VIRY.CZ

Dobrý den,
chtěl jsem poprosit o pomoc. Z ničeho nic se mi samy spouští zvuky. Jednou to byl zvuk z traileru na Harryho Pottera, jindy zase to hlásalo Merry Christmass a přitom jsem něměl nic spuštěnýho.. A od jisté doby mi Visty hlásí skoro pořád, že přestal pracovat Host process for Windows service.

Log z programu RSIT:

http://www.uloz.to/7303245/log-txt
http://www.uloz.to/7303246/info-txt

Hezké dopoledne
Vložte prosím log ze Rsitu zde do topicu, je to přehlednější, rozdělte ho klidně do více příspěvků

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu a spusťte
-vytvoří se log s názvem mbr.log, vložte ho zde

Logfile of random's system information tool 1.08 (written by random/random)
Run by JOHN at 2011-01-08 11:04:01
Microsoft® Windows Vista™ Ultimate
System drive C: has 4 GB (5%) free of 76 GB
Total RAM: 2038 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:04:11, on 8.1.2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Users\JOHN\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wermgr.exe
C:\Users\JOHN\Desktop\RSIT.exe
C:\Program Files\trend micro\JOHN.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Java(TM) ME Platform SDK 3.0] "C:\Java_ME_platform_SDK_3.0\bin\device-manager.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\JOHN\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -update activex (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Gene6 FTP Server (G6FTPServer) - Gene6 - C:\Program Files\Gene6 FTP Server\G6FTPSERVER.EXE
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

