Preventivka

Zpráva

Kastab · #1 Příspěvek od **Kastab** » 19 zář 2012 06:30

Poprosím a zkontrolování mého logu, mockrát děkuji.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2012-09-19 07:29:15
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 245 GB (80%) free of 305 GB
Total RAM: 1023 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:29:28, on 19.9.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\windows\system32\msiexec.exe
C:\Documents and Settings\Administrator\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\trend micro\Administrator.exe
C:\windows\system32\MsiExec.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe

--
End of file - 4774 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-436374069-1202660629-500Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-436374069-1202660629-500UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-08-13 4120256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-08-11 77824]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2012-08-30 15512424]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2012-08-30 1634112]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-08-21 4282728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Administrator\Data aplikací\Google\Update\GoogleUpdate.exe [2012-09-14 116648]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2012-09-14 895376]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-08-28 3671904]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\Garena Plus\Room\garena_room.exe"="C:\Program Files\Garena Plus\Room\garena_room.exe:*:Enabled:Garena"
"C:\Gamesy\killingfloor\System\KillingFloor.exe"="C:\Gamesy\killingfloor\System\KillingFloor.exe:*:Enabled:KillingFloor"
"C:\Gamesy\Killing Floor\KillingFloor\System\KillingFloor.exe"="C:\Gamesy\Killing Floor\KillingFloor\System\KillingFloor.exe:*:Enabled:KillingFloor"
"C:\Gamesy\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat"="C:\Gamesy\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\Gamesy\Left4Dead\hl2.exe"="C:\Gamesy\Left4Dead\hl2.exe:*:Enabled:hl2"
"C:\Gamesy\Left4Dead\left4dead.exe"="C:\Gamesy\Left4Dead\left4dead.exe:*:Enabled:left4dead"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"midi"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\windows\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\windows\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer4"=wdmaud.drv
"msacm.divxa32"=msaud32_divx.acm

