Pro jistotu

[Ondra16]

V poslední době (14 dnů) mi počítač občas hodí nějáké chybové hlášení nebo se mi nespustí určitý program, tak se jen chci ujistit jestli v tom není havěť. Předem děkuji.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Sobolovi at 2010-03-21 15:47:33
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 290 GB (41%) free of 715 GB
Total RAM: 2558 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:47:48, on 21.3.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Ondra\Staženo\RSIT.exe
C:\Program Files\trend micro\Sobolovi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.volny.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\System32\dvmurl.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

--
End of file - 5601 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-30 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-09-09 6281760]
"Skytel"=C:\Windows\Skytel.exe [2008-09-09 1833504]
"avast!"=C:\PROGRA~1\Avast4\ashDisp.exe [2009-11-25 81000]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2007-01-23 101136]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-30 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"USBToolTip"=C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [2007-02-20 199752]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd4cf855-1028-11df-88d7-001fd0ae0401}]
shell\AutoRun\command - "L:\WD SmartWare.exe" autoplay=true


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-03-21 15:47:33 ----D---- C:\rsit
2010-03-21 15:47:33 ----D---- C:\Program Files\trend micro
2010-03-20 09:12:39 ----A---- C:\Windows\system32\NCTWMVFile.dll
2010-03-20 09:12:39 ----A---- C:\Windows\system32\NCTVideoFile.dll
2010-03-20 09:12:39 ----A---- C:\Windows\system32\NCTRMFile.dll
2010-03-20 09:12:39 ----A---- C:\Windows\system32\NCTMPEGFile.dll
2010-03-20 09:12:39 ----A---- C:\Windows\system32\NCTImageFile.dll
2010-03-20 09:12:39 ----A---- C:\Windows\system32\NCTAVIFile.dll
2010-03-20 09:12:38 ----A---- C:\Windows\system32\NCTVideoView.dll
2010-03-20 09:12:38 ----A---- C:\Windows\system32\NCTVideoTransform.dll
2010-03-20 09:12:38 ----A---- C:\Windows\system32\NCTVideoCoreM.dll
2010-03-20 09:12:38 ----A---- C:\Windows\system32\NCTVideoCompress.dll
2010-03-20 09:12:38 ----A---- C:\Windows\system32\NCTAudioPlayer2.dll
2010-03-20 09:12:38 ----A---- C:\Windows\system32\NCTAudioFile2.dll
2010-03-20 09:12:38 ----A---- C:\Windows\system32\NCTAudioCompress2.dll
2010-03-20 09:12:38 ----A---- C:\Windows\system32\lame_enc.dll
2010-03-20 09:12:37 ----D---- C:\Windows\system32\RMBin
2010-03-20 09:12:36 ----D---- C:\Program Files\Free Ultra Video Editor
2010-03-20 03:00:29 ----A---- C:\Windows\system32\browserchoice.exe
2010-03-12 10:23:44 ----A---- C:\Windows\system32\nshhttp.dll
2010-03-12 10:23:43 ----A---- C:\Windows\system32\httpapi.dll
2010-03-04 11:30:17 ----D---- C:\ProgramData\McAfee
2010-03-02 14:26:22 ----D---- C:\Program Files\Any Audio Converter
2010-03-01 20:05:07 ----D---- C:\Program Files\Lame for Audacity
2010-03-01 20:01:54 ----D---- C:\Users\Sobolovi\AppData\Roaming\Audacity
2010-03-01 20:01:45 ----D---- C:\Program Files\Audacity 1.3 Beta (Unicode)
