Prosim o kontrolu logu

F$$lings · Příspěvekod **F$$lings** » 03 dub 2009 16:36

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:24:58, on 3.4.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Ventrilo\Ventrilo.exe
C:\Program Files (x86)\eMule\emule.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60341
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files (x86)\BS.Player ControlBar\BSToolbar.dll (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: APC UPS Status.lnk = ?
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6450 bytes

Reklama

Příspěvekod **jaro3** » 03 dub 2009 18:41

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

F$$lings · Příspěvekod **F$$lings** » 03 dub 2009 20:52

Malwarebytes' Anti-Malware 1.35
Verze databáze: 1938
Windows 6.0.6001 Service Pack 1

3.4.2009 20:51:12
mbam-log-2009-04-03 (20-50-59).txt

Typ skenu: Rychlý sken
Objektu skenováno: 54765
Uplynulý cas: 1 minute(s), 38 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 3
Infikované hodnoty registru: 1
Infikované položky dat registru: 7
Infikované složky: 0
Infikované soubory: 3

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.

Infikované položky dat registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Users\F$$lings\AppData\Local\Temp\khfGYPFy.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\warning.gif (Trojan.FakeAlert) -> No action taken.
C:\Program Files (x86)\ICQToolbar\toolbaru.dll (Adware.BHO) -> No action taken.

Příspěvekod **jaro3** » 03 dub 2009 21:10

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Stáhni si RSIT (by random/random)
- spusť ho, objeví se ti okno, tak pro pokračování klikni na Continue
- počkej až program proběhne a zobrazí se ti log jinak ho najdeš zde: C:\rsit\log.txt zkopíruj sem prosím celý jeho obsah
Nevylučuji , že budem pokračovat zítra..

F$$lings · Příspěvekod **F$$lings** » 03 dub 2009 21:28

Malwarebytes' Anti-Malware 1.35
Verze databáze: 1938
Windows 6.0.6001 Service Pack 1

3.4.2009 20:51:12
mbam-log-2009-04-03 (20-50-59).txt

Typ skenu: Rychlý sken
Objektu skenováno: 54765
Uplynulý cas: 1 minute(s), 38 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 3
Infikované hodnoty registru: 1
Infikované položky dat registru: 7
Infikované složky: 0
Infikované soubory: 3

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.

Infikované položky dat registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Users\F$$lings\AppData\Local\Temp\khfGYPFy.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\warning.gif (Trojan.FakeAlert) -> No action taken.
C:\Program Files (x86)\ICQToolbar\toolbaru.dll (Adware.BHO) -> No action taken.

F$$lings · Příspěvekod **F$$lings** » 03 dub 2009 21:33

RSIT LOG

Logfile of random's system information tool 1.06 (written by random/random)
Run by F$$lings at 2009-04-03 21:30:37
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 21 GB (35%) free of 60 GB
Total RAM: 4094 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30:39, on 3.4.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\F$$lings\Downloads\RSIT.exe
C:\Program Files (x86)\Trend Micro\HijackThis\F$$lings.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60341
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files (x86)\BS.Player ControlBar\BSToolbar.dll (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: APC UPS Status.lnk = ?
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6193 bytes

======Scheduled tasks folder======

C:\Windows\tasks\cjfusyxi.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{2C688203-7EB3-4327-9995-1CB417BA23F9} - BS.Player ControlBar - C:\Program Files (x86)\BS.Player ControlBar\BSToolbar.dll []
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2008-12-10 929224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"=C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 98304]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 138240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
APC UPS Status.lnk - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{672a1f0e-9dc2-11dd-89dd-806e6f6e6963}]
shell\AutoRun\command - E:\SETUP.EXE

