10 10:06:45 ----A---- C:\Windows\system32\ieframe.dll
2010-06-10 10:06:44 ----A---- C:\Windows\system32\wininet.dll
2010-06-10 10:06:44 ----A---- C:\Windows\system32\urlmon.dll
2010-06-10 10:06:44 ----A---- C:\Windows\system32\iertutil.dll
2010-06-10 10:06:43 ----A---- C:\Windows\system32\occache.dll
2010-06-10 10:06:43 ----A---- C:\Windows\system32\mstime.dll
2010-06-10 10:06:43 ----A---- C:\Windows\system32\msfeeds.dll
2010-06-10 10:06:43 ----A---- C:\Windows\system32\iedkcs32.dll
2010-06-10 10:06:42 ----A---- C:\Windows\system32\msfeedssync.exe
2010-06-10 10:06:42 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-06-10 10:06:42 ----A---- C:\Windows\system32\jsproxy.dll
2010-06-10 10:06:42 ----A---- C:\Windows\system32\ieUnatt.exe
2010-06-10 10:06:42 ----A---- C:\Windows\system32\ieui.dll
2010-06-10 10:06:42 ----A---- C:\Windows\system32\iesysprep.dll
2010-06-10 10:06:42 ----A---- C:\Windows\system32\iesetup.dll
2010-06-10 10:06:42 ----A---- C:\Windows\system32\iernonce.dll
2010-06-10 10:06:42 ----A---- C:\Windows\system32\iepeers.dll
2010-06-10 10:06:42 ----A---- C:\Windows\system32\ie4uinit.exe
2010-06-10 10:06:39 ----A---- C:\Windows\system32\atmlib.dll
2010-06-10 10:06:39 ----A---- C:\Windows\system32\atmfd.dll
2010-05-29 12:02:58 ----A---- C:\Windows\system32\TVWSetup.exe
2010-05-29 12:02:58 ----A---- C:\Windows\system32\igfxtray.exe
2010-05-29 12:02:58 ----A---- C:\Windows\system32\igfxCoIn_v2119.dll
2010-05-29 12:02:57 ----A---- C:\Windows\system32\igfxress.dll
2010-05-29 12:02:57 ----A---- C:\Windows\system32\igfxpph.dll
2010-05-29 12:02:57 ----A---- C:\Windows\system32\igfxext.exe
2010-05-29 12:02:57 ----A---- C:\Windows\system32\igfxexps.dll
2010-05-29 12:02:57 ----A---- C:\Windows\system32\igfxdo.dll
2010-05-29 12:02:57 ----A---- C:\Windows\system32\IGFXDEVLib.dll
2010-05-29 12:02:57 ----A---- C:\Windows\system32\igd10umd32.dll
2010-05-29 12:02:57 ----A---- C:\Windows\system32\ig4icd32.dll
2010-05-29 12:02:57 ----A---- C:\Windows\system32\GfxUI.exe
2010-05-29 12:02:57 ----A---- C:\Windows\system32\gfxSrvc.dll
2010-05-28 17:00:19 ----A---- C:\Windows\avisplitter.ini
2010-05-28 17:00:18 ----A---- C:\Windows\system32\yv12vfw.dll
2010-05-28 17:00:18 ----A---- C:\Windows\system32\huffyuv.dll
2010-05-28 17:00:17 ----A---- C:\Windows\system32\xvidvfw.dll
2010-05-28 17:00:17 ----A---- C:\Windows\system32\xvidcore.dll
2010-05-28 17:00:17 ----A---- C:\Windows\system32\vp7vfw.dll
2010-05-28 17:00:17 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2010-05-28 17:00:17 ----A---- C:\Windows\system32\ff_vfw.dll
2010-05-25 20:17:00 ----A---- C:\Windows\system32\tzres.dll
2010-05-21 12:27:57 ----D---- C:\Users\Lubino\AppData\Roaming\Sun

