Prosím o kontrolu, děkuji.

[Matthew147]

Logfile of random's system information tool 1.06 (written by random/random)
Run by uživatel at 2010-06-11 15:36:13
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 377 GB (53%) free of 715 GB
Total RAM: 4094 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:36:14, on 11.6.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\EXPERTool\TBPANEL.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Users\uživatel\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Windows\SysWOW64\conime.exe
C:\Users\uživatel\Desktop\Matthew\Programy\RSIT.exe
C:\Program Files (x86)\trend micro\uživatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe /A
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\uživatel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8437 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1722542059-2570707047-3803899398-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1722542059-2570707047-3803899398-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~2\Crawler\Toolbar\ctbr.dll [2009-09-02 1218560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll [2009-09-02 1218560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-11-11 417792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2008-01-24 2289664]
"GAINWARD"=C:\Program Files (x86)\EXPERTool\TBPanel.exe [2009-02-03 2181672]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"SpywareTerminatorUpdate"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2009-09-13 3055616]
"RGSC"=C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2009-10-02 306088]
"Google Update"=C:\Users\uživatel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-23 135664]
"Sony Ericsson PC Suite"=C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-11-20 434176]

C:\Users\uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.0.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44b9354e-25fa-11df-861f-0023541d138f}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45997290-9d3c-11de-b26a-0023541d138f}]
shell\AutoRun\command - I:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b9c1cc2-66e9-11de-b400-806e6f6e6963}]
shell\AutoRun\command - D:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8c18548-3822-11df-985b-0023541d138f}]
shell\AutoRun\command - J:\Startme.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9a561b2-ca0d-11de-b1f0-0023541d138f}]
shell\AutoRun\command - J:\LaunchU3.exe -a


======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-06-10 21:53:59 ----D---- C:\Program Files (x86)\World of Goo
2010-06-10 20:01:21 ----D---- C:\ProgramData\2DBoy
2010-06-10 20:01:04 ----D---- C:\Program Files (x86)\WorldOfGooDemo
2010-06-09 07:01:52 ----A---- C:\Windows\system32\atmlib.dll
2010-06-09 07:01:52 ----A---- C:\Windows\system32\atmfd.dll
2010-06-09 07:01:49 ----A---- C:\Windows\system32\mshtml.dll
2010-06-09 07:01:48 ----A---- C:\Windows\system32\ieframe.dll
2010-06-09 07:01:47 ----A---- C:\Windows\system32\wininet.dll
2010-06-09 07:01:47 ----A---- C:\Windows\system32\urlmon.dll
2010-06-09 07:01:47 ----A---- C:\Windows\system32\iertutil.dll
2010-06-09 07:01:46 ----A---- C:\Windows\system32\msfeeds.dll
2010-06-09 07:01:45 ----A---- C:\Windows\system32\occache.dll
2010-06-09 07:01:45 ----A---- C:\Windows\system32\mstime.dll
2010-06-09 07:01:45 ----A---- C:\Windows\system32\iedkcs32.dll
2010-06-09 07:01:44 ----A---- C:\Windows\system32\msfeedssync.exe
2010-06-09 07:01:44 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-06-09 07:01:44 ----A---- C:\Windows\system32\jsproxy.dll
2010-06-09 07:01:44 ----A---- C:\Windows\system32\ieUnatt.exe
2010-06-09 07:01:44 ----A---- C:\Windows\system32\ieui.dll
2010-06-09 07:01:44 ----A---- C:\Windows\system32\iesysprep.dll
2010-06-09 07:01:44 ----A---- C:\Windows\system32\iesetup.dll
2010-06-09 07:01:44 ----A---- C:\Windows\system32\iernonce.dll
2010-06-09 07:01:44 ----A---- C:\Windows\system32\iepeers.dll
2010-06-09 07:01:44 ----A---- C:\Windows\system32\ie4uinit.exe
2010-06-09 07:01:29 ----A---- C:\Windows\system32\asycfilt.dll
2010-06-06 14:14:46 ----D---- C:\Program Files (x86)\Czech Soccer Manager 2002 FE
2010-05-26 14:13:24 ----A---- C:\Windows\system32\tzres.dll
2010-05-22 20:43:44 ----D---- C:\ProgramData\KONAMI
2010-05-22 20:43:44 ----D---- C:\Program Files (x86)\KONAMI
2010-05-12 06:09:39 ----A---- C:\Windows\system32\inetcomm.dll