2010-02-27 19:55:44 ----D---- C:\Program Files\MKVtoolnix
2010-02-27 18:37:38 ----A---- C:\Windows\system32\devil.dll
2010-02-27 18:37:38 ----A---- C:\Windows\system32\avisynth.dll
2010-02-27 18:37:37 ----D---- C:\Program Files\AviSynth 2.5
2010-02-27 18:37:37 ----A---- C:\Windows\system32\i420vfw.dll
2010-02-27 18:37:37 ----A---- C:\Windows\system32\AVSredirect.dll
2010-02-27 18:37:29 ----RSH---- C:\Windows\system32\nbDX.dll
2010-02-27 18:37:29 ----RSH---- C:\Windows\system32\msfDX.dll
2010-02-27 18:37:29 ----RSH---- C:\Windows\system32\flvDX.dll
2010-02-27 18:37:25 ----D---- C:\Program Files\SUPER
2010-02-27 10:05:15 ----D---- C:\Users\Sobolovi\AppData\Roaming\AnvSoft
2010-02-27 10:05:13 ----D---- C:\Program Files\AnvSoft
2010-02-27 09:51:18 ----D---- C:\Users\Sobolovi\AppData\Roaming\avidemux
2010-02-26 05:35:00 ----A---- C:\Windows\system32\winhttp.dll
2010-02-25 16:29:53 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-25 16:29:53 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-25 16:29:50 ----A---- C:\Windows\system32\schannel.dll
2010-02-25 16:29:50 ----A---- C:\Windows\system32\kerberos.dll
2010-02-25 03:01:04 ----D---- C:\Program Files\MSXML 4.0
2010-02-24 19:17:07 ----D---- C:\Users\Sobolovi\AppData\Roaming\Locktime
2010-02-24 18:07:49 ----D---- C:\ProgramData\Locktime
2010-02-24 18:07:34 ----D---- C:\Program Files\NetLimiter 2 Monitor
2010-02-24 17:45:32 ----D---- C:\Users\Sobolovi\AppData\Roaming\Broad Intelligence
2010-02-24 17:23:55 ----D---- C:\Users\Sobolovi\AppData\Roaming\AVS4YOU
2010-02-24 17:03:36 ----A---- C:\Windows\system32\tzres.dll
2010-02-24 17:01:24 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-24 17:01:24 ----A---- C:\Windows\system32\secproc.dll
2010-02-24 17:01:23 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-24 17:01:22 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-24 17:01:22 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-24 17:01:22 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-24 17:01:22 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-24 17:01:22 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-24 17:01:21 ----A---- C:\Windows\system32\msdrm.dll
2010-02-24 17:01:03 ----A---- C:\Windows\system32\gameux.dll
2010-02-24 17:01:02 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-02-24 17:01:02 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-02-24 16:34:24 ----A---- C:\Windows\system32\jscript.dll
2010-02-23 16:55:17 ----D---- C:\Users\Sobolovi\AppData\Roaming\DivX
2010-02-23 16:53:24 ----A---- C:\Windows\unvise32.exe
2010-02-23 16:53:22 ----D---- C:\Program Files\LooksBuilderSE
2010-02-23 16:43:14 ----D---- C:\Program Files\Common Files\Pinnacle
2010-02-23 16:42:07 ----D---- C:\ProgramData\Pinnacle Studio Ultimate Collection
2010-02-23 16:36:54 ----D---- C:\Program Files\Common Files\Pegasus Imaging
2010-02-23 16:36:53 ----D---- C:\ProgramData\Studio 14
2010-02-23 16:36:53 ----D---- C:\ProgramData\Pinnacle Studio Plus
2010-02-23 16:36:53 ----D---- C:\Program Files\Common Files\Yahoo!
2010-02-23 16:32:43 ----D---- C:\ProgramData\Pinnacle
2010-02-23 16:32:43 ----D---- C:\Program Files\Pinnacle