======List of files/folders modified in the last 1 months======

2010-06-20 22:10:41 ----D---- C:\Windows\Prefetch
2010-06-20 22:10:28 ----RD---- C:\Program Files
2010-06-20 22:10:20 ----D---- C:\Windows\Temp
2010-06-20 20:30:27 ----D---- C:\Windows\System32
2010-06-20 20:30:27 ----D---- C:\Windows\inf
2010-06-20 20:30:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-06-20 20:09:40 ----D---- C:\Users\Lubino\AppData\Roaming\Skype
2010-06-20 19:00:41 ----D---- C:\Users\Lubino\AppData\Roaming\skypePM
2010-06-20 17:51:16 ----D---- C:\Users\Lubino\AppData\Roaming\Media Player Classic
2010-06-20 16:28:01 ----SD---- C:\Users\Lubino\AppData\Roaming\Microsoft
2010-06-20 00:46:39 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-06-18 15:19:00 ----SHD---- C:\System Volume Information
2010-06-18 13:30:15 ----D---- C:\Windows
2010-06-16 22:17:45 ----AD---- C:\ProgramData\TEMP
2010-06-16 21:01:32 ----D---- C:\Windows\system32\catroot2
2010-06-16 00:10:42 ----D---- C:\Windows\Debug
2010-06-14 11:40:38 ----D---- C:\Windows\system32\drivers
2010-06-14 01:48:20 ----D---- C:\Windows\system32\catroot
2010-06-14 00:13:17 ----D---- C:\ProgramData\Installations
2010-06-14 00:13:16 ----SHD---- C:\Windows\Installer
2010-06-14 00:13:15 ----DC---- C:\Windows\system32\DRVSTORE
2010-06-14 00:09:50 ----D---- C:\Program Files\Nokia
2010-06-10 12:46:00 ----D---- C:\Windows\Microsoft.NET
2010-06-10 12:38:55 ----RSD---- C:\Windows\assembly
2010-06-10 11:50:35 ----D---- C:\Windows\winsxs
2010-06-10 11:37:06 ----D---- C:\Program Files\Windows Mail
2010-06-10 11:37:06 ----D---- C:\Program Files\Internet Explorer
2010-06-10 11:37:05 ----D---- C:\Windows\system32\migration
2010-06-10 10:26:06 ----D---- C:\ProgramData\Microsoft Help
2010-06-10 10:15:20 ----D---- C:\Windows\system32\wbem
2010-05-28 21:37:34 ----A---- C:\Windows\system32\mrt.exe
2010-05-25 20:30:43 ----D---- C:\Windows\rescache
2010-05-25 20:18:16 ----D---- C:\Windows\system32\sk-SK
2010-05-24 17:26:16 ----D---- C:\Windows\system32\RTCOM
2010-05-24 17:26:08 ----A---- C:\Windows\DIFxAPI.dll
2010-05-24 00:42:17 ----D---- C:\Windows\system32\Tasks
2010-05-22 20:42:01 ----D---- C:\Windows\system32\oodag