--
End of file - 5842 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1342127784-603675896-261861570-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1342127784-603675896-261861570-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-21 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-04-21 142104]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-04-21 162584]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-04-21 138008]
"Java(TM) ME Platform SDK 3.0"=C:\Java_ME_platform_SDK_3.0\bin\device-manager.exe [2009-04-09 102400]
"WinampAgent"=C:\Program Files\Winamp\Winampa.exe []
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2010-06-26 1311312]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"VMware hqtray"=C:\Program Files\VMware\VMware Player\hqtray.exe [2010-11-11 64112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"Google Update"=C:\Users\JOHN\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-15 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-09-20 202024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-06-15 229376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-05-16 1006264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-04-17 204800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2011-01-08 11:04:02 ----D---- C:\Program Files\trend micro
2011-01-08 11:04:01 ----D---- C:\rsit
2010-12-25 15:41:26 ----D---- C:\Program Files\TeamViewer
2010-12-23 11:21:22 ----D---- C:\Program Files\Common Files\Skype
2010-12-21 14:22:01 ----D---- C:\Users\JOHN\AppData\Roaming\VMware
2010-12-21 14:03:11 ----A---- C:\Windows\system32\vmnetdhcp.exe
2010-12-21 14:03:03 ----A---- C:\Windows\system32\vmnat.exe
2010-12-21 14:02:59 ----A---- C:\Windows\system32\drivers\vmnetuserif.sys
2010-12-21 14:02:26 ----A---- C:\Windows\system32\vnetlib.dll
2010-12-21 14:01:32 ----A---- C:\Windows\system32\drivers\VMkbd.sys
2010-12-21 13:59:50 ----D---- C:\Program Files\Common Files\VMware
2010-12-21 13:59:22 ----D---- C:\ProgramData\VMware
2010-12-21 13:59:22 ----D---- C:\Program Files\VMware
2010-12-16 23:21:06 ----A---- C:\Windows\system32\XAudio2_7.dll
2010-12-16 23:21:06 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2010-12-16 23:21:05 ----A---- C:\Windows\system32\xactengine3_7.dll
2010-12-16 23:21:05 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2010-12-16 23:21:04 ----A---- C:\Windows\system32\d3dcsx_43.dll
2010-12-16 23:21:03 ----A---- C:\Windows\system32\d3dx11_43.dll
2010-12-16 23:21:03 ----A---- C:\Windows\system32\d3dx10_43.dll
2010-12-16 23:21:02 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-12-16 23:21:02 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-12-16 23:21:02 ----A---- C:\Windows\system32\D3DX9_43.dll
2010-12-16 23:21:01 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-12-16 23:21:01 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-12-16 23:21:01 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-12-16 23:21:00 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-12-16 23:21:00 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-12-16 23:20:57 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-12-16 23:20:57 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-12-16 23:20:57 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-12-16 23:20:56 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-12-16 23:20:54 ----A---- C:\Windows\system32\d3dx10_41.dll
2010-12-16 23:20:54 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2010-12-16 23:20:52 ----A---- C:\Windows\system32\D3DX9_41.dll
2010-12-16 23:20:51 ----A---- C:\Windows\system32\XAudio2_4.dll
2010-12-16 23:20:51 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-12-16 23:20:50 ----A---- C:\Windows\system32\xactengine3_4.dll
2010-12-16 23:20:50 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2010-12-16 23:20:47 ----A---- C:\Windows\system32\d3dx10_40.dll
2010-12-16 23:20:47 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2010-12-16 23:20:44 ----A---- C:\Windows\system32\D3DX9_40.dll
2010-12-16 23:20:42 ----A---- C:\Windows\system32\XAudio2_3.dll
2010-12-16 23:20:42 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2010-12-16 23:20:41 ----A---- C:\Windows\system32\xactengine3_3.dll
2010-12-16 23:20:40 ----A---- C:\Windows\system32\XAudio2_2.dll
2010-12-16 23:20:40 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2010-12-16 23:20:40 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2010-12-16 23:20:39 ----A---- C:\Windows\system32\xactengine3_2.dll
2010-12-16 23:20:38 ----A---- C:\Windows\system32\d3dx10_39.dll
2010-12-16 23:20:38 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2010-12-16 23:20:36 ----A---- C:\Windows\system32\D3DX9_39.dll
2010-12-16 23:20:35 ----A---- C:\Windows\system32\XAudio2_1.dll
2010-12-16 23:20:35 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2010-12-16 23:20:35 ----A---- C:\Windows\system32\xactengine3_1.dll
2010-12-16 23:20:34 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2010-12-16 23:20:34 ----A---- C:\Windows\system32\d3dx10_38.dll
2010-12-16 23:20:34 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2010-12-16 23:20:32 ----A---- C:\Windows\system32\D3DX9_38.dll
2010-12-16 23:20:30 ----A---- C:\Windows\system32\XAudio2_0.dll
2010-12-16 23:20:29 ----A---- C:\Windows\system32\xactengine3_0.dll
2010-12-16 23:20:28 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2010-12-16 23:20:27 ----A---- C:\Windows\system32\d3dx10_37.dll
2010-12-16 23:20:27 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2010-12-16 23:20:25 ----A---- C:\Windows\system32\xactengine2_10.dll
2010-12-16 23:20:25 ----A---- C:\Windows\system32\D3DX9_37.dll
2010-12-16 23:20:24 ----A---- C:\Windows\system32\d3dx10_36.dll
2010-12-16 23:20:24 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2010-12-16 23:20:22 ----A---- C:\Windows\system32\xactengine2_9.dll
2010-12-16 23:20:22 ----A---- C:\Windows\system32\d3dx9_36.dll
2010-12-16 23:20:21 ----A---- C:\Windows\system32\d3dx10_35.dll
2010-12-16 23:20:21 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2010-12-16 23:20:19 ----A---- C:\Windows\system32\xactengine2_8.dll
2010-12-16 23:20:19 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2010-12-16 23:20:19 ----A---- C:\Windows\system32\d3dx9_35.dll
2010-12-16 23:20:18 ----A---- C:\Windows\system32\d3dx10_34.dll
2010-12-16 23:20:18 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2010-12-16 23:20:15 ----A---- C:\Windows\system32\d3dx9_34.dll
2010-12-16 23:20:14 ----A---- C:\Windows\system32\xinput1_3.dll
2010-12-16 23:20:13 ----A---- C:\Windows\system32\xactengine2_7.dll
2010-12-16 23:20:13 ----A---- C:\Windows\system32\d3dx10_33.dll
2010-12-16 23:20:13 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2010-12-16 23:20:11 ----A---- C:\Windows\system32\d3dx9_33.dll
2010-12-16 23:20:10 ----A---- C:\Windows\system32\xactengine2_6.dll
2010-12-16 23:20:10 ----A---- C:\Windows\system32\x3daudio1_1.dll
2010-12-16 23:18:46 ----HD---- C:\Windows\msdownld.tmp
2010-12-13 19:20:15 ----D---- C:\ProgramData\FarmFrenzy2
2010-12-13 19:19:25 ----D---- C:\Program Files\Hry.cz
2010-12-12 23:15:43 ----D---- C:\ProgramData\AlawarWrapper