======List of files/folders created in the last 1 months======

2009-04-03 21:30:37 ----D---- C:\rsit
2009-04-03 20:48:01 ----D---- C:\Users\F$$lings\AppData\Roaming\Malwarebytes
2009-04-03 20:47:57 ----D---- C:\ProgramData\Malwarebytes
2009-04-03 20:47:57 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2009-04-03 16:24:54 ----D---- C:\Program Files (x86)\Trend Micro
2009-04-03 15:22:23 ----N---- C:\Windows\Setup1.exe
2009-04-03 15:22:22 ----A---- C:\Windows\ST6UNST.EXE
2009-03-29 10:20:38 ----A---- C:\Windows\DIIUnin.exe
2009-03-27 20:45:14 ----A---- C:\Windows\system32\NMSDVDXU.dll
2009-03-27 20:45:14 ----A---- C:\Windows\system32\borlndmm.dll
2009-03-27 19:59:17 ----D---- C:\Users\F$$lings\AppData\Roaming\Hamachi
2009-03-27 19:58:45 ----D---- C:\Program Files (x86)\Hamachi
2009-03-27 19:33:44 ----D---- C:\Users\F$$lings\AppData\Roaming\DAEMON Tools Pro
2009-03-27 19:33:44 ----D---- C:\Users\F$$lings\AppData\Roaming\DAEMON Tools
2009-03-27 19:33:02 ----D---- C:\ProgramData\DAEMON Tools Lite
2009-03-27 19:32:44 ----D---- C:\Program Files (x86)\DAEMON Tools Toolbar
2009-03-27 19:32:42 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2009-03-27 19:14:47 ----D---- C:\Users\F$$lings\AppData\Roaming\DAEMON Tools Lite
2009-03-27 16:31:58 ----D---- C:\NVIDIA
2009-03-27 08:23:25 ----A---- C:\Windows\War3Unin.exe
2009-03-15 12:22:23 ----D---- C:\Program Files (x86)\ICQ6Toolbar
2009-03-15 12:22:15 ----D---- C:\ProgramData\ICQ
2009-03-15 12:21:21 ----D---- C:\Program Files (x86)\ICQ6.5
2009-03-11 23:10:57 ----D---- C:\Program Files (x86)\DVDVideoSoft
2009-03-11 23:01:29 ----A---- C:\Windows\dd_NET_Framework35_LangPack_MSI013E.txt
2009-03-11 23:01:18 ----A---- C:\Windows\dd_depcheck_NETFX_EXP_35.txt
2009-03-11 23:01:13 ----A---- C:\Windows\uxeventlog.txt
2009-03-11 23:01:13 ----A---- C:\Windows\dd_dotnetfx35install_lp.txt
2009-03-11 23:01:13 ----A---- C:\Windows\dd_dotnetfx35error_lp.txt
2009-03-11 16:51:40 ----A---- C:\Windows\system32\schannel.dll
2009-03-10 16:48:48 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-03-10 16:48:48 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-03-10 16:48:48 ----A---- C:\Windows\system32\infocardapi.dll
2009-03-10 16:48:48 ----A---- C:\Windows\system32\icardres.dll
2009-03-10 16:48:47 ----A---- C:\Windows\system32\icardagt.exe
2009-03-10 16:48:45 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-10 16:48:44 ----A---- C:\Windows\system32\PresentationHost.exe
2009-03-10 16:43:52 ----A---- C:\Windows\system32\netfxperf.dll
2009-03-10 16:43:42 ----A---- C:\Windows\system32\dfshim.dll
2009-03-10 16:43:31 ----A---- C:\Windows\system32\mscoree.dll
2009-03-10 16:43:23 ----A---- C:\Windows\system32\mscorier.dll
2009-03-10 16:43:20 ----A---- C:\Windows\system32\mscories.dll