======List of files/folders created in the last 1 month======

2012-09-19 07:29:16 ----D---- C:\Program Files\trend micro
2012-09-19 07:29:15 ----D---- C:\rsit
2012-09-18 20:05:47 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Skype
2012-09-18 20:05:36 ----RD---- C:\Program Files\Skype
2012-09-18 20:05:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2012-09-16 17:58:25 ----A---- C:\Documents and Settings\Administrator\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-16 13:54:32 ----D---- C:\Documents and Settings\Administrator\Data aplikací\My Battle for Middle-earth(tm) II Files
2012-09-16 13:28:10 ----D---- C:\Documents and Settings\Administrator\Data aplikací\PhotoFiltre Studio X
2012-09-16 13:28:05 ----D---- C:\Program Files\PhotoFiltre Studio X
2012-09-16 13:23:14 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2012-09-16 13:23:10 ----HDC---- C:\WINDOWS\$NtUninstallWdf01009$
2012-09-16 13:22:35 ----A---- C:\WINDOWS\system32\ptpusb.dll
2012-09-16 13:22:34 ----A---- C:\WINDOWS\system32\ptpusd.dll
2012-09-16 13:22:34 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2012-09-16 13:13:01 ----D---- C:\WINDOWS\system32\NtmsData
2012-09-16 12:56:58 ----A---- C:\WINDOWS\system32\btw_ci.dll
2012-09-16 11:43:22 ----D---- C:\WINDOWS\RegisteredPackages
2012-09-16 11:42:52 ----A---- C:\WINDOWS\system32\drivers\mstee.sys
2012-09-16 11:42:47 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2012-09-16 11:10:53 ----A---- C:\WINDOWS\ALCFDRTM.EXE
2012-09-16 11:10:48 ----D---- C:\WINDOWS\system32\Lang
2012-09-16 10:53:14 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Nokia
2012-09-16 10:53:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2012-09-16 10:53:13 ----D---- C:\Documents and Settings\Administrator\Data aplikací\PC Suite
2012-09-16 10:50:56 ----D---- C:\Program Files\Common Files\PCSuite
2012-09-16 10:50:47 ----D---- C:\Program Files\Common Files\Nokia
2012-09-16 10:50:37 ----D---- C:\Program Files\DIFX
2012-09-16 10:50:35 ----A---- C:\WINDOWS\system32\drivers\pccsmcfd.sys
2012-09-16 10:50:24 ----D---- C:\Program Files\PC Connectivity Solution
2012-09-16 10:50:16 ----A---- C:\WINDOWS\system32\drivers\ccdcmbo.sys
2012-09-16 10:50:14 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-09-16 10:50:14 ----A---- C:\WINDOWS\system32\wdfcoinstaller01009.dll
2012-09-16 10:50:14 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2012-09-16 10:50:14 ----A---- C:\WINDOWS\system32\drivers\ccdcmb.sys
2012-09-16 10:50:14 ----A---- C:\WINDOWS\system32\ccdcmbwu.dll
2012-09-16 10:50:13 ----A---- C:\WINDOWS\system32\nmwcdcls.dll
2012-09-16 10:50:11 ----D---- C:\Program Files\Nokia
2012-09-16 10:49:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Installations
2012-09-15 13:15:49 ----D---- C:\WINDOWS\SxsCaPendDel
2012-09-15 12:44:04 ----A---- C:\WINDOWS\War3Unin.dat
2012-09-15 12:44:03 ----A---- C:\WINDOWS\War3Unin.pif
2012-09-15 12:44:03 ----A---- C:\WINDOWS\War3Unin.exe
2012-09-15 10:58:54 ----D---- C:\Documents and Settings\Administrator\Data aplikací\GRETECH
2012-09-15 10:56:26 ----D---- C:\Program Files\GRETECH
2012-09-15 10:02:03 ----A---- C:\Documents and Settings\Administrator\Data aplikací\room_v3.dat
2012-09-15 08:44:31 ----D---- C:\Documents and Settings\Administrator\Data aplikací\GarenaPlus
2012-09-15 08:41:34 ----D---- C:\Program Files\Garena Plus
2012-09-15 08:41:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\GarenaMessenger
2012-09-15 08:22:55 ----A---- C:\WINDOWS\system32\drivers\dtsoftbus01.sys
2012-09-15 08:22:40 ----D---- C:\Documents and Settings\Administrator\Data aplikací\DAEMON Tools Lite
2012-09-15 08:22:30 ----D---- C:\Program Files\DAEMON Tools Lite
2012-09-15 08:21:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2012-09-15 08:20:11 ----D---- C:\Gamesy
2012-09-14 23:52:16 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2012-09-14 23:50:58 ----A---- C:\WINDOWS\system32\drivers\usbccgp.sys
2012-09-14 23:50:56 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2012-09-14 23:39:45 ----A---- C:\Documents and Settings\Administrator\Data aplikací\GDIPFONTCACHEV1.DAT
2012-09-14 23:36:49 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2012-09-14 23:34:08 ----D---- C:\Program Files\MSBuild
2012-09-14 23:34:03 ----D---- C:\WINDOWS\system32\XPSViewer
2012-09-14 23:33:58 ----D---- C:\WINDOWS\system32\en-us
2012-09-14 23:33:57 ----D---- C:\Program Files\Reference Assemblies
2012-09-14 23:29:49 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2012-09-14 23:29:48 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2012-09-14 23:29:46 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2012-09-14 23:29:46 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2012-09-14 23:29:45 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2012-09-14 23:29:44 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2012-09-14 23:29:44 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2012-09-14 23:29:43 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2012-09-14 23:29:19 ----A---- C:\WINDOWS\avastSS.scr
2012-09-14 23:29:18 ----A---- C:\WINDOWS\system32\aswBoot.exe
2012-09-14 23:28:58 ----D---- C:\Program Files\AVAST Software
2012-09-14 23:28:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2012-09-14 23:15:43 ----N---- C:\WINDOWS\system32\spmsg2.dll
2012-09-14 23:15:41 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2012-09-14 23:15:15 ----RSD---- C:\WINDOWS\assembly
2012-09-14 23:14:59 ----D---- C:\WINDOWS\Microsoft.NET
2012-09-14 23:11:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\NVIDIA
2012-09-14 23:10:25 ----D---- C:\temp
2012-09-14 23:09:56 ----A---- C:\WINDOWS\system32\nvhdap32.dll
2012-09-14 23:09:56 ----A---- C:\WINDOWS\system32\nvhdagenco3220103.dll
2012-09-14 23:09:56 ----A---- C:\WINDOWS\system32\drivers\nvhda32.sys
2012-09-14 23:09:54 ----A---- C:\WINDOWS\system32\nvopencl.dll
2012-09-14 23:09:54 ----A---- C:\WINDOWS\system32\nvdispgenco32.dll
2012-09-14 23:09:54 ----A---- C:\WINDOWS\system32\nvdispco32.dll
2012-09-14 23:09:52 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2012-09-14 23:09:52 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2012-09-14 23:09:52 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2012-09-14 23:09:52 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2012-09-14 23:09:51 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2012-09-14 23:09:51 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2012-09-14 23:09:51 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2012-09-14 23:09:50 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2012-09-14 23:09:50 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2012-09-14 23:09:50 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2012-09-14 23:09:50 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2012-09-14 23:09:50 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2012-09-14 23:09:50 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2012-09-14 23:09:49 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2012-09-14 23:09:49 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2012-09-14 23:09:49 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2012-09-14 23:09:48 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2012-09-14 23:09:48 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2012-09-14 23:09:47 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2012-09-14 23:09:08 ----D---- C:\NVIDIA
2012-09-14 23:05:01 ----A---- C:\WINDOWS\system32\d3d9caps.dat
2012-09-14 23:02:45 ----D---- C:\Program Files\uTorrent
2012-09-14 23:02:27 ----D---- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2012-09-14 23:01:58 ----D---- C:\Program Files\CCleaner
2012-09-14 23:01:35 ----D---- C:\Documents and Settings\Administrator\Data aplikací\WinRAR
2012-09-14 23:01:33 ----D---- C:\Program Files\WinRAR
2012-09-14 22:53:41 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Google
2012-09-14 22:52:46 ----A---- C:\WINDOWS\system32\hidserv.dll
2012-09-14 22:52:45 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys

