Moc prosim o kontrolu logu - problem se spoustenim her/prog.

[Sweden]

Zdravicko
mam problem s programy a hry v pripade hry (online) resim problem i s tvurci (support centrum) vse vypada v poradku ale pri spusteni zcerna obrazovka a pak vse spadne moc prosim jestli by se mi nekdo nepodival na log a popripade neporadil s opravou dekuji

(Logfile of random's system information tool 1.08 (written by random/random)
Run by Sweden at 2010-12-25 16:25:25
Microsoft Windows 7 Home Premium
System drive C: has 210 GB (84%) free of 250 GB
Total RAM: 8191 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:25:32, on 25.12.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\Sweden.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.0"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8305 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
"C:\Program Files (x86)\AVG\AVG9\avgchsva.exe"
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
"C:\Program Files (x86)\AVG\AVG9\avgrsa.exe"
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
/pipeName=790b0150-3f8b-4a58-817e-4b03f19936cf /coreSdkOptions=30 /logConfFile="C:\ProgramData\avg9\temp\5d4b8301-84b2-44fc-a9c6-30251b6bd9a2-208-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG9\" /tempPath="C:\ProgramData\avg9\temp\"
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Windows\system32\Dwm.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe"
"C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe"
"taskhost.exe"
"C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\AVG\AVG9\avgnsa.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-16e62161-7171-407d-b251-62ac0f22a085 -SystemEventPortName:HostProcess-43429358-8088-43d9-bcc0-2829b9bb3739 -IoCancelEventPortName:HostProcess-dbd33a4f-52a6-467d-a11f-980c79ade983 -NonStateChangingEventPortName:HostProcess-cbf747e8-e9d2-4456-b40e-88a72a08615c -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:7d59cd80-6e8b-47f9-a338-b0522715d92c
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe"
"C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
"C:\Program Files (x86)\AVG\AVG9\avgtray.exe"
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=2716.b2bfbe0.1940754783 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" 2716 plugin \\.\pipe\gecko-crash-server-pipe.2716
C:\Windows\system32\sppsvc.exe
"C:\Users\Sweden\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll [2010-11-24 2334560]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG9\avgssie.dll [2010-11-24 1623392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
Vuze Remote Toolbar - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll [2010-06-13 2734688]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
PandoraTV Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{ba14329e-9550-4989-b3f2-9732e92d17cc} - Vuze Remote Toolbar - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll [2010-06-13 2734688]
{D4027C7F-154A-4066-A1AD-4243D8127440} - PandoraTV Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-10-06 8158240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"UpdateLBPShortCut"=C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]
"RemoteControl"=C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216]
"LanguageShortcut"=C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256]
"UCam_Menu"=C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]
"LGODDFU"=C:\Program Files (x86)\lg_fwupdate\fwupdate.exe blrun []
"UpdatePSTShortCut"=C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2009-05-07 210216]