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\D:\Program Files\Avira\AntiVir Desktop\avgio.sys [2010-02-18 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-24 124784]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2010-02-18 28520]
R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-03-24 60936]
R2 PARLDR2K;ParLdr2k; \??\C:\Windows\system32\drivers\parldr2k.sys [2010-02-22 10454]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\D:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2009-10-09 27760]
R3 GpdDevDPort;GpdDevDPort; \??\C:\Windows\system32\directport.sys [2008-06-17 7168]
R3 GpdKbFilter;GpdKbFilter; \??\C:\Windows\system32\kbfiltr.sys [2008-03-31 8192]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-04-21 8746496]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2010-04-29 20952]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2010-01-13 6628352]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2010-03-22 262176]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
R3 vsbus;Virtual Serial Bus Enumerator; C:\Windows\system32\DRIVERS\vsb.sys [2008-07-24 15264]
S1 M9207;Digital TV USB Mini Receiver; C:\Windows\system32\DRIVERS\M9207BDA.sys [2005-12-05 40576]
S3 a0vfjcpb;a0vfjcpb; C:\Windows\system32\drivers\a0vfjcpb.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 dsnpfdMP;dsnpfdMP; C:\Windows\system32\DRIVERS\dsnpfd.sys []
S3 GearAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\drivers\GEARAspiWDM.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
S3 LgBttPort;LGE Bluetooth TransPort; C:\Windows\system32\DRIVERS\lgbtport.sys []
S3 lgbusenum;LG Bluetooth Bus Enumerator; C:\Windows\system32\DRIVERS\lgbtbus.sys []
S3 LGVMODEM;LGE Virtual Modem; C:\Windows\system32\DRIVERS\lgvmodem.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-05-25 47360]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys []
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys []
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-10 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys []
S3 vserial;ELTIMA Virtual Serial Ports Driver; C:\Windows\System32\DRIVERS\vserial.sys [2008-07-24 47744]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ahcix86s;ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 170000]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2008-04-03 76688]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirMailService;Avira AntiVir MailGuard; D:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2010-04-19 337064]
R2 AntiVirService;Avira AntiVir Guard; D:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-19 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; D:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-03-24 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard; D:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-04-19 405672]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
R2 MBAMService;MBAMService; D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 O&O Defrag;O&O Defrag; D:\Program Files\OO Software\Defrag\oodag.exe [2009-09-12 1488128]
R2 OsdService;OSD Service; C:\Program Files\OEM\OSD_1.16\OsdService.exe [2008-02-22 94208]
R2 SBSDWSCService;SBSD Security Center Service; D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TestHandler;Fujitsu Diagnostic Testhandler; C:\Program Files\Fujitsu Siemens Computers\OnlineDiagnostic\TestManager\TestHandler.exe [2009-02-19 341264]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-07 1051976]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-04-27 611840]
S2 clr_optimization_v4.0.30128_32;Microsoft .NET Framework NGEN v4.0.30128_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30128\mscorsvw.exe [2010-01-28 130384]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe []
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30128\aspnet_state.exe [2010-01-28 35160]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 TuneUp.Defrag;@D:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; D:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-05-14 435016]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe [2010-01-28 738656]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30128\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30128\SMSvcHost.exe [2010-01-28 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30128\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30128\SMSvcHost.exe [2010-01-28 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30128\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30128\SMSvcHost.exe [2010-01-28 124240]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 20 čer 2010 22:16

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

MotorolaE680i · #3 Příspěvek od **MotorolaE680i** » 20 čer 2010 22:44

ComboFix 10-06-20.03 - Lubino . 06. 2010 23:29:10.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.3032.2120 [GMT 2:00]
Running from: c:\users\Lubino\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Lubino\AppData\Roaming\ezpinst.log
c:\users\Lubino\AppData\Roaming\inst.exe
c:\users\Lubino\AppData\Roaming\Microsoft\Internet Explorer\qiPSearchbar.dll
c:\windows\system32\%appdata%

.
((((((((((((((((((((((((( Files Created from 2010-05-20 to 2010-06-20 )))))))))))))))))))))))))))))))
.