======List of files/folders modified in the last 1 months======

2010-06-11 15:36:13 ----D---- C:\Windows\Temp
2010-06-11 15:36:13 ----D---- C:\Program Files (x86)\trend micro
2010-06-11 13:24:01 ----D---- C:\Windows\System32
2010-06-11 13:24:01 ----D---- C:\Windows\inf
2010-06-11 13:20:59 ----D---- C:\ProgramData\Spyware Terminator
2010-06-10 21:59:16 ----D---- C:\Users\uživatel\AppData\Roaming\Skype
2010-06-10 21:53:59 ----RD---- C:\Program Files (x86)
2010-06-10 20:49:53 ----D---- C:\Windows\Prefetch
2010-06-10 20:01:21 ----HD---- C:\ProgramData
2010-06-10 17:16:52 ----D---- C:\Users\uživatel\AppData\Roaming\skypePM
2010-06-09 20:36:36 ----D---- C:\Program Files (x86)\World of Wacraft
2010-06-09 15:14:12 ----D---- C:\Windows\Debug
2010-06-09 15:14:12 ----D---- C:\Windows
2010-06-09 14:42:27 ----D---- C:\Windows\winsxs
2010-06-09 14:30:59 ----D---- C:\Windows\SysWOW64
2010-06-09 14:30:59 ----D---- C:\Windows\system32\migration
2010-06-09 14:30:59 ----D---- C:\Program Files (x86)\Internet Explorer
2010-06-09 14:30:57 ----D---- C:\Program Files (x86)\Windows Mail
2010-06-09 07:27:22 ----D---- C:\Windows\Microsoft.NET
2010-06-09 07:27:11 ----RSD---- C:\Windows\assembly
2010-06-09 07:25:01 ----D---- C:\Windows\system32\wbem
2010-06-09 07:24:09 ----SHD---- C:\System Volume Information
2010-06-07 14:47:43 ----D---- C:\ProgramData\Ubisoft
2010-06-07 07:08:51 ----SHD---- C:\Windows\Installer
2010-06-07 06:55:00 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-06-07 06:55:00 ----D---- C:\Program Files (x86)\Ubisoft
2010-05-30 02:32:24 ----D---- C:\Program Files (x86)\Warcraft III
2010-05-29 23:54:50 ----D---- C:\Program Files (x86)\Garena
2010-05-27 14:36:37 ----D---- C:\Windows\rescache
2010-05-26 21:53:52 ----D---- C:\Windows\system32\cs-CZ
2010-05-16 13:04:39 ----D---- C:\Program Files (x86)\Electronic Arts
2010-05-12 19:57:27 ----D---- C:\Program Files (x86)\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys []
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys []
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys []
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
R3 Cardex;Cardex; \??\C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [2007-03-16 15648]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E60x64.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S2 TBPanel;TBPanel; C:\Windows\system32\drivers\TBPanel.sys []
S3 ab792g9h;ab792g9h; C:\Windows\system32\drivers\ab792g9h.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys []
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys []
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys []
S3 rootrepeal;rootrepeal; \??\C:\Windows\system32\drivers\rootrepeal.sys []
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM); C:\Windows\system32\DRIVERS\s1039bus.sys []
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s1039mdfl.sys []
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s1039mdm.sys []
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s1039mgmt.sys []
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS); C:\Windows\system32\DRIVERS\s1039nd5.sys []
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s1039obex.sys []
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM); C:\Windows\system32\DRIVERS\s1039unic.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2008-01-24 73728]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-10-15 66872]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe [2009-09-13 487424]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-03-29 89920]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-17 654848]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-11-28 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2009-11-04 320760]

-----------------EOF-----------------
Děkuji za kontrolu.

[Caroprd111]

Zdravím


Stáhněte na plochu UsbFix http://pagesperso-orange.fr/NosTools/Ch ... UsbFix.exe

• Spusťte, poté klikněte na Deletion.
• Po dokončení na Vás vyskočí log, vložte mi ho sem, případně ho najdete v C:\UsbFix.txt

Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu

• Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys 
cdrom.sys 
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT 

• Označte položku Pro všechny uživatele.
• Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
• Klikněte na tlačítko Prohledat
• Po dokončení, sem vložte logy OTL.Txt a Extras.txt

[Matthew147]

Dobrý večír, Avast mi nahlásil USBfix jako vir, po stáhnutí mi nešel otevřít.

[vyosek]

Zdravim, zaskocim za kolegu...

Vypnete Avast a stahnete USBFix - jedna se o falesny poplach Avastu.
Pripadne jej stahnete odsud http://leteckaposta.cz/uploaded/296134865, rozbalte a postu stejny...

[Matthew147]

############################## | UsbFix 7.006 | [Deletion]

User: uživatel (Administrator) # UŽIVATEL-PC [System manufacturer P5Q SE]
Updated 07/06/10 by El Desaparecido / C_XX
Started at 10:33:04 | 12/06/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Intel(R) Core(TM)2 Quad CPU Q8400 @ 2.66GHz
CPU 2: Intel(R) Core(TM)2 Quad CPU Q8400 @ 2.66GHz
Microsoft® Windows Vista™ Home Premium (6.0.6002 64-Bit) # Service Pack 2
Internet Explorer 8.0.6001.18928

Windows Firewall: Enabled

RAM -> 4094 Mb
C:\ (%systemdrive%) -> Fixed drive # 699 Gb (339 Mb free - 49%) [] # NTFS
D:\ -> CD-ROM
I:\ -> CD-ROM