"AVG9_TRAY"=C:\PROGRA~2\AVG\AVG9\avgtray.exe [2010-11-24 2069344]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2010-07-12 74752]
"ATICustomerCare"=C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [2010-03-04 311296]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-11-25 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrssta.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\hry\Loki\Loki.exe"="D:\hry\Loki\Loki.exe:*:Enabled:Loki"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-12-25 16:25:25 ----D---- C:\rsit
2010-12-25 16:25:25 ----D---- C:\Program Files\trend micro
2010-12-25 16:22:13 ----D---- C:\Windows\Minidump
2010-12-25 10:16:42 ----A---- C:\Windows\SYSWOW64\unrar.dll
2010-12-25 10:16:39 ----D---- C:\Program Files (x86)\K-Lite Codec Pack
2010-12-24 23:06:49 ----D---- C:\Program Files (x86)\oZone3D
2010-12-24 21:08:21 ----D---- C:\Games
2010-12-24 20:47:48 ----A---- C:\Windows\system32\drivers\usbfilter.sys
2010-12-24 20:47:47 ----DC---- C:\Windows\system32\DRVSTORE
2010-12-24 20:47:47 ----D---- C:\Program Files (x86)\AMD
2010-12-24 20:26:41 ----A---- C:\Windows\system32\RtNicProp64.dll
2010-12-24 20:26:41 ----A---- C:\Windows\system32\drivers\Rt64win7.sys
2010-12-24 20:23:40 ----D---- C:\Program Files\MSI
2010-12-23 23:38:01 ----D---- C:\ProgramData\ATI
2010-12-17 08:37:16 ----A---- C:\Windows\SYSWOW64\tzres.dll
2010-12-17 08:37:16 ----A---- C:\Windows\system32\tzres.dll
2010-12-17 08:37:12 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-17 08:37:12 ----A---- C:\Windows\system32\taskschd.dll
2010-12-17 08:37:12 ----A---- C:\Windows\system32\taskeng.exe
2010-12-17 08:37:12 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-17 08:37:11 ----A---- C:\Windows\SYSWOW64\taskschd.dll
2010-12-17 08:37:11 ----A---- C:\Windows\SYSWOW64\taskeng.exe
2010-12-17 08:37:11 ----A---- C:\Windows\SYSWOW64\taskcomp.dll
2010-12-17 08:37:11 ----A---- C:\Windows\SYSWOW64\schtasks.exe
2010-12-17 08:37:11 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-17 08:37:11 ----A---- C:\Windows\system32\schtasks.exe
2010-12-17 08:37:10 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2010-12-17 08:37:10 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2010-12-17 08:37:10 ----A---- C:\Windows\system32\atmlib.dll
2010-12-17 08:37:10 ----A---- C:\Windows\system32\atmfd.dll
2010-12-17 08:37:09 ----A---- C:\Windows\system32\win32k.sys
2010-12-17 08:37:08 ----A---- C:\Windows\SYSWOW64\webio.dll
2010-12-17 08:37:08 ----A---- C:\Windows\system32\webio.dll
2010-12-17 08:37:06 ----A---- C:\Windows\system32\consent.exe
2010-12-17 08:37:03 ----A---- C:\Windows\system32\mshtml.dll
2010-12-17 08:37:01 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2010-12-17 08:37:01 ----A---- C:\Windows\system32\iertutil.dll
2010-12-17 08:37:00 ----A---- C:\Windows\system32\mstime.dll
2010-12-17 08:37:00 ----A---- C:\Windows\system32\ieframe.dll
2010-12-17 08:36:59 ----A---- C:\Windows\SYSWOW64\mstime.dll
2010-12-17 08:36:58 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2010-12-17 08:36:58 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2010-12-17 08:36:57 ----A---- C:\Windows\system32\wininet.dll
2010-12-17 08:36:56 ----A---- C:\Windows\SYSWOW64\wininet.dll
2010-12-17 08:36:56 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2010-12-17 08:36:56 ----A---- C:\Windows\system32\urlmon.dll