======List of files/folders modified in the last 1 month======

2012-09-19 07:29:24 ----SHD---- C:\WINDOWS\Installer
2012-09-19 07:29:24 ----D---- C:\WINDOWS\Prefetch
2012-09-19 07:29:16 ----RD---- C:\Program Files
2012-09-19 07:27:19 ----D---- C:\WINDOWS\Temp
2012-09-18 20:05:37 ----D---- C:\Program Files\Common Files
2012-09-18 19:42:16 ----D---- C:\WINDOWS\system32
2012-09-18 19:42:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-09-18 12:14:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-09-18 12:14:02 ----D---- C:\WINDOWS
2012-09-18 08:50:04 ----D---- C:\WINDOWS\system32\CatRoot2
2012-09-16 21:01:49 ----D---- C:\WINDOWS\WinSxS
2012-09-16 21:01:46 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-09-16 13:24:11 ----D---- C:\WINDOWS\system32\CatRoot
2012-09-16 13:23:22 ----D---- C:\WINDOWS\system32\drivers
2012-09-16 13:23:18 ----HD---- C:\WINDOWS\inf
2012-09-16 13:22:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-09-16 11:42:32 ----D---- C:\WINDOWS\system32\DirectX
2012-09-16 11:21:08 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2012-09-15 19:48:31 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2012-09-15 08:20:24 ----D---- C:\Acpi
2012-09-14 23:44:23 ----D---- C:\WINDOWS\SoftwareDistribution
2012-09-14 23:44:23 ----D---- C:\WINDOWS\Minidump
2012-09-14 23:44:23 ----D---- C:\WINDOWS\Debug
2012-09-14 23:36:32 ----D---- C:\WINDOWS\system32\cs-cz
2012-09-14 23:36:16 ----D---- C:\WINDOWS\system32\mui
2012-09-14 23:34:06 ----RSD---- C:\WINDOWS\Fonts
2012-09-14 23:29:44 ----SD---- C:\WINDOWS\Tasks
2012-09-14 23:15:48 ----D---- C:\WINDOWS\system32\spool
2012-09-14 23:15:03 ----D---- C:\Program Files\Internet Explorer
2012-09-14 23:14:59 ----D---- C:\WINDOWS\pchealth
2012-09-14 23:12:07 ----D---- C:\WINDOWS\Help
2012-09-14 23:11:13 ----D---- C:\Documents and Settings
2012-09-14 23:11:11 ----D---- C:\Program Files\NVIDIA Corporation
2012-08-30 21:10:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2012-08-30 21:10:00 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2012-08-30 21:10:00 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2012-08-30 21:10:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
2012-08-30 21:10:00 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2012-08-30 21:10:00 ----A---- C:\WINDOWS\system32\nvapi.dll
2012-08-30 21:10:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2012-08-30 18:44:07 ----A---- C:\WINDOWS\system32\nvwddi.dll
2012-08-30 18:43:36 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2012-08-30 18:43:36 ----A---- C:\WINDOWS\system32\nvcpl.dll
2012-08-30 18:43:34 ----A---- C:\WINDOWS\system32\nvmctray.dll
2012-08-30 18:43:34 ----A---- C:\WINDOWS\system32\nvcolor.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BtHidBus;Bluetooth HID Bus Service; C:\WINDOWS\System32\Drivers\BtHidBus.sys [2009-09-24 19592]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-08-21 25256]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2012-08-21 35928]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-08-21 729752]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-08-21 355632]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-08-21 54232]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-09-15 242240]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-08-21 21256]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-08-21 97608]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-11 2324480]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2012-08-30 12555680]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-01-13 33408]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [2012-07-03 124264]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-01-13 12928]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 btkrnl;Enumenátor sběrnice Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys []
S3 btnetBUs;Bluetooth PAN Bus Service; C:\WINDOWS\System32\Drivers\btnetBus.sys [2009-09-24 22528]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys []
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2009-06-17 25480]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-08-21 44808]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2012-08-30 164200]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
R2 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