======List of files/folders modified in the last 1 months======

2010-03-21 15:47:46 ----D---- C:\Windows\Prefetch
2010-03-21 15:47:38 ----D---- C:\Windows\Temp
2010-03-21 15:47:33 ----RD---- C:\Program Files
2010-03-21 15:44:44 ----D---- C:\Users\Sobolovi\AppData\Roaming\uTorrent
2010-03-21 12:44:46 ----D---- C:\Windows\System32
2010-03-21 12:44:45 ----D---- C:\Windows\inf
2010-03-21 12:44:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-21 09:17:01 ----SHD---- C:\System Volume Information
2010-03-21 08:28:23 ----D---- C:\ProgramData\CanonIJPLM
2010-03-20 18:35:39 ----D---- C:\Hry
2010-03-20 18:16:20 ----D---- C:\Windows\system32\catroot2
2010-03-20 12:04:43 ----D---- C:\Windows
2010-03-20 08:06:01 ----D---- C:\Users\Sobolovi\AppData\Roaming\Skype
2010-03-20 08:01:03 ----D---- C:\Users\Sobolovi\AppData\Roaming\skypePM
2010-03-20 03:00:43 ----D---- C:\Windows\winsxs
2010-03-20 03:00:41 ----D---- C:\Windows\system32\catroot
2010-03-19 17:13:08 ----D---- C:\Windows\Debug
2010-03-19 17:11:16 ----D---- C:\Program Files\CCleaner
2010-03-19 17:10:31 ----D---- C:\Program Files\Revo Uninstaller
2010-03-19 16:54:00 ----A---- C:\Windows\system32\PnkBstrB.exe
2010-03-18 14:34:11 ----SHD---- C:\Windows\Installer
2010-03-16 15:20:01 ----D---- C:\Radana
2010-03-16 07:29:28 ----D---- C:\Program Files\uTorrent
2010-03-13 17:27:32 ----SD---- C:\Users\Sobolovi\AppData\Roaming\Microsoft
2010-03-12 22:10:33 ----D---- C:\Windows\system32\drivers
2010-03-12 22:10:33 ----D---- C:\Program Files\Windows Mail
2010-03-11 03:00:41 ----D---- C:\Program Files\Movie Maker
2010-03-07 21:27:25 ----D---- C:\Petr
2010-03-07 17:40:36 ----D---- C:\Program Files\Mozilla Firefox
2010-03-04 14:55:30 ----HD---- C:\ProgramData
2010-03-03 13:27:10 ----A---- C:\Windows\system32\pbsvc_heroes.exe
2010-03-02 06:30:12 ----A---- C:\Windows\system32\mrt.exe
2010-02-27 20:39:51 ----D---- C:\Ondra
2010-02-27 18:37:36 ----RSD---- C:\Windows\Fonts
2010-02-27 09:18:43 ----D---- C:\Windows\rescache
2010-02-27 08:52:30 ----D---- C:\Windows\system32\cs-CZ
2010-02-25 19:11:43 ----D---- C:\Windows\system32\NDF
2010-02-25 03:17:37 ----D---- C:\Windows\AppPatch
2010-02-24 19:46:21 ----D---- C:\Program Files\Common Files\AVSMedia
2010-02-24 19:46:18 ----D---- C:\Program Files\AVS4YOU
2010-02-24 18:06:28 ----D---- C:\Program Files\Avast4
2010-02-24 17:21:09 ----D---- C:\Program Files\Common Files\microsoft shared
2010-02-24 10:16:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-02-24 06:31:46 ----D---- C:\Windows.old
2010-02-23 16:43:14 ----D---- C:\Program Files\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 nltdi;nltdi; \??\C:\Windows\system32\drivers\nltdi.sys [2007-04-23 81688]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-03-21 16608]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-09-09 2167128]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2007-01-23 34576]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2007-01-23 33296]
R3 MarvinBus;Pinnacle Marvin Bus; C:\Windows\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-07-08 1050656]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-09-24 45600]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-09-27 9509832]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2008-08-25 15872]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 akhxfmd8;akhxfmd8; C:\Windows\system32\drivers\akhxfmd8.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Avast4\ashServ.exe [2009-11-25 138680]
R2 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [2008-08-08 80392]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 nlsvc;NetLimiter; C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe [2007-04-23 491520]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-09-27 215656]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-11-29 75064]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-17 135664]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

[Caroprd111]

Zdravím

Na logu se pracuje, prosím o strpení.

[Caroprd111]

Doporučuji odinstalovat:
C:\Program Files\uTorrent\uTorrent.exe

P2P sítě a jejich klienti jsou potenciálním bezpečnostním rizikem, prakticky neustále jsou zdrojem virů, zbytečně se vystavujete riziku.


Tohle otestujte na http://www.virustotal.com/cs/
C:\Windows\unvise32.exe

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)



Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
• Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
• Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
• Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
• Během skenování může být počítač restartován.

[Ondra16]

Děkuji za pomoc, zde je odkaz na virus total:

http://www.virustotal.com/cs/analisis/5 ... 1268310215

Tady máte log z Combofixu:

ComboFix 10-03-21.04 - Sobolovi 22.03.2010 15:34:03.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2558.1311 [GMT 1:00]
Spuštěný z: c:\users\Sobolovi\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AVSredirect.dll
c:\windows\system32\Connect.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-22 do 2010-03-22 )))))))))))))))))))))))))))))))
.