2010-12-17 08:36:56 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-17 08:36:54 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2010-12-17 08:36:54 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2010-12-17 08:36:54 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-17 08:36:53 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2010-12-17 08:36:53 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2010-12-17 08:36:53 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2010-12-17 08:36:53 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2010-12-17 08:36:53 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2010-12-17 08:36:53 ----A---- C:\Windows\SYSWOW64\ieui.dll
2010-12-17 08:36:53 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2010-12-17 08:36:53 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-17 08:36:53 ----A---- C:\Windows\system32\msfeedssync.exe
2010-12-17 08:36:53 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-12-17 08:36:53 ----A---- C:\Windows\system32\licmgr10.dll
2010-12-17 08:36:53 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-17 08:36:53 ----A---- C:\Windows\system32\ieui.dll
2010-12-17 08:36:53 ----A---- C:\Windows\system32\iepeers.dll
2010-12-15 22:19:50 ----A---- C:\Windows\doom3.ini
2010-12-15 22:15:58 ----D---- C:\Program Files (x86)\DOOM 3
2010-11-26 05:20:20 ----A---- C:\Windows\system32\drivers\atikmdag.sys
2010-11-26 04:19:32 ----A---- C:\Windows\system32\atio6axx.dll
2010-11-26 04:02:08 ----A---- C:\Windows\SYSWOW64\atioglxx.dll
2010-11-26 03:58:22 ----A---- C:\Windows\system32\atiapfxx.exe
2010-11-26 03:58:12 ----A---- C:\Windows\SYSWOW64\aticfx32.dll
2010-11-26 03:54:58 ----A---- C:\Windows\system32\ATIDEMGX.dll
2010-11-26 03:54:48 ----A---- C:\Windows\system32\atieclxx.exe
2010-11-26 03:54:12 ----A---- C:\Windows\system32\atiesrxx.exe
2010-11-26 03:53:00 ----A---- C:\Windows\system32\atitmm64.dll
2010-11-26 03:52:42 ----A---- C:\Windows\system32\atipdl64.dll
2010-11-26 03:52:36 ----A---- C:\Windows\SYSWOW64\atipdlxx.dll
2010-11-26 03:52:26 ----A---- C:\Windows\SYSWOW64\Oemdspif.dll
2010-11-26 03:52:20 ----A---- C:\Windows\system32\atimuixx.dll
2010-11-26 03:52:16 ----A---- C:\Windows\system32\atiedu64.dll
2010-11-26 03:52:10 ----A---- C:\Windows\SYSWOW64\ati2edxx.dll
2010-11-26 03:49:04 ----A---- C:\Windows\SYSWOW64\atidxx32.dll
2010-11-26 03:30:20 ----A---- C:\Windows\SYSWOW64\atiumdag.dll
2010-11-26 03:30:20 ----A---- C:\Windows\system32\aticalrt64.dll
2010-11-26 03:30:18 ----A---- C:\Windows\SYSWOW64\aticalrt.dll
2010-11-26 03:30:10 ----A---- C:\Windows\system32\aticalcl64.dll
2010-11-26 03:30:08 ----A---- C:\Windows\SYSWOW64\aticalcl.dll
2010-11-26 03:29:58 ----A---- C:\Windows\system32\aticaldd64.dll
2010-11-26 03:29:52 ----A---- C:\Windows\system32\atiumd6a.dll
2010-11-26 03:28:44 ----A---- C:\Windows\SYSWOW64\aticaldd.dll
2010-11-26 03:24:06 ----A---- C:\Windows\system32\atiumd64.dll
2010-11-26 03:22:26 ----A---- C:\Windows\SYSWOW64\atiumdva.dll
2010-11-26 03:17:28 ----A---- C:\Windows\system32\atiadlxx.dll
2010-11-26 03:17:20 ----A---- C:\Windows\SYSWOW64\atiadlxy.dll
2010-11-26 03:17:08 ----A---- C:\Windows\system32\atig6pxx.dll
2010-11-26 03:17:04 ----A---- C:\Windows\SYSWOW64\atiglpxx.dll
2010-11-26 03:17:04 ----A---- C:\Windows\system32\atiglpxx.dll
2010-11-26 03:17:00 ----A---- C:\Windows\system32\atig6txx.dll
2010-11-26 03:16:54 ----A---- C:\Windows\SYSWOW64\atigktxx.dll
2010-11-26 03:16:46 ----A---- C:\Windows\system32\drivers\atikmpag.sys
2010-11-26 03:15:58 ----A---- C:\Windows\SYSWOW64\atiuxpag.dll
2010-11-26 03:15:42 ----A---- C:\Windows\SYSWOW64\atiu9pag.dll
2010-11-26 03:15:00 ----A---- C:\Windows\system32\drivers\ati2erec.dll
2010-11-26 03:09:18 ----A---- C:\Windows\system32\atimpc64.dll
2010-11-26 03:09:18 ----A---- C:\Windows\system32\amdpcom64.dll
2010-11-26 03:09:12 ----A---- C:\Windows\SYSWOW64\atimpc32.dll
2010-11-26 03:09:12 ----A---- C:\Windows\SYSWOW64\amdpcom32.dll