2010-06-20 21:36 . 2010-06-20 21:38 -------- d-----w- c:\users\Lubino\AppData\Local\temp
2010-06-20 21:36 . 2010-06-20 21:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-20 21:23 . 2010-06-20 21:24 -------- d-----w- C:\32788R22FWJFW
2010-06-20 20:10 . 2010-06-20 20:10 -------- d-----w- C:\rsit
2010-06-20 20:10 . 2010-06-20 20:10 -------- d-----w- c:\program files\trend micro
2010-06-18 16:24 . 2010-06-18 16:39 -------- d---a-w- C:\.Trash-1000
2010-06-13 22:13 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-06-13 22:12 . 2010-06-13 22:12 -------- d-----w- c:\program files\PC Connectivity Solution
2010-06-10 08:23 . 2010-06-10 08:23 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-29 10:02 . 2010-04-26 08:30 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
2010-05-28 15:00 . 2004-05-18 18:16 39936 ----a-w- c:\windows\system32\huffyuv.dll
2010-05-28 15:00 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-05-28 15:00 . 2010-05-27 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-05-28 15:00 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-05-28 15:00 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-05-28 15:00 . 2006-04-02 12:47 630784 ----a-w- c:\windows\system32\vp7vfw.dll
2010-05-25 18:17 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-20 18:09 . 2009-03-02 23:03 -------- d-----w- c:\users\Lubino\AppData\Roaming\Skype
2010-06-20 17:00 . 2009-03-02 23:04 -------- d-----w- c:\users\Lubino\AppData\Roaming\skypePM
2010-06-20 15:51 . 2009-03-02 23:37 -------- d-----w- c:\users\Lubino\AppData\Roaming\Media Player Classic
2010-06-19 22:46 . 2009-03-02 22:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-13 22:13 . 2009-03-15 16:15 -------- d-----w- c:\programdata\Installations
2010-06-13 22:09 . 2009-12-14 19:18 -------- d-----w- c:\program files\Nokia
2010-06-13 22:08 . 2010-06-13 22:08 3351812 ----a-w- c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\msxml6Exec.exe
2010-06-13 22:08 . 2010-06-13 22:08 36864 ----a-w- c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\Sleep.exe
2010-06-13 22:08 . 2010-06-13 22:08 3203453 ----a-w- c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\vcredistExec.exe
2010-06-13 22:07 . 2010-06-13 22:08 35790800 ----a-w- c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\NokiaSoftwareUpdaterSetup_2.5.2SK.exe
2010-06-10 09:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-10 08:26 . 2009-03-02 22:09 -------- d-----w- c:\programdata\Microsoft Help
2010-05-26 17:06 . 2010-06-10 08:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 08:06 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 15:26 . 2009-04-11 21:44 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-05-20 14:17 . 2009-03-08 00:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-20 14:04 . 2010-05-20 14:04 -------- d-----w- c:\program files\Realtek
2010-05-15 19:14 . 2010-05-15 19:14 -------- d-----w- c:\programdata\Apple Computer
2010-05-09 12:14 . 2010-05-09 12:14 -------- d-sh--w- c:\programdata\SecuROM
2010-05-07 16:06 . 2009-11-05 17:24 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-05-07 16:01 . 2010-04-24 10:17 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-05-07 16:01 . 2010-04-24 10:17 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-05-04 05:59 . 2010-06-10 08:06 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 08:06 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 08:06 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 08:06 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 08:06 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 13:39 . 2009-03-03 08:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-03-03 08:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 08:30 . 2010-05-29 10:02 136216 ----a-w- c:\windows\system32\igfxtray.exe
2010-04-26 08:30 . 2008-07-18 11:57 266776 ----a-w- c:\windows\system32\igfxsrvc.exe
2010-04-26 08:30 . 2008-07-18 11:57 169496 ----a-w- c:\windows\system32\igfxpers.exe
2010-04-26 08:30 . 2010-05-29 10:02 179224 ----a-w- c:\windows\system32\igfxext.exe
2010-04-26 08:30 . 2008-07-18 11:57 171032 ----a-w- c:\windows\system32\hkcmd.exe
2010-04-26 08:29 . 2010-05-29 10:02 3154968 ----a-w- c:\windows\system32\GfxUI.exe
2010-04-21 09:25 . 2010-05-29 10:02 81920 ----a-w- c:\windows\system32\igfxCoIn_v2119.dll
2010-04-21 09:10 . 2008-07-18 11:57 4960768 ----a-w- c:\windows\system32\igdumd32.dll
2010-04-21 09:10 . 2010-05-29 10:02 8746496 ----a-w- c:\windows\system32\drivers\igdkmd32.sys
2010-04-21 09:06 . 2008-07-18 11:57 571904 ----a-w- c:\windows\system32\igdumdx32.dll
2010-04-21 09:00 . 2010-05-29 10:02 4348416 ----a-w- c:\windows\system32\igd10umd32.dll
2010-04-21 08:45 . 2010-05-29 10:02 11034624 ----a-w- c:\windows\system32\ig4icd32.dll
2010-04-21 08:33 . 2008-07-18 11:57 261120 ----a-w- c:\windows\system32\igfxTMM.dll
2010-04-21 08:33 . 2010-05-29 10:02 194560 ----a-w- c:\windows\system32\igfxpph.dll
2010-04-21 08:33 . 2010-05-29 10:02 23552 ----a-w- c:\windows\system32\igfxexps.dll
2010-04-21 08:33 . 2008-07-18 11:57 57344 ----a-w- c:\windows\system32\igfxsrvc.dll
2010-04-21 08:33 . 2010-05-29 10:02 130048 ----a-w- c:\windows\system32\igfxdo.dll
2010-04-21 08:32 . 2008-07-18 11:57 94720 ----a-w- c:\windows\system32\hccutils.dll
2010-04-21 08:32 . 2010-05-29 10:02 120320 ----a-w- c:\windows\system32\gfxSrvc.dll
2010-04-21 08:32 . 2010-05-29 10:02 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2010-04-21 08:32 . 2008-07-18 11:57 227328 ----a-w- c:\windows\system32\igfxdev.dll
2010-04-21 08:32 . 2010-05-29 10:02 828928 ----a-w- c:\windows\system32\igfxress.dll
2010-04-20 20:37 . 2009-03-02 20:22 108328 ----a-w- c:\users\Lubino\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-15 17:47 . 2010-04-15 17:48 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-05 17:01 . 2010-06-10 08:06 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-03-31 13:53 . 2010-03-31 13:53 81920 ----a-w- c:\windows\system32\igfxCoIn_v2104.dll
2010-03-24 13:49 . 2010-02-18 16:42 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-24 13:49 . 2010-02-18 16:42 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OSD"="c:\program files\OEM\OSD_1.16\osd.exe" [2008-06-18 376832]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-24 282792]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"OODefragTray"="d:\program files\OO Software\Defrag\oodtray.exe" [2009-09-11 2524416]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-26 169496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2008-05-29 381200]

