VIRY.CZ

Logfile of random's system information tool 1.06 (written by random/random)
Run by uživatel at 2010-06-11 15:36:13
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 377 GB (53%) free of 715 GB
Total RAM: 4094 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:36:14, on 11.6.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\EXPERTool\TBPANEL.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Users\uživatel\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Windows\SysWOW64\conime.exe
C:\Users\uživatel\Desktop\Matthew\Programy\RSIT.exe
C:\Program Files (x86)\trend micro\uživatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe /A
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\uživatel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8437 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1722542059-2570707047-3803899398-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1722542059-2570707047-3803899398-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~2\Crawler\Toolbar\ctbr.dll [2009-09-02 1218560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll [2009-09-02 1218560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-11-11 417792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2008-01-24 2289664]
"GAINWARD"=C:\Program Files (x86)\EXPERTool\TBPanel.exe [2009-02-03 2181672]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"SpywareTerminatorUpdate"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2009-09-13 3055616]
"RGSC"=C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2009-10-02 306088]
"Google Update"=C:\Users\uživatel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-23 135664]
"Sony Ericsson PC Suite"=C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-11-20 434176]

C:\Users\uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.0.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44b9354e-25fa-11df-861f-0023541d138f}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45997290-9d3c-11de-b26a-0023541d138f}]
shell\AutoRun\command - I:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b9c1cc2-66e9-11de-b400-806e6f6e6963}]
shell\AutoRun\command - D:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8c18548-3822-11df-985b-0023541d138f}]
shell\AutoRun\command - J:\Startme.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9a561b2-ca0d-11de-b1f0-0023541d138f}]
shell\AutoRun\command - J:\LaunchU3.exe -a


======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-06-10 21:53:59 ----D---- C:\Program Files (x86)\World of Goo
2010-06-10 20:01:21 ----D---- C:\ProgramData\2DBoy
2010-06-10 20:01:04 ----D---- C:\Program Files (x86)\WorldOfGooDemo
2010-06-09 07:01:52 ----A---- C:\Windows\system32\atmlib.dll
2010-06-09 07:01:52 ----A---- C:\Windows\system32\atmfd.dll
2010-06-09 07:01:49 ----A---- C:\Windows\system32\mshtml.dll
2010-06-09 07:01:48 ----A---- C:\Windows\system32\ieframe.dll
2010-06-09 07:01:47 ----A---- C:\Windows\system32\wininet.dll
2010-06-09 07:01:47 ----A---- C:\Windows\system32\urlmon.dll
2010-06-09 07:01:47 ----A---- C:\Windows\system32\iertutil.dll
2010-06-09 07:01:46 ----A---- C:\Windows\system32\msfeeds.dll
2010-06-09 07:01:45 ----A---- C:\Windows\system32\occache.dll
2010-06-09 07:01:45 ----A---- C:\Windows\system32\mstime.dll
2010-06-09 07:01:45 ----A---- C:\Windows\system32\iedkcs32.dll
2010-06-09 07:01:44 ----A---- C:\Windows\system32\msfeedssync.exe
2010-06-09 07:01:44 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-06-09 07:01:44 ----A---- C:\Windows\system32\jsproxy.dll
2010-06-09 07:01:44 ----A---- C:\Windows\system32\ieUnatt.exe
2010-06-09 07:01:44 ----A---- C:\Windows\system32\ieui.dll
2010-06-09 07:01:44 ----A---- C:\Windows\system32\iesysprep.dll
2010-06-09 07:01:44 ----A---- C:\Windows\system32\iesetup.dll
2010-06-09 07:01:44 ----A---- C:\Windows\system32\iernonce.dll
2010-06-09 07:01:44 ----A---- C:\Windows\system32\iepeers.dll
2010-06-09 07:01:44 ----A---- C:\Windows\system32\ie4uinit.exe
2010-06-09 07:01:29 ----A---- C:\Windows\system32\asycfilt.dll
2010-06-06 14:14:46 ----D---- C:\Program Files (x86)\Czech Soccer Manager 2002 FE
2010-05-26 14:13:24 ----A---- C:\Windows\system32\tzres.dll
2010-05-22 20:43:44 ----D---- C:\ProgramData\KONAMI
2010-05-22 20:43:44 ----D---- C:\Program Files (x86)\KONAMI
2010-05-12 06:09:39 ----A---- C:\Windows\system32\inetcomm.dll