#2 Příspěvek od **Márty84** » 19 zář 2012 07:22

Zdravim.

Proc by to mel nekdo kontrolovat, kdyz se na to pak stejne vykaslete

http://forum.viry.cz/viewtopic.php?f=30&t=124311

Kastab · #3 Příspěvek od **Kastab** » 19 zář 2012 19:19

Jo omlouvám se, jsem zapoměl opomenout. Já znova reinstaloval windows, protože jsem měl problém se souborem pod názvem isas.exe po startu systému.

#4 Příspěvek od **Márty84** » 20 zář 2012 09:11

Dobra tedy. Ale upozornuju, ze jestli to nedokoncite (aspon nedate vedet, ze uz to nehodlate resit), priste to nikdo kontrolovat nebude. Nebylo to totiz poprve. OK?

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne

Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe , ulozte nejlepe na plochu a spustte.
Do leveho okna zkopirujte tento skript (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]

:services
Skype C2C Service

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-436374069-1202660629-500Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-436374069-1202660629-500UA.job

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"=-
"NvMediaCenter"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=-
"uTorrent"=-
"DAEMON Tools Lite"=-
"PC Suite Tray"=-

Kliknete na MoveIt a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu sem dejte log, ktery na vas vyskoci, nebo bude zde C:\_OTM\MovedFiles\xxxxxxxx_xxxxxx (misto tech x budou cisla, predstavujici datum a cas spusteni)

Udelejte !!!uplnou!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

Kastab · #5 Příspěvek od **Kastab** » 20 zář 2012 12:28

Udělal jsem vše co jste napsal.

Mbam log =

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Verze databáze: v2012.09.07.13

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Administrator :: XXX-22E4A69236C [administrátor]

20.9.2012 12:48:25
mbam-log-2012-09-20 (12-48-25).txt

Typ: Úplná kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 233719
Uplynulý čas: 12 minut, 21 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

#6 Příspěvek od **Márty84** » 20 zář 2012 18:07

A kde mam ten log z OTM?

Edit by Motji//
Pro neaktivitu v tomto vlákně zamykám . Pro případné odemknutí topicu kontaktu některého z moderátorů na email.

VIRY.CZ

Preventivka

Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka

Re: Preventivka