c:\users\Lubino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Kalend r.lnk - c:\windows\MENINY.EXE [2009-3-2 53808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSCRecovery]
2008-06-18 13:25 268096 ----a-w- c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3b,25,45,33,71,fa,c9,01

R1 M9207;Digital TV USB Mini Receiver;c:\windows\system32\DRIVERS\M9207BDA.sys [2005-12-05 40576]
R2 clr_optimization_v4.0.30128_32;Microsoft .NET Framework NGEN v4.0.30128_X86;c:\windows\Microsoft.NET\Framework\v4.0.30128\mscorsvw.exe [2010-01-28 130384]
R3 dsnpfdMP;dsnpfdMP;c:\windows\system32\DRIVERS\dsnpfd.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;d:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2009-10-09 27760]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe [2010-01-28 738656]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-01 691696]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 AntiVirMailService;Avira AntiVir MailGuard;d:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-04-19 337064]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [2010-03-24 135336]
S2 AntiVirWebService;Avira AntiVir WebGuard;d:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-04-19 405672]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 OsdService;OSD Service;c:\program files\OEM\OSD_1.16\OsdService.exe [2008-02-22 94208]
S2 PARLDR2K;PARLDR2K;c:\windows\system32\drivers\parldr2k.sys [2010-02-21 10454]
S2 SBSDWSCService;SBSD Security Center Service;d:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-07 1051976]
S3 GpdDevDPort;GpdDevDPort;c:\windows\system32\directport.sys [2008-06-17 7168]
S3 GpdKbFilter;GpdKbFilter;c:\windows\system32\kbfiltr.sys [2008-03-31 8192]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-01-13 6628352]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Stiahnuť položku pomocou FlashGetu - d:\program files\FlashGet\jc_link.htm
IE: &Stiahnuť všetky položky pomocou FlashGetu - d:\program files\FlashGet\jc_all.htm
IE: E&xport to Microsoft Excel - d:\microsoft office\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - d:\microsoft office\Office14\ONBttnIE.dll/105
IE: {{912B1533-A668-41B3-92E6-627B150EDB90} - http://monitor.idot.sk/info
LSP: d:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.64.0.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-20 23:37
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

d:\program files\Avira\AntiVir Desktop\checkt.exe [544] 0x855004C8

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spjn.sys hal.dll >>UNKNOWN [0x85AA0938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8afa2d24
\Driver\ACPI -> acpi.sys @ 0x82baad68
\Driver\atapi -> 0x85ae91f8
\Driver\iaStor -> iaStor.sys @ 0x8aa6f420
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\d:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-929762543-4250373260-2199267586-1000\Software\SecuROM\License information*]
"datasecu"=hex:45,d2,77,16,02,15,81,9a,42,9d,6d,a7,25,5d,92,90,2c,c7,56,31,18,
01,39,8b,8c,4f,7e,7c,38,5e,bc,ee,b4,7c,3a,4f,dc,46,69,a0,54,d0,cd,cb,7a,ae,\
"rkeysecu"=hex:71,e6,66,7c,e9,45,33,95,5e,e2,a9,8f,9c,eb,8b,33