2010-03-22 14:41 . 2010-03-22 14:41 -------- d-----w- c:\users\Sobolovi\AppData\Local\temp
2010-03-22 14:41 . 2010-03-22 14:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-21 14:47 . 2010-03-21 14:47 -------- d-----w- c:\program files\trend micro
2010-03-20 02:00 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-12 09:23 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-12 09:23 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-12 09:23 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-04 10:30 . 2010-03-04 10:30 -------- d-----w- c:\programdata\McAfee
2010-03-02 13:26 . 2010-03-02 13:26 -------- d-----w- c:\program files\Any Audio Converter
2010-03-01 19:05 . 2010-03-01 19:05 -------- d-----w- c:\program files\Lame for Audacity
2010-03-01 19:01 . 2010-03-11 20:34 -------- d-----w- c:\users\Sobolovi\AppData\Roaming\Audacity
2010-03-01 19:01 . 2010-03-01 19:01 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-03-01 10:56 . 2010-02-26 12:00 724992 ----a-w- c:\users\Sobolovi\AppData\Roaming\Mozilla\Firefox\Profiles\m80pbj08.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2010-03-01 10:56 . 2010-02-26 12:00 1291640 ----a-w- c:\users\Sobolovi\AppData\Roaming\Mozilla\Firefox\Profiles\m80pbj08.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2010-02-27 18:55 . 2010-02-27 19:28 -------- d-----w- c:\program files\MKVtoolnix
2010-02-27 17:37 . 2009-09-27 08:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2010-02-27 17:37 . 2004-02-22 09:11 719872 ----a-w- c:\windows\system32\devil.dll
2010-02-27 17:37 . 2010-02-27 17:37 -------- d-----w- c:\program files\AviSynth 2.5
2010-02-27 17:37 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-02-27 17:37 . 2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2010-02-27 17:37 . 2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2010-02-27 17:37 . 2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2010-02-27 17:37 . 2010-03-11 20:19 -------- d-----w- c:\program files\SUPER
2010-02-27 09:05 . 2010-02-27 09:05 -------- d-----w- c:\users\Sobolovi\AppData\Roaming\AnvSoft
2010-02-27 09:05 . 2010-02-27 09:05 -------- d-----w- c:\program files\AnvSoft
2010-02-27 08:51 . 2010-02-27 08:54 -------- d-----w- c:\users\Sobolovi\AppData\Roaming\avidemux
2010-02-26 04:35 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-02-25 15:29 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-25 15:29 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-25 15:29 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2010-02-25 15:29 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-02-25 02:01 . 2010-02-25 02:01 -------- d-----w- c:\program files\MSXML 4.0
2010-02-24 18:17 . 2010-02-24 18:17 -------- d-----w- c:\users\Sobolovi\AppData\Roaming\Locktime
2010-02-24 17:07 . 2010-02-24 17:07 -------- d-----w- c:\programdata\Locktime
2010-02-24 17:07 . 2010-02-24 17:07 -------- d-----w- c:\program files\NetLimiter 2 Monitor
2010-02-24 16:47 . 2010-02-24 16:47 -------- d-----w- c:\users\Sobolovi\AppData\Local\Broad Intelligence
2010-02-24 16:45 . 2010-02-24 18:11 -------- d-----w- c:\users\Sobolovi\AppData\Roaming\Broad Intelligence
2010-02-24 16:23 . 2010-02-24 16:23 -------- d-----w- c:\users\Sobolovi\AppData\Roaming\AVS4YOU
2010-02-24 16:03 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 16:01 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 16:01 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 16:01 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 16:01 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 16:01 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 16:01 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 16:01 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 16:01 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 16:01 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 16:01 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 16:01 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 16:01 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-23 15:55 . 2010-02-23 15:55 -------- d-----w- c:\users\Sobolovi\AppData\Roaming\DivX
2010-02-23 15:53 . 2004-03-29 16:23 90112 ----a-w- c:\windows\unvise32.exe
2010-02-23 15:53 . 2010-02-23 15:53 -------- d-----w- c:\program files\LooksBuilderSE
2010-02-23 15:43 . 2010-02-23 15:43 29926 ----a-r- c:\users\Sobolovi\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
2010-02-23 15:43 . 2010-02-23 15:43 -------- d-----w- c:\program files\Common Files\Pinnacle
2010-02-23 15:42 . 2010-02-23 15:42 -------- d-----w- c:\users\Sobolovi\AppData\Local\Downloaded Installations
2010-02-23 15:42 . 2010-02-23 15:42 -------- d-----w- c:\users\Sobolovi\AppData\Local\Pinnacle
2010-02-23 15:42 . 2010-02-23 15:42 -------- d-----w- c:\programdata\Pinnacle Studio Ultimate Collection
2010-02-23 15:36 . 2010-02-23 15:36 -------- d-----w- c:\program files\Common Files\Pegasus Imaging
2010-02-23 15:36 . 2010-02-23 15:36 -------- d-----w- c:\programdata\Studio 14
2010-02-23 15:36 . 2010-02-23 15:36 -------- d-----w- c:\programdata\Pinnacle Studio Plus
2010-02-23 15:36 . 2010-02-23 15:36 -------- d-----w- c:\program files\Common Files\Yahoo!
2010-02-23 15:32 . 2010-02-23 15:52 -------- d-----w- c:\program files\Pinnacle
2010-02-23 15:32 . 2010-02-23 15:41 -------- d-----w- c:\programdata\Pinnacle