################## | Files # Infected Folders |

Not deleted ! D:\Autorun.inf
Deleted ! C:\$Recycle.Bin\S-1-5-21-1722542059-2570707047-3803899398-1000

################## | Registry |


################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{44b9354e-25fa-11df-861f-0023541d138f}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{4b9c1cc2-66e9-11de-b400-806e6f6e6963}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{e8c18548-3822-11df-985b-0023541d138f}

################## | Listing |

[12/06/2010 - 10:35:09 | SHD ] C:\$Recycle.Bin
[23/03/2009 - 17:40:20 | D ] C:\3DMARK06
[09/08/2009 - 10:49:38 | D ] C:\8acdf013700268171aa9e1
[17/11/2009 - 17:01:02 | D ] C:\Adobe Photoshop
[01/11/2009 - 20:45:14 | A | 485075257] C:\Adobe Photoshop.rar
[03/07/2009 - 18:15:33 | D ] C:\ATI
[02/07/2009 - 15:27:53 | SHD ] C:\Boot
[10/04/2009 - 23:36:38 | RASH | 333257] C:\bootmgr
[23/03/2009 - 16:58:21 | RAS | 8192] C:\BOOTSECT.BAK
[02/11/2006 - 17:42:17 | SHD ] C:\Documents and Settings
[15/01/2010 - 18:07:09 | D ] C:\Dovolenka3komplet
[07/11/2009 - 15:08:48 | D ] C:\Fraps
[27/02/2010 - 01:27:47 | D ] C:\games
[23/03/2009 - 17:13:19 | D ] C:\Intel
[15/09/2009 - 19:06:09 | A | 2686] C:\LGSInst.Log
[01/12/2006 - 23:37:14 | A | 904704] C:\msdia80.dll
[02/07/2009 - 16:20:57 | D ] C:\NVIDIA
[12/06/2010 - 10:11:49 | ASH | 4607569920] C:\pagefile.sys
[21/01/2008 - 05:04:13 | D ] C:\PerfLogs
[25/04/2010 - 15:14:30 | RD ] C:\Program Files
[10/06/2010 - 21:53:59 | RD ] C:\Program Files (x86)
[10/06/2010 - 20:01:21 | HD ] C:\ProgramData
[06/04/2010 - 14:52:19 | D ] C:\rsit
[12/06/2010 - 01:48:42 | SHD ] C:\System Volume Information
[09/09/2009 - 14:57:08 | D ] C:\totalcmd
[12/06/2010 - 10:35:09 | D ] C:\UsbFix
[12/06/2010 - 10:35:09 | A | 2473] C:\UsbFix.txt
[23/03/2009 - 17:07:49 | RD ] C:\Users
[30/10/2009 - 13:42:51 | D ] C:\VDM
[09/06/2010 - 15:14:12 | D ] C:\Windows
[15/11/2008 - 11:45:09 | RAD ] D:\GTAIV
[15/11/2008 - 11:45:19 | RAD ] D:\RGSC
[15/11/2008 - 11:52:50 | RA | 161088] D:\Autorun.exe
[11/10/2008 - 19:03:48 | RA | 54] D:\Autorun.inf

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_UŽIVATEL-PC.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution.

################## | E.O.F |

OTL dodám později, protože když jsem dělal kontrolu přes noc a ráno jsem přišel, tak mi to akorát napsalo Program Neodpovídá.

[Matthew147]

Tak OTL mi pořád nejde... sekne se při té kontrole a nic se neděje.

[Caroprd111]

Zdravím

Zkuste spustit OTL v nouzovém režimu.
Prohledávání někdy trvá dlouho. Program se někdy tváří se jakoby zaseknutý, ale pracuje dál.

[Matthew147]

Nouzový režim zapnu při restartování počítače? a na normální nastavím stejně? Promiňte, za moji blbost.

[Caroprd111]

Po restartu mačkejte F8 a vyberte "Nouzový režim s prací v síti". Poté PC restartujete a on se spustí normální režim.

[Matthew147]

Hezké odpoledne, v nouzovém režimu jsem se snažil to udělat, ale zase se mi to seklo při zipfr.dll... přišel jsem po hodince a pořád tam byl OTL neodpovídá.

[Caroprd111]

Stáhněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

• Podle návodu v odkazu nainstalujte, poté dejte úplný sken.
• Nic nemažte MBAM má občas falešné detekce a mohl by smazat např. systémové soubory.
• Log vložte sem.

[Matthew147]

Přesný název toho při čem se to sekne, je zipfldr.dll ve Windows/system32.

[Caroprd111]

Ok

Stáhněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

• Podle návodu v odkazu nainstalujte, poté dejte úplný sken.
• Nic nemažte MBAM má občas falešné detekce a mohl by smazat např. systémové soubory.
• Log vložte sem.

[Matthew147]

Já jsem ho dělal už předtím a pořád se dělá... tak jsem chtěl informovat předtím...

[Caroprd111]

Počkám na log z MBAM.