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2908)
d:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
d:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
d:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_slk.nlr
d:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\progra~1\TNS Audit meter\iaudit_t.dll
d:\progra~1\SPYBOT~1\SDHelper.dll
.
------------------------ Other Running Processes ------------------------
.
d:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
d:\program files\OO Software\Defrag\oodag.exe
d:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Fujitsu Siemens Computers\OnlineDiagnostic\TestManager\TestHandler.exe
c:\windows\servicing\TrustedInstaller.exe
d:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2010-06-20 23:43:36 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-20 21:43

Pre-Run: 53 603 074 048 bytes free
Post-Run: 53 542 842 368 bytes free

- - End Of File - - A5CDC8C1F35C76325525D742C04808AC

#4 Příspěvek od **Rudy** » 20 čer 2010 22:48

4 položky smazány, zbytek logu vypadá čistý. Ještě zkuste PC vyčistit CCleanerem: http://www.viry.cz/forum/viewtopic.php?f=46&t=7478 .

MotorolaE680i · #5 Příspěvek od **MotorolaE680i** » 20 čer 2010 22:53

premazal som CC a uvidime, ak by nieco tak sem napisem. budem ho pozorovat trosku.

dakujem za pomoc, pekny vecer prajem, resp. dobru noc

MotorolaE680i · #6 Příspěvek od **MotorolaE680i** » 21 čer 2010 09:27

tak prehliadac mi opat zamrza pri jeho spusteni. na takych 20s je neaktivny. Problem so zamrzanim win. explorer je uz prec sa mi zda.

#7 Příspěvek od **Rudy** » 21 čer 2010 18:40

Udělejte sken GMER: http://www.viry.cz/forum/viewtopic.php?f=29&t=62878 a dejte oba logy.

MotorolaE680i · #8 Příspěvek od **MotorolaE680i** » 21 čer 2010 21:08

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-06-21 21:43:34
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Lubino\AppData\Local\Temp\awdyapoc.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85AEA1F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 kbfiltr.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 kbfiltr.sys

---- EOF - GMER 1.0.15 ----

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-21 22:07:51
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Lubino\AppData\Local\Temp\awdyapoc.sys

---- System - GMER 1.0.15 ----

SSDT ABEB642B ZwLoadDriver
SSDT ABEB6430 ZwSetSystemInformation
SSDT ABEB63EF ZwTerminateProcess
SSDT ABEB63EA ZwWriteVirtualMemory

INT 0x72 ? 88636BF8
INT 0x82 ? 88636BF8
INT 0x92 ? 88636BF8
INT 0xA2 ? 85AE7BF8
INT 0xA2 ? 88636BF8
INT 0xA2 ? 88636BF8
INT 0xA2 ? 88636BF8
INT 0xA2 ? 85AE7BF8
INT 0xB2 ? 88636BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 37D 824B1AE0 4 Bytes [2B, 64, EB, AB] {SUB ESP, [EBX+EBP*8-0x55]}
.text ntkrnlpa.exe!KeSetEvent + 5DD 824B1D40 4 Bytes [30, 64, EB, AB] {XOR [EBX+EBP*8-0x55], AH}
.text ntkrnlpa.exe!KeSetEvent + 621 824B1D84 4 Bytes [EF, 63, EB, AB] {OUT DX, EAX; ARPL BX, BP; STOSD }
.text ntkrnlpa.exe!KeSetEvent + 681 824B1DE4 4 Bytes JMP D2ABEB63
? System32\Drivers\spdi.sys Systém nemôže nájsť zadanú cestu. !
.text USBPORT.SYS!DllUnload 8FFD041B 5 Bytes JMP 886361D8
.text ab63fbtc.SYS 908AB000 22 Bytes [82, 53, 7C, 82, 6C, 52, 7C, ...]
.text ab63fbtc.SYS 908AB017 95 Bytes [00, 32, B7, B8, 82, 3D, B5, ...]
.text ab63fbtc.SYS 908AB077 22 Bytes [82, 12, E4, 4E, 82, E3, E1, ...]
.text ab63fbtc.SYS 908AB08E 62 Bytes [44, 82, 84, 38, 45, 82, 30, ...]
.text ab63fbtc.SYS 908AB0CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
.text ...
.reloc C:\Windows\system32\drivers\acedrv11.sys section is executable [0xAD46A300, 0x25D4C, 0xE0000060]