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-22 14:38 . 2008-01-21 06:46 598594 ----a-w- c:\windows\system32\perfh005.dat
2010-03-22 14:38 . 2008-01-21 06:46 114786 ----a-w- c:\windows\system32\perfc005.dat
2010-03-22 14:31 . 2009-11-29 13:36 16608 ----a-w- c:\windows\gdrv.sys
2010-03-22 14:31 . 2009-11-29 16:49 35180 ----a-w- c:\programdata\nvModes.dat
2010-03-21 19:50 . 2009-11-29 14:38 -------- d-----w- c:\users\Sobolovi\AppData\Roaming\uTorrent
2010-03-21 07:28 . 2009-11-30 15:52 -------- d-----w- c:\programdata\CanonIJPLM
2010-03-20 08:12 . 2010-03-20 08:12 -------- d-----w- c:\program files\Free Ultra Video Editor
2010-03-20 07:06 . 2009-11-29 16:30 -------- d-----w- c:\users\Sobolovi\AppData\Roaming\Skype
2010-03-20 07:01 . 2009-11-29 16:32 -------- d-----w- c:\users\Sobolovi\AppData\Roaming\skypePM
2010-03-19 16:11 . 2009-11-29 15:00 -------- d-----w- c:\program files\CCleaner
2010-03-19 16:10 . 2009-11-29 15:01 -------- d-----w- c:\program files\Revo Uninstaller
2010-03-19 15:54 . 2009-11-29 17:44 139456 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-19 15:54 . 2009-11-29 17:44 190160 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-16 06:29 . 2009-11-30 20:10 -------- d-----w- c:\program files\uTorrent
2010-03-12 21:10 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-03 12:27 . 2009-11-29 17:44 138056 ----a-w- c:\users\Sobolovi\AppData\Roaming\PnkBstrK.sys
2010-03-03 12:27 . 2009-11-29 17:44 138056 ----a-w- c:\users\Sobolovi\AppData\Roaming\PnkBstrK.sys
2010-03-03 12:27 . 2009-11-29 17:44 2407792 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-02-25 02:20 . 2009-11-28 19:36 87160 ----a-w- c:\users\Sobolovi\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 18:46 . 2010-01-07 16:24 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-02-24 18:46 . 2010-01-07 16:24 -------- d-----w- c:\program files\AVS4YOU
2010-02-24 17:06 . 2009-11-29 14:41 -------- d-----w- c:\program files\Avast4
2010-02-24 09:16 . 2009-11-29 14:00 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-13 08:54 . 2010-02-13 08:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-02-11 17:31 . 2009-12-17 19:23 -------- d-----w- c:\program files\Google
2010-01-30 15:24 . 2010-01-30 15:24 -------- d-----w- c:\program files\TimeAdjuster
2010-01-24 14:30 . 2009-11-29 16:04 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-06 15:38 . 2010-02-24 16:01 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 16:01 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-24 16:01 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 16:01 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-02 06:38 . 2010-01-22 15:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 15:18 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 15:18 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 15:18 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2006-05-03 10:06 . 2010-02-27 17:37 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2010-02-27 17:37 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2010-02-27 17:37 216064 --sh--r- c:\windows\System32\nbDX.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-09-09 6281760]
"Skytel"="Skytel.exe" [2008-09-09 1833504]
"avast!"="c:\progra~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-30 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-11-29 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-11-29 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):cf,7a,72,17,86,75,ca,01

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-05 691696]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-17 135664]
S1 aswSP;avast! Self Protection; [x]
S1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-04-23 81688]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
S2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2008-08-08 80392]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-09-24 45600]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-17 19:23]

2010-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-17 19:23]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.volny.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Sobolovi\AppData\Roaming\Mozilla\Firefox\Profiles\m80pbj08.default\
FF - prefs.js: browser.startup.homepage - www.csfd.cz
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\Sobolovi\AppData\Roaming\Mozilla\Firefox\Profiles\m80pbj08.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Indeo® software - c:\radana\Uninst.isu
AddRemove-Kalender - c:\windows\Uninstall_tkexe -kalender



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-22 15:41
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-03-22 15:43:09
ComboFix-quarantined-files.txt 2010-03-22 14:43

Před spuštěním: Volných bajtů: 301 429 772 288
Po spuštění: Volných bajtů: 301 426 282 496

- - End Of File - - 5CCEAD7AB730BF688C624D084BE96DFB

[Caroprd111]

Jak to vypadá s PC

[Ondra16]

No docela dobré, občas padá internetové připojení, ale vždy po dlouhém používání Torrentu, takže to bude asi tím. Ještě mi pořád vyskakuje dialogové okno o Širokopásmovém připojení, které musím asi 3x odkliknout než zmizí. Ten soubot unvise32 byl v pořádku?