======List of files/folders modified in the last 1 months======

2010-06-11 15:36:13 ----D---- C:\Windows\Temp
2010-06-11 15:36:13 ----D---- C:\Program Files (x86)\trend micro
2010-06-11 13:24:01 ----D---- C:\Windows\System32
2010-06-11 13:24:01 ----D---- C:\Windows\inf
2010-06-11 13:20:59 ----D---- C:\ProgramData\Spyware Terminator
2010-06-10 21:59:16 ----D---- C:\Users\uživatel\AppData\Roaming\Skype
2010-06-10 21:53:59 ----RD---- C:\Program Files (x86)
2010-06-10 20:49:53 ----D---- C:\Windows\Prefetch
2010-06-10 20:01:21 ----HD---- C:\ProgramData
2010-06-10 17:16:52 ----D---- C:\Users\uživatel\AppData\Roaming\skypePM
2010-06-09 20:36:36 ----D---- C:\Program Files (x86)\World of Wacraft
2010-06-09 15:14:12 ----D---- C:\Windows\Debug
2010-06-09 15:14:12 ----D---- C:\Windows
2010-06-09 14:42:27 ----D---- C:\Windows\winsxs
2010-06-09 14:30:59 ----D---- C:\Windows\SysWOW64
2010-06-09 14:30:59 ----D---- C:\Windows\system32\migration
2010-06-09 14:30:59 ----D---- C:\Program Files (x86)\Internet Explorer
2010-06-09 14:30:57 ----D---- C:\Program Files (x86)\Windows Mail
2010-06-09 07:27:22 ----D---- C:\Windows\Microsoft.NET
2010-06-09 07:27:11 ----RSD---- C:\Windows\assembly
2010-06-09 07:25:01 ----D---- C:\Windows\system32\wbem
2010-06-09 07:24:09 ----SHD---- C:\System Volume Information
2010-06-07 14:47:43 ----D---- C:\ProgramData\Ubisoft
2010-06-07 07:08:51 ----SHD---- C:\Windows\Installer
2010-06-07 06:55:00 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-06-07 06:55:00 ----D---- C:\Program Files (x86)\Ubisoft
2010-05-30 02:32:24 ----D---- C:\Program Files (x86)\Warcraft III
2010-05-29 23:54:50 ----D---- C:\Program Files (x86)\Garena
2010-05-27 14:36:37 ----D---- C:\Windows\rescache
2010-05-26 21:53:52 ----D---- C:\Windows\system32\cs-CZ
2010-05-16 13:04:39 ----D---- C:\Program Files (x86)\Electronic Arts
2010-05-12 19:57:27 ----D---- C:\Program Files (x86)\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys []
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys []
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys []
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
R3 Cardex;Cardex; \??\C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [2007-03-16 15648]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E60x64.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S2 TBPanel;TBPanel; C:\Windows\system32\drivers\TBPanel.sys []
S3 ab792g9h;ab792g9h; C:\Windows\system32\drivers\ab792g9h.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys []
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys []
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys []
S3 rootrepeal;rootrepeal; \??\C:\Windows\system32\drivers\rootrepeal.sys []
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM); C:\Windows\system32\DRIVERS\s1039bus.sys []
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s1039mdfl.sys []
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s1039mdm.sys []
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s1039mgmt.sys []
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS); C:\Windows\system32\DRIVERS\s1039nd5.sys []
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s1039obex.sys []
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM); C:\Windows\system32\DRIVERS\s1039unic.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2008-01-24 73728]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-10-15 66872]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe [2009-09-13 487424]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-03-29 89920]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-17 654848]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-11-28 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2009-11-04 320760]

-----------------EOF-----------------
Děkuji za kontrolu.

Zdravím


Stáhněte na plochu UsbFix http://pagesperso-orange.fr/NosTools/Ch ... UsbFix.exe

• Spusťte, poté klikněte na Deletion.
• Po dokončení na Vás vyskočí log, vložte mi ho sem, případně ho najdete v C:\UsbFix.txt

Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu

• Spusťte, poté do spodního políčka vložte následující skript.

• Označte položku Pro všechny uživatele.
• Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
• Klikněte na tlačítko Prohledat
• Po dokončení, sem vložte logy OTL.Txt a Extras.txt

Dobrý večír, Avast mi nahlásil USBfix jako vir, po stáhnutí mi nešel otevřít.

Zdravim, zaskocim za kolegu...

Vypnete Avast a stahnete USBFix - jedna se o falesny poplach Avastu.
Pripadne jej stahnete odsud http://leteckaposta.cz/uploaded/296134865, rozbalte a postu stejny...

############################## | UsbFix 7.006 | [Deletion]

User: uživatel (Administrator) # UŽIVATEL-PC [System manufacturer P5Q SE]
Updated 07/06/10 by El Desaparecido / C_XX
Started at 10:33:04 | 12/06/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Intel(R) Core(TM)2 Quad CPU Q8400 @ 2.66GHz
CPU 2: Intel(R) Core(TM)2 Quad CPU Q8400 @ 2.66GHz
Microsoft® Windows Vista™ Home Premium (6.0.6002 64-Bit) # Service Pack 2
Internet Explorer 8.0.6001.18928

Windows Firewall: Enabled

RAM -> 4094 Mb
C:\ (%systemdrive%) -> Fixed drive # 699 Gb (339 Mb free - 49%) [] # NTFS
D:\ -> CD-ROM
I:\ -> CD-ROM