---- User code sections - GMER 1.0.15 ----

.text C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE[2596] kernel32.dll!SetUnhandledExceptionFilter 7639A84F 5 Bytes JMP 682E5164 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE[2596] ole32.dll!OleLoadFromStream 76181E12 5 Bytes JMP 68D99D32 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [82A8F6D6] \SystemRoot\System32\Drivers\spdi.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [82A8F042] \SystemRoot\System32\Drivers\spdi.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [82A8F800] \SystemRoot\System32\Drivers\spdi.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [82A8F0C0] \SystemRoot\System32\Drivers\spdi.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [82A8F13E] \SystemRoot\System32\Drivers\spdi.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [82A9EB90] \SystemRoot\System32\Drivers\spdi.sys
IAT \SystemRoot\System32\Drivers\ab63fbtc.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\ab63fbtc.SYS[ataport.SYS!AtaPortWritePortUchar] 83908D1F
IAT \SystemRoot\System32\Drivers\ab63fbtc.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\ab63fbtc.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\ab63fbtc.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] [100D8BA5] \Program Files\DAEMON Tools Lite\Engine.dll
IAT \SystemRoot\System32\Drivers\ab63fbtc.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F908CF0
IAT \SystemRoot\System32\Drivers\ab63fbtc.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\ab63fbtc.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\ab63fbtc.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\ab63fbtc.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\ab63fbtc.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\ab63fbtc.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\ab63fbtc.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\ab63fbtc.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\ab63fbtc.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\ab63fbtc.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\ab63fbtc.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\ab63fbtc.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\ab63fbtc.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\ab63fbtc.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\ab63fbtc.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\ab63fbtc.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741D7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7422A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [741DBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [741CF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741D75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [741CE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74208395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [741DDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [741CFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [741CFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741C71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7425CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [741FC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [741CD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [741C6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [741C687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [741D2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85AEA1F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 kbfiltr.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 kbfiltr.sys

Device \Driver\volmgr \Device\VolMgrControl 85AE51F8
Device \Driver\sptd \Device\473127540 spdi.sys
Device \Driver\usbuhci \Device\USBPDO-0 886DB500
Device \Driver\usbuhci \Device\USBPDO-1 886DB500
Device \Driver\usbuhci \Device\USBPDO-2 886DB500
Device \Driver\PCI_PNP9527 \Device\00000053 spdi.sys
Device \Driver\usbehci \Device\USBPDO-3 886E0500
Device \Driver\usbuhci \Device\USBPDO-4 886DB500
Device \Driver\usbuhci \Device\USBPDO-5 886DB500
Device \Driver\usbuhci \Device\USBPDO-6 886DB500
Device \Driver\volmgr \Device\HarddiskVolume1 85AE51F8
Device \Driver\usbehci \Device\USBPDO-7 886E0500
Device \Driver\volmgr \Device\HarddiskVolume2 85AE51F8
Device \Driver\cdrom \Device\CdRom0 886A5500
Device \Driver\iaStor \Device\Ide\iaStor0 [8AA63420] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8AA63420] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8AA63420] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\volmgr \Device\HarddiskVolume3 85AE51F8
Device \Driver\netbt \Device\NetBt_Wins_Export 89E00500
Device \Driver\Smb \Device\NetbiosSmb 89FF51F8
Device \Driver\iScsiPrt \Device\RaidPort0 887731F8
Device \Driver\netbt \Device\NetBT_Tcpip_{9E75B1EF-0466-40E5-A1E9-0E680D700CE8} 89E00500
Device \Driver\usbuhci \Device\USBFDO-0 886DB500
Device \Driver\usbuhci \Device\USBFDO-1 886DB500
Device \Driver\usbuhci \Device\USBFDO-2 886DB500
Device \Driver\usbehci \Device\USBFDO-3 886E0500
Device \Driver\usbuhci \Device\USBFDO-4 886DB500
Device \Driver\usbuhci \Device\USBFDO-5 886DB500
Device \Driver\usbuhci \Device\USBFDO-6 886DB500
Device \Driver\usbehci \Device\USBFDO-7 886E0500
Device \Driver\ab63fbtc \Device\Scsi\ab63fbtc1 886DA500
Device \FileSystem\cdfs \Cdfs 8A6A32F0