[Caroprd111]

Soubor je v pořádku, poprosím o nový log z RSIT.

[Ondra16]

Zde jest:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Sobolovi at 2010-03-22 20:45:19
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 288 GB (40%) free of 715 GB
Total RAM: 2558 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:45:27, on 22.3.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avast4\ashDisp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Ondra\Staženo\RSIT.exe
C:\Program Files\trend micro\Sobolovi.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.volny.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\System32\dvmurl.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

--
End of file - 4983 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-30 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-09-09 6281760]
"Skytel"=C:\Windows\Skytel.exe [2008-09-09 1833504]
"avast!"=C:\PROGRA~1\Avast4\ashDisp.exe [2009-11-25 81000]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2007-01-23 101136]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-30 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"USBToolTip"=C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [2007-02-20 199752]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-03-22 20:45:19 ----D---- C:\rsit
2010-03-22 15:43:12 ----SHD---- C:\$RECYCLE.BIN
2010-03-22 15:31:35 ----A---- C:\Windows\zip.exe
2010-03-22 15:31:35 ----A---- C:\Windows\SWSC.exe
2010-03-22 15:31:35 ----A---- C:\Windows\SWREG.exe
2010-03-22 15:31:35 ----A---- C:\Windows\sed.exe
2010-03-22 15:31:35 ----A---- C:\Windows\PEV.exe
2010-03-22 15:31:35 ----A---- C:\Windows\NIRCMD.exe
2010-03-22 15:31:35 ----A---- C:\Windows\MBR.exe
2010-03-22 15:31:35 ----A---- C:\Windows\grep.exe
2010-03-22 15:31:26 ----D---- C:\Windows\ERDNT
2010-03-22 15:28:06 ----D---- C:\ComboFix
2010-03-22 15:28:01 ----D---- C:\Qoobox
2010-03-22 15:27:48 ----A---- C:\Windows\SWXCACLS.exe
2010-03-21 15:47:33 ----D---- C:\Program Files\trend micro
2010-03-20 09:12:39 ----A---- C:\Windows\system32\NCTWMVFile.dll
2010-03-20 09:12:39 ----A---- C:\Windows\system32\NCTVideoFile.dll
2010-03-20 09:12:39 ----A---- C:\Windows\system32\NCTRMFile.dll
2010-03-20 09:12:39 ----A---- C:\Windows\system32\NCTMPEGFile.dll
2010-03-20 09:12:39 ----A---- C:\Windows\system32\NCTImageFile.dll
2010-03-20 09:12:39 ----A---- C:\Windows\system32\NCTAVIFile.dll
2010-03-20 09:12:38 ----A---- C:\Windows\system32\NCTVideoView.dll
2010-03-20 09:12:38 ----A---- C:\Windows\system32\NCTVideoTransform.dll
2010-03-20 09:12:38 ----A---- C:\Windows\system32\NCTVideoCoreM.dll
2010-03-20 09:12:38 ----A---- C:\Windows\system32\NCTVideoCompress.dll
2010-03-20 09:12:38 ----A---- C:\Windows\system32\NCTAudioPlayer2.dll
2010-03-20 09:12:38 ----A---- C:\Windows\system32\NCTAudioFile2.dll
2010-03-20 09:12:38 ----A---- C:\Windows\system32\NCTAudioCompress2.dll
2010-03-20 09:12:38 ----A---- C:\Windows\system32\lame_enc.dll
2010-03-20 09:12:37 ----D---- C:\Windows\system32\RMBin
2010-03-20 09:12:36 ----D---- C:\Program Files\Free Ultra Video Editor
2010-03-20 03:00:29 ----A---- C:\Windows\system32\browserchoice.exe
2010-03-12 10:23:44 ----A---- C:\Windows\system32\nshhttp.dll
2010-03-12 10:23:43 ----A---- C:\Windows\system32\httpapi.dll
2010-03-04 11:30:17 ----D---- C:\ProgramData\McAfee