======List of files/folders modified in the last 1 months======

2011-01-08 11:04:11 ----D---- C:\Windows\Prefetch
2011-01-08 11:04:04 ----D---- C:\Windows\Temp
2011-01-08 11:04:02 ----RD---- C:\Program Files
2011-01-08 10:23:49 ----D---- C:\Windows\System32
2011-01-08 10:23:49 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-01-08 10:23:48 ----D---- C:\Windows\inf
2011-01-08 10:16:38 ----D---- C:\Windows\tracing
2011-01-06 14:03:07 ----SHD---- C:\System Volume Information
2011-01-05 16:21:56 ----D---- C:\Users\JOHN\AppData\Roaming\Skype
2011-01-05 16:01:40 ----D---- C:\Users\JOHN\AppData\Roaming\skypePM
2010-12-31 20:57:07 ----A---- C:\Windows\WINCMD.INI
2010-12-29 19:59:46 ----D---- C:\Windows\system32\drivers
2010-12-28 15:42:53 ----A---- C:\Windows\WDICT32.INI
2010-12-28 15:18:52 ----AD---- C:\Windows
2010-12-26 08:59:12 ----D---- C:\Windows\system32\catroot2
2010-12-25 19:51:06 ----D---- C:\Windows\Debug
2010-12-25 15:49:44 ----D---- C:\Box
2010-12-25 15:46:24 ----D---- C:\Instalace
2010-12-25 15:42:09 ----D---- C:\Users\JOHN\AppData\Roaming\TeamViewer
2010-12-23 12:15:59 ----A---- C:\Windows\wcx_ftp.ini
2010-12-23 11:21:34 ----SHD---- C:\Windows\Installer
2010-12-23 11:21:33 ----HD---- C:\Config.Msi
2010-12-23 11:21:31 ----D---- C:\Windows\system32\Tasks
2010-12-23 11:21:22 ----RD---- C:\Program Files\Skype
2010-12-23 11:21:22 ----D---- C:\Program Files\Common Files
2010-12-23 11:21:12 ----D---- C:\ProgramData\Skype
2010-12-21 14:03:48 ----D---- C:\Windows\system32\catroot
2010-12-21 13:59:22 ----HD---- C:\ProgramData
2010-12-17 14:45:19 ----D---- C:\Program Files\Opera
2010-12-17 14:42:29 ----D---- C:\HRY
2010-12-16 23:21:10 ----D---- C:\Windows\system32\directx
2010-12-16 23:18:50 ----D---- C:\Windows\Logs
2010-12-12 12:08:27 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 fvevol;BitLocker Drive Encryption Filter Driver; C:\Windows\System32\DRIVERS\fvevol.sys [2006-11-02 121960]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-05-17 682232]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2009-09-09 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2009-09-09 41424]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2010-11-11 32368]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2006-11-02 95744]
R2 vmci;VMware vmci; \??\C:\Windows\system32\Drivers\vmci.sys [2010-11-11 70768]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2010-11-11 36400]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2010-11-11 26352]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2010-11-11 854128]
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Player\vstor2-ws60.sys [2010-08-19 22448]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
R3 ialm;ialm; C:\Windows\system32\DRIVERS\igxpmp32.sys [2007-04-17 5760096]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2010-03-18 38864]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2010-03-18 37328]
R3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2006-11-02 30720]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-05-16 82432]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-01-25 290304]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2009-09-09 91856]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2009-09-09 100368]
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2010-11-11 24688]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2010-11-11 16560]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
S3 ahcpoutw;ahcpoutw; C:\Windows\system32\drivers\ahcpoutw.sys []
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-07-31 19456]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-07-31 220160]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-07-31 29184]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-01-08 78128]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-01-08 80688]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-08 16560]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2006-11-02 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2006-11-02 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2006-11-02 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow; C:\Windows\system32\DRIVERS\hidusbf.sys [2006-11-08 4544]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcd.sys [2006-05-29 127488]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-05-16 47360]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [2009-09-09 32016]
S3 vmusb;VMware USB Client Driver; C:\Windows\System32\Drivers\vmusb.sys [2010-11-11 31280]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-01-19 441136]
R2 G6FTPServer;Gene6 FTP Server; C:\Program Files\Gene6 FTP Server\G6FTPSERVER.EXE [2007-10-22 470016]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 TeamViewer6;TeamViewer 6; C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Player\vmware-authd.exe [2010-11-11 113264]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2010-11-11 334448]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2010-11-11 404080]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-09-10 68096]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-05-06 293456]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Player\vmware-ufad.exe [2010-08-19 191024]

-----------------EOF-----------------

Ještě ten log z Mbr. Vy jste používal AvG? Ted už ho nemáte? Ptám se proto, že Avg se nesnese s combofixem

AVG mám antispaware a momentálně mi skenuje pc, našel adware.lop a rackingcookie.skype, ale nevim jestli ho to nechat odstranit, protože si nejsem jistej, jestli by odstranil vše, jestli není lepší to udělat nějak ručně. Jinak nevim, co MBR je ?

motji píše:Hezké dopoledne


stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu a spusťte
-vytvoří se log s názvem mbr.log, vložte ho zde

Neodstranujte, pak to odstraníme jinak.

Já tu budu večer, mrkneme na to. Mám tuení, že pujde o Mbr rootkita, uvidíme

No jo, já jsem slepej, vůbec jsem si nevšiml, že jsi tam něco takovýho psala Mno každopádně nevim, jestli tenhle log něco řekne ...

MBR:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6000

CreateFile("\\.\PHYSICALDRIVE0"): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!

Celkem řekne, něco není v pořádku .

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix
-přejmenujte combofix na žížala.com