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC3 0x14 0xF1 0xC0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x84 0xC3 0xC6 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA2 0x3F 0x77 0x53 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xDC 0x42 0x77 0xC7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB2 0x58 0xB1 0x18 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x8B 0x97 0x52 0xC1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDA 0x47 0xF7 0x37 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC3 0x14 0xF1 0xC0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x84 0xC3 0xC6 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA2 0x3F 0x77 0x53 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xDC 0x42 0x77 0xC7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB2 0x58 0xB1 0x18 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x8B 0x97 0x52 0xC1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDA 0x47 0xF7 0x37 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109030000000000000000F01FEC\Usage@ProductFiles 1020599086
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109030000000000000000F01FEC\Usage@WORDFiles 1020597297
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109030000000000000000F01FEC\Usage@EXCELFiles 1020595441

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL E949EA41E16BD0025AA3545B746B28157939B7485F3C01949FABB4254D55A0B1A141CBFE721EC9BA4DCE1B1B99C1BD938CF8A522495A507881BF2F85675B889BC258254785DED28B23DB9C8A2135C5EB01455A6E8DCBF2FEB3B7ED45DC60C8FC0024DA8F5E05093D9B2D55D02DF7C4ACC8EA0B2C5342751BFAEF7F5872B119CF88ACF45F031CEB6EF91765AB2770253C582C116D83214A179A361747B15195DF94EB9E52FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74C9DB7CE019D40AA5CA2D97226D213B555A4AA110C064119A7551FF8802B24CF4AF1C4F220C2B3916BBEABD8C28A4DF33866AA7AEC9367955BF5160326372E41774FC46A1DA16EB201BF63F6286153D7D61D94CE0692F23139706E1E7B94A83A81B6B8C6B8D04464BE3382A2958F879F0BC787589660EBF8C0E562BCC49048BFFD8D96C25CAE37C4ED5DDD813BA454A2F02C52C5345F4C9907BDDEB51F7DB377937A87FDC59F3993EC45FB1C1C381EDBBCD379AA4674836832218545F4B308AFFE686C7F090B35372BB818618FE0B966348CB7FA0C0A735B7DFEAC0B0A8D55561107562E8CDD08B7AFC5A3A0C3BAF08632E5F612140E750DB889DC8AF2681F012E490C560B8683429242BF10B56783A12336D8AF44F0533CC63653A99

---- EOF - GMER 1.0.15 ----

#9 Příspěvek od **Rudy** » 21 čer 2010 22:22

Rootkit v systému nemáte. Co jste instaloval těsně před tím, než se problém objevil?

MotorolaE680i · #10 Příspěvek od **MotorolaE680i** » 21 čer 2010 22:30

Praveze to si nepamatam lebo je to uz dlhsi problem , s tym prehliadacom (operou) je dlhsi problem a zamrzanie explorera je novy a aj dneska sa to stalo na par sekund, zamrzol mi tesne po nastartovani word. nemoze mat nieco spolocne s tym ze mam na pc instlalovane wubi? linux ktory je ako win app a sam sa nainstaluje bez formatovania.

#11 Příspěvek od **Rudy** » 22 čer 2010 18:00

V tom případě doporučím provést optimalizaci VistaManagerem: http://www.studna.cz/vista-manager-p-6753.html . Co se týká Opery, může to spolu nějak souviset. Více o problematice opery se dovíte na: http://www.operacesky.net/forum/ . Nemyslím, že by byl na vině Linux. Před optimalizací doporučuji vyčistit systém od balastu CCleanerem: http://www.viry.cz/forum/viewtopic.php?f=46&t=7478 .

VIRY.CZ

Poprosím o kontrolu logu ZNOVA :(

Poprosím o kontrolu logu ZNOVA :(

Re: Poprosím o kontrolu logu

Re: Poprosím o kontrolu logu

Re: Poprosím o kontrolu logu

Re: Poprosím o kontrolu logu

Re: Poprosím o kontrolu logu ZNOVA :(

Re: Poprosím o kontrolu logu ZNOVA :(

Re: Poprosím o kontrolu logu ZNOVA :(

Re: Poprosím o kontrolu logu ZNOVA :(

Re: Poprosím o kontrolu logu ZNOVA :(

Re: Poprosím o kontrolu logu ZNOVA :(