2010-03-02 14:26:22 ----D---- C:\Program Files\Any Audio Converter
2010-03-01 20:05:07 ----D---- C:\Program Files\Lame for Audacity
2010-03-01 20:01:54 ----D---- C:\Users\Sobolovi\AppData\Roaming\Audacity
2010-03-01 20:01:45 ----D---- C:\Program Files\Audacity 1.3 Beta (Unicode)
2010-02-27 19:55:44 ----D---- C:\Program Files\MKVtoolnix
2010-02-27 18:37:38 ----A---- C:\Windows\system32\devil.dll
2010-02-27 18:37:38 ----A---- C:\Windows\system32\avisynth.dll
2010-02-27 18:37:37 ----D---- C:\Program Files\AviSynth 2.5
2010-02-27 18:37:37 ----A---- C:\Windows\system32\i420vfw.dll
2010-02-27 18:37:29 ----RSH---- C:\Windows\system32\nbDX.dll
2010-02-27 18:37:29 ----RSH---- C:\Windows\system32\msfDX.dll
2010-02-27 18:37:29 ----RSH---- C:\Windows\system32\flvDX.dll
2010-02-27 18:37:25 ----D---- C:\Program Files\SUPER
2010-02-27 10:05:15 ----D---- C:\Users\Sobolovi\AppData\Roaming\AnvSoft
2010-02-27 10:05:13 ----D---- C:\Program Files\AnvSoft
2010-02-27 09:51:18 ----D---- C:\Users\Sobolovi\AppData\Roaming\avidemux
2010-02-26 05:35:00 ----A---- C:\Windows\system32\winhttp.dll
2010-02-25 16:29:53 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-25 16:29:53 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-25 16:29:50 ----A---- C:\Windows\system32\schannel.dll
2010-02-25 16:29:50 ----A---- C:\Windows\system32\kerberos.dll
2010-02-25 03:01:04 ----D---- C:\Program Files\MSXML 4.0
2010-02-24 19:17:07 ----D---- C:\Users\Sobolovi\AppData\Roaming\Locktime
2010-02-24 18:07:49 ----D---- C:\ProgramData\Locktime
2010-02-24 18:07:34 ----D---- C:\Program Files\NetLimiter 2 Monitor
2010-02-24 17:45:32 ----D---- C:\Users\Sobolovi\AppData\Roaming\Broad Intelligence
2010-02-24 17:23:55 ----D---- C:\Users\Sobolovi\AppData\Roaming\AVS4YOU
2010-02-24 17:03:36 ----A---- C:\Windows\system32\tzres.dll
2010-02-24 17:01:24 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-24 17:01:24 ----A---- C:\Windows\system32\secproc.dll
2010-02-24 17:01:23 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-24 17:01:22 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-24 17:01:22 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-24 17:01:22 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-24 17:01:22 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-24 17:01:22 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-24 17:01:21 ----A---- C:\Windows\system32\msdrm.dll
2010-02-24 17:01:03 ----A---- C:\Windows\system32\gameux.dll
2010-02-24 17:01:02 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-02-24 17:01:02 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-02-24 16:34:24 ----A---- C:\Windows\system32\jscript.dll
2010-02-23 16:55:17 ----D---- C:\Users\Sobolovi\AppData\Roaming\DivX
2010-02-23 16:53:24 ----A---- C:\Windows\unvise32.exe
2010-02-23 16:53:22 ----D---- C:\Program Files\LooksBuilderSE
2010-02-23 16:43:14 ----D---- C:\Program Files\Common Files\Pinnacle
2010-02-23 16:42:07 ----D---- C:\ProgramData\Pinnacle Studio Ultimate Collection
2010-02-23 16:36:54 ----D---- C:\Program Files\Common Files\Pegasus Imaging
2010-02-23 16:36:53 ----D---- C:\ProgramData\Studio 14
2010-02-23 16:36:53 ----D---- C:\ProgramData\Pinnacle Studio Plus
2010-02-23 16:36:53 ----D---- C:\Program Files\Common Files\Yahoo!
2010-02-23 16:32:43 ----D---- C:\ProgramData\Pinnacle
2010-02-23 16:32:43 ----D---- C:\Program Files\Pinnacle