======List of files/folders modified in the last 1 months======

2010-12-25 16:25:33 ----D---- C:\Windows\Prefetch
2010-12-25 16:25:25 ----RD---- C:\Program Files
2010-12-25 16:22:38 ----D---- C:\Windows\Temp
2010-12-25 16:22:13 ----D---- C:\Windows
2010-12-25 16:11:54 ----D---- C:\Windows\LiveKernelReports
2010-12-25 14:23:42 ----D---- C:\Windows\system32\config
2010-12-25 10:16:42 ----D---- C:\Windows\SysWOW64
2010-12-25 10:16:39 ----RD---- C:\Program Files (x86)
2010-12-25 09:44:11 ----RSD---- C:\Windows\assembly
2010-12-25 09:44:11 ----D---- C:\Windows\Microsoft.NET
2010-12-25 09:39:01 ----SHD---- C:\System Volume Information
2010-12-25 09:18:02 ----D---- C:\Windows\system32\drivers\Avg
2010-12-25 09:15:24 ----D---- C:\Windows\System32
2010-12-25 09:15:24 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-25 09:15:23 ----D---- C:\Windows\inf
2010-12-25 01:23:35 ----SHD---- C:\Windows\Installer
2010-12-25 01:19:24 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2010-12-24 21:32:12 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-12-24 20:47:49 ----D---- C:\Program Files\DIFX
2010-12-24 20:47:48 ----D---- C:\Windows\system32\drivers
2010-12-24 20:47:48 ----D---- C:\Windows\system32\catroot
2010-12-24 20:27:49 ----D---- C:\Windows\system32\DriverStore
2010-12-24 20:26:41 ----D---- C:\Program Files (x86)\Realtek
2010-12-24 20:23:50 ----D---- C:\Windows\Downloaded Program Files
2010-12-24 00:24:56 ----D---- C:\Windows\system32\Tasks
2010-12-24 00:07:43 ----D---- C:\Windows\SYSWOW64\cs-CZ
2010-12-24 00:07:43 ----D---- C:\Windows\system32\cs-CZ
2010-12-23 23:58:51 ----D---- C:\Windows\SYSWOW64\en-US
2010-12-23 23:58:51 ----D---- C:\Windows\system32\en-US
2010-12-23 23:58:50 ----D---- C:\Program Files (x86)\Microsoft.NET
2010-12-23 23:38:01 ----HD---- C:\ProgramData
2010-12-23 23:37:47 ----D---- C:\Program Files\ATI Technologies
2010-12-23 23:36:53 ----D---- C:\Windows\system32\catroot2
2010-12-23 23:36:24 ----D---- C:\Users\Sweden\AppData\Roaming\Azureus
2010-12-23 20:15:19 ----D---- C:\Users\Sweden\AppData\Roaming\wargaming.net
2010-12-19 10:45:44 ----D---- C:\Windows\rescache
2010-12-18 19:44:52 ----D---- C:\Windows\winsxs
2010-12-18 19:44:02 ----D---- C:\Program Files\Windows Mail
2010-12-18 19:44:02 ----D---- C:\Program Files (x86)\Windows Mail
2010-12-18 19:44:01 ----D---- C:\Windows\SYSWOW64\migration
2010-12-18 19:44:01 ----D---- C:\Windows\system32\migration
2010-12-18 19:44:01 ----D---- C:\Program Files\Internet Explorer
2010-12-18 19:44:01 ----D---- C:\Program Files (x86)\Internet Explorer
2010-12-18 02:09:55 ----A---- C:\Windows\system32\MRT.exe
2010-12-12 11:59:04 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-12-08 21:00:42 ----D---- C:\Program Files (x86)\DOSBox-0.74
2010-11-26 03:57:08 ----A---- C:\Windows\system32\aticfx64.dll
2010-11-26 03:40:14 ----A---- C:\Windows\system32\atidxx64.dll
2010-11-26 03:24:38 ----A---- C:\Windows\system32\coinst.dll
2010-11-26 03:16:04 ----A---- C:\Windows\system32\atiuxp64.dll
2010-11-26 03:15:52 ----A---- C:\Windows\system32\atiu9p64.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-05 16440]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-07-07 834544]
R1 AvgLdx64;AVG Free AVI Loader Driver x64; C:\Windows\System32\Drivers\avgldx64.sys [2010-07-08 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64; C:\Windows\System32\Drivers\avgmfx64.sys [2010-07-08 35536]
R1 AvgTdiA;AVG Free Network Redirector x64; C:\Windows\System32\Drivers\avgtdia.sys [2010-07-08 317520]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-09-08 314016]
R2 cpuz132;cpuz132; \??\C:\Windows\system32\drivers\cpuz132_x64.sys [2009-03-27 19432]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-09-08 43680]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-11-26 8120320]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-11-26 289792]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-01-28 116736]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-10-06 2009376]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-11-11 408680]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 aqq8ns2z;aqq8ns2z; C:\Windows\system32\drivers\aqq8ns2z.sys []
S3 cpuz130;cpuz130; \??\C:\Users\Sweden\AppData\Local\Temp\cpuz130\cpuz_x64.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2010-04-14 73728]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-11-26 203776]
R2 avg9wd;AVG Free WatchDog; C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-07-08 308136]
R2 NMSAccessU;NMSAccessU; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [2007-05-14 272024]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-08 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[Sweden]