################## | Files # Infected Folders |

Not deleted ! D:\Autorun.inf
Deleted ! C:\$Recycle.Bin\S-1-5-21-1722542059-2570707047-3803899398-1000

################## | Registry |


################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{44b9354e-25fa-11df-861f-0023541d138f}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{4b9c1cc2-66e9-11de-b400-806e6f6e6963}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{e8c18548-3822-11df-985b-0023541d138f}

################## | Listing |

[12/06/2010 - 10:35:09 | SHD ] C:\$Recycle.Bin
[23/03/2009 - 17:40:20 | D ] C:\3DMARK06
[09/08/2009 - 10:49:38 | D ] C:\8acdf013700268171aa9e1
[17/11/2009 - 17:01:02 | D ] C:\Adobe Photoshop
[01/11/2009 - 20:45:14 | A | 485075257] C:\Adobe Photoshop.rar
[03/07/2009 - 18:15:33 | D ] C:\ATI
[02/07/2009 - 15:27:53 | SHD ] C:\Boot
[10/04/2009 - 23:36:38 | RASH | 333257] C:\bootmgr
[23/03/2009 - 16:58:21 | RAS | 8192] C:\BOOTSECT.BAK
[02/11/2006 - 17:42:17 | SHD ] C:\Documents and Settings
[15/01/2010 - 18:07:09 | D ] C:\Dovolenka3komplet
[07/11/2009 - 15:08:48 | D ] C:\Fraps
[27/02/2010 - 01:27:47 | D ] C:\games
[23/03/2009 - 17:13:19 | D ] C:\Intel
[15/09/2009 - 19:06:09 | A | 2686] C:\LGSInst.Log
[01/12/2006 - 23:37:14 | A | 904704] C:\msdia80.dll
[02/07/2009 - 16:20:57 | D ] C:\NVIDIA
[12/06/2010 - 10:11:49 | ASH | 4607569920] C:\pagefile.sys
[21/01/2008 - 05:04:13 | D ] C:\PerfLogs
[25/04/2010 - 15:14:30 | RD ] C:\Program Files
[10/06/2010 - 21:53:59 | RD ] C:\Program Files (x86)
[10/06/2010 - 20:01:21 | HD ] C:\ProgramData
[06/04/2010 - 14:52:19 | D ] C:\rsit
[12/06/2010 - 01:48:42 | SHD ] C:\System Volume Information
[09/09/2009 - 14:57:08 | D ] C:\totalcmd
[12/06/2010 - 10:35:09 | D ] C:\UsbFix
[12/06/2010 - 10:35:09 | A | 2473] C:\UsbFix.txt
[23/03/2009 - 17:07:49 | RD ] C:\Users
[30/10/2009 - 13:42:51 | D ] C:\VDM
[09/06/2010 - 15:14:12 | D ] C:\Windows
[15/11/2008 - 11:45:09 | RAD ] D:\GTAIV
[15/11/2008 - 11:45:19 | RAD ] D:\RGSC
[15/11/2008 - 11:52:50 | RA | 161088] D:\Autorun.exe
[11/10/2008 - 19:03:48 | RA | 54] D:\Autorun.inf

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_UŽIVATEL-PC.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution.

################## | E.O.F |

OTL dodám později, protože když jsem dělal kontrolu přes noc a ráno jsem přišel, tak mi to akorát napsalo Program Neodpovídá.

Tak OTL mi pořád nejde... sekne se při té kontrole a nic se neděje.

Zdravím

Zkuste spustit OTL v nouzovém režimu.
Prohledávání někdy trvá dlouho. Program se někdy tváří se jakoby zaseknutý, ale pracuje dál.

Nouzový režim zapnu při restartování počítače? a na normální nastavím stejně? Promiňte, za moji blbost.

Po restartu mačkejte F8 a vyberte "Nouzový režim s prací v síti". Poté PC restartujete a on se spustí normální režim.

Hezké odpoledne, v nouzovém režimu jsem se snažil to udělat, ale zase se mi to seklo při zipfr.dll... přišel jsem po hodince a pořád tam byl OTL neodpovídá.

Stáhněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

• Podle návodu v odkazu nainstalujte, poté dejte úplný sken.
• Nic nemažte MBAM má občas falešné detekce a mohl by smazat např. systémové soubory.
• Log vložte sem.

Přesný název toho při čem se to sekne, je zipfldr.dll ve Windows/system32.

Ok

Caroprd111 píše: Stáhněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

• Podle návodu v odkazu nainstalujte, poté dejte úplný sken.
• Nic nemažte MBAM má občas falešné detekce a mohl by smazat např. systémové soubory.
• Log vložte sem.

Já jsem ho dělal už předtím a pořád se dělá... tak jsem chtěl informovat předtím...

Počkám na log z MBAM.