======List of files/folders modified in the last 1 months======

2010-03-22 20:45:27 ----D---- C:\Windows\Prefetch
2010-03-22 20:45:22 ----D---- C:\Windows\Temp
2010-03-22 19:02:06 ----D---- C:\Windows\System32
2010-03-22 19:02:06 ----D---- C:\Windows\inf
2010-03-22 19:02:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-22 18:54:47 ----D---- C:\Users\Sobolovi\AppData\Roaming\uTorrent
2010-03-22 18:27:22 ----D---- C:\Users\Sobolovi\AppData\Roaming\Skype
2010-03-22 16:01:46 ----D---- C:\Users\Sobolovi\AppData\Roaming\skypePM
2010-03-22 15:44:49 ----D---- C:\Program Files\totalcmd
2010-03-22 15:41:30 ----D---- C:\Windows
2010-03-22 15:41:30 ----A---- C:\Windows\system.ini
2010-03-22 15:39:01 ----D---- C:\Windows\system32\drivers
2010-03-22 15:39:01 ----D---- C:\Windows\AppPatch
2010-03-22 15:39:00 ----D---- C:\Program Files\Common Files
2010-03-22 15:26:58 ----SHD---- C:\System Volume Information
2010-03-21 16:18:31 ----D---- C:\Ondra
2010-03-21 15:47:33 ----RD---- C:\Program Files
2010-03-21 08:28:23 ----D---- C:\ProgramData\CanonIJPLM
2010-03-20 18:35:39 ----D---- C:\Hry
2010-03-20 18:16:20 ----D---- C:\Windows\system32\catroot2
2010-03-20 03:00:43 ----D---- C:\Windows\winsxs
2010-03-20 03:00:41 ----D---- C:\Windows\system32\catroot
2010-03-19 17:13:08 ----D---- C:\Windows\Debug
2010-03-19 17:11:16 ----D---- C:\Program Files\CCleaner
2010-03-19 17:10:31 ----D---- C:\Program Files\Revo Uninstaller
2010-03-19 16:54:00 ----A---- C:\Windows\system32\PnkBstrB.exe
2010-03-18 14:34:11 ----SHD---- C:\Windows\Installer
2010-03-16 15:20:01 ----D---- C:\Radana
2010-03-16 07:29:28 ----D---- C:\Program Files\uTorrent
2010-03-13 17:27:32 ----SD---- C:\Users\Sobolovi\AppData\Roaming\Microsoft
2010-03-12 22:10:33 ----D---- C:\Program Files\Windows Mail
2010-03-11 03:00:41 ----D---- C:\Program Files\Movie Maker
2010-03-07 21:27:25 ----D---- C:\Petr
2010-03-07 17:40:36 ----D---- C:\Program Files\Mozilla Firefox
2010-03-04 14:55:30 ----D---- C:\ProgramData
2010-03-03 13:27:10 ----A---- C:\Windows\system32\pbsvc_heroes.exe
2010-03-02 06:30:12 ----A---- C:\Windows\system32\mrt.exe
2010-02-27 18:37:36 ----RSD---- C:\Windows\Fonts
2010-02-27 09:18:43 ----D---- C:\Windows\rescache
2010-02-27 08:52:30 ----D---- C:\Windows\system32\cs-CZ
2010-02-25 19:11:43 ----D---- C:\Windows\system32\NDF
2010-02-24 19:46:21 ----D---- C:\Program Files\Common Files\AVSMedia
2010-02-24 19:46:18 ----D---- C:\Program Files\AVS4YOU
2010-02-24 18:06:28 ----D---- C:\Program Files\Avast4
2010-02-24 17:21:09 ----D---- C:\Program Files\Common Files\microsoft shared
2010-02-24 10:16:06 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 nltdi;nltdi; \??\C:\Windows\system32\drivers\nltdi.sys [2007-04-23 81688]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-03-22 16608]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-09-09 2167128]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2007-01-23 34576]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2007-01-23 33296]
R3 MarvinBus;Pinnacle Marvin Bus; C:\Windows\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-07-08 1050656]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-09-24 45600]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-09-27 9509832]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2008-08-25 15872]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 agumkyo5;agumkyo5; C:\Windows\system32\drivers\agumkyo5.sys []
S3 catchme;catchme; \??\C:\Users\Sobolovi\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Avast4\ashServ.exe [2009-11-25 138680]
R2 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [2008-08-08 80392]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 nlsvc;NetLimiter; C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe [2007-04-23 491520]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-09-27 215656]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-11-29 75064]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-17 135664]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

[Caroprd111]

Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

• Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
• Po použití program vymažte. Pozor,antiviry ho mohou falešně označit za vir.

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

• Spusťte.
• Klikněte na "CleanUp!". Potvrďte hlášky stiskem "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478

• Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.
  
  Záložka Čistič
• Dejte analyzovat, po dokončení dejte Spustit Ccleaner.
  
  Záložka Registry
• Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
  OK Zavřít

[Ondra16]

Podle vašich rad jsem pročistil počítač.

[Caroprd111]

V tom případě máme hotovo.