pokud by bylo potreba prihodim log z combofixu
este bych dodal ze zacina blbnout i zapinani pc (pri spousteni win zustana cerna obrazovka)

[motji]

Dobré ranko
Zazálohujte si důležité soubory, pro jistotu


Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

[Sweden]

Zdravicko

Pri pokusu o log (nehlede na to ze cela operace trvala pomerne dlouho) kdyz combofix vytvarel zaznam logu me to vyhazuje ze program PEV.cfxxe prestal pracovat (vic jak 40minut sem combofixu nedal) bohuzel dnes odjizdim a vratim se 28. pak zkusim combofix aktualizovat na nejnovejsi verzi a zkusim to znovu... pokud ovsem nemate nejakou jinou radu jak na to...

[motji]

Zkuste ho spustit v nouzovém režimu

[Sweden]

Tak jsem zkusil (s odinstalovanym antivirem) aktualizovat ComboFix i se spustenim s nouz. rezimu stale to pise to stejne pripravuje log report ale opet se ukazuje ze soubor PEV.cfxxe prestal pracovat vypadato ze ho to spousti porad dokola vzdy kdyz "spadne"
uz nevim co s tim mam zkusit opravu systemu? nebo rovnou se rozloucit s daty a vsecko preinstalovat?

[motji]

To ne. Jak se ted chová počítač?
najděte složku Qoobox, je přímo na disku C, vložte ji do raru a přiložte zde jako přílohu

[Sweden]

Zatim se zda, ze se chova normalne.... kdyz pominu to, ze se cas od casu neco nespusti. V nekterem pripade nespusti vubec
Prihazuji ten rar.

a dekuji za vas cas

[motji]

V qooboxu nic není.

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

[Sweden]

tak nevim.... nic to nenaslo


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5408

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28.12.2010 20:01:07
mbam-log-2010-12-28 (20-01-07).txt

Typ kontroly: Rychlý test
Testované objekty: 152469
Uplynulý čas: 2 minut, 16 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[Sweden]

mimochodem pred chvilkou me zamrzla obrazovka asi po 15 vterinach zas nabehla s tim ze win zahlasil ze AMD driver prestal pracovat ze ho zresetoval....

[motji]

Bud tam máte nějakou skrytou potvoru, nebo poškozený systém

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT 

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde


Návod od kolegy Stella

Stiahnite si prosím TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe a uložte ho na plochu.

2x-klik na TDSSKiller.exe- spustiť aplikáciu, potom na Spustiť kontrolu-klik- Start Scan.
Ak je infikovaný súbor detekovaný, bude predvolená akcia Cure, kliknite na tlačidlo Continue.
Ak podozrivý[suspicious] súbor je detekovaný, bude predvolená akcia Skip, kliknite na Continue.
Môže vás požiadať, aby ste reštartovali počítač na dokončenie procesu. Kliknite na Reboot Now.
Ak nevyžaduje reštart, kliknite na tlačidlo Report. Log súbor by sa mal objaviť. Prosím, skopírujte a vložte obsah súboru tu.
Ak je vyžadované reštartovanie počítača, správa je k dispozícii vo vašom koreňovom
adresári

[Sweden]

tak se mi sken zaseklo na souboru v system32 soubor: zipfldr.dll kde mi to napsalo ze to nemuze vytvorit nejaky .bat soubor a nechce se to dal pohnout...

[motji]

zkuste to v nouzovém režimu

[Sweden]

zkuste to v nouzovém režimu

genialni napad ze sem to nezkusil.... ono to pomohlo )) prikladam ty dve potvory v raru