======List of files/folders modified in the last 1 months======

2009-04-03 21:30:38 ----D---- C:\Windows\Temp
2009-04-03 21:27:18 ----D---- C:\Windows\SysWOW64
2009-04-03 21:27:18 ----D---- C:\Program Files (x86)\ICQToolbar
2009-04-03 20:48:00 ----D---- C:\Windows\system32\drivers
2009-04-03 20:47:57 ----RD---- C:\Program Files (x86)
2009-04-03 20:47:57 ----HD---- C:\ProgramData
2009-04-03 20:34:00 ----D---- C:\Windows\System32
2009-04-03 20:33:59 ----D---- C:\Windows\inf
2009-04-03 16:30:37 ----D---- C:\ProgramData\Spyware Terminator
2009-04-03 16:30:37 ----D---- C:\Program Files (x86)\Spyware Terminator
2009-04-03 16:19:02 ----D---- C:\Users\F$$lings\AppData\Roaming\Spyware Terminator
2009-04-03 16:04:44 ----SHD---- C:\System Volume Information
2009-04-03 16:01:46 ----SHD---- C:\Windows\Installer
2009-04-03 16:00:46 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2009-04-03 15:59:39 ----D---- C:\Windows\Prefetch
2009-04-03 15:59:01 ----D---- C:\ProgramData\Electronic Arts
2009-04-03 15:22:42 ----D---- C:\Windows
2009-03-29 13:00:05 ----A---- C:\Windows\system32\CmdLineExt03.dll
2009-03-29 10:28:10 ----D---- C:\Program Files (x86)\Mozilla Firefox
2009-03-29 10:27:51 ----D---- C:\Users\F$$lings\AppData\Roaming\uTorrent
2009-03-27 16:34:53 ----D---- C:\ProgramData\NVIDIA
2009-03-27 16:33:34 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2009-03-27 16:33:34 ----D---- C:\Program Files (x86)\AGEIA Technologies
2009-03-19 08:52:23 ----AD---- C:\ProgramData\TEMP
2009-03-19 08:52:21 ----D---- C:\Program Files (x86)\Fraps
2009-03-15 12:21:59 ----D---- C:\Program Files (x86)\ICQ6
2009-03-11 23:18:22 ----D---- C:\Windows\winsxs
2009-03-11 23:10:58 ----D---- C:\Program Files (x86)\Common Files\DVDVideoSoft
2009-03-11 23:06:50 ----D---- C:\Program Files (x86)\Windows Mail
2009-03-11 23:01:38 ----RSD---- C:\Windows\assembly
2009-03-10 19:13:55 ----D---- C:\Windows\Microsoft.NET
2009-03-10 17:14:38 ----D---- C:\Windows\rescache
2009-03-10 16:57:52 ----D---- C:\Windows\system32\cs-CZ
2009-03-10 16:57:51 ----D---- C:\Windows\system32\XPSViewer
2009-03-10 16:57:50 ----D---- C:\Windows\system32\wbem
2009-03-10 16:57:50 ----D---- C:\Windows\system32\en-US
2009-03-10 16:48:19 ----A---- C:\Windows\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 NVR0Dev;NVR0Dev; \??\C:\Windows\nvoclk64.sys [2007-09-04 39968]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
S1 EIO;EIO; \??\C:\Windows\system32\drivers\EIO64.sys []
S3 abjfi2az;abjfi2az; C:\Windows\system32\drivers\abjfi2az.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys []
S3 ENTECH64;ENTECH64; \??\C:\Windows\system32\DRIVERS\ENTECH64.sys []
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2009-02-15 20544]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys []
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys []
S3 HidBatt;Ovladač baterie zdroje UPS standardu HID; C:\Windows\system32\DRIVERS\HidBatt.sys []
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 APC UPS Service;APC UPS Service; C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe [2007-07-19 689408]
R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 nTuneService;nTune Service; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 180224]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe [2009-01-31 540672]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-27 93184]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]

-----------------EOF-----------------

PAK se mi zkazalo jeste tohle

Logfile of random's system information tool 1.06 (written by random/random)
Run by F$$lings at 2009-04-03 21:30:37
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 21 GB (35%) free of 60 GB
Total RAM: 4094 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30:39, on 3.4.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\F$$lings\Downloads\RSIT.exe
C:\Program Files (x86)\Trend Micro\HijackThis\F$$lings.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60341
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files (x86)\BS.Player ControlBar\BSToolbar.dll (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: APC UPS Status.lnk = ?
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6193 bytes

======Scheduled tasks folder======

C:\Windows\tasks\cjfusyxi.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{2C688203-7EB3-4327-9995-1CB417BA23F9} - BS.Player ControlBar - C:\Program Files (x86)\BS.Player ControlBar\BSToolbar.dll []
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2008-12-10 929224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"=C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 98304]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 138240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
APC UPS Status.lnk - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{672a1f0e-9dc2-11dd-89dd-806e6f6e6963}]
shell\AutoRun\command - E:\SETUP.EXE

======List of files/folders created in the last 1 months======

2009-04-03 21:30:37 ----D---- C:\rsit
2009-04-03 20:48:01 ----D---- C:\Users\F$$lings\AppData\Roaming\Malwarebytes
2009-04-03 20:47:57 ----D---- C:\ProgramData\Malwarebytes
2009-04-03 20:47:57 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2009-04-03 16:24:54 ----D---- C:\Program Files (x86)\Trend Micro
2009-04-03 15:22:23 ----N---- C:\Windows\Setup1.exe
2009-04-03 15:22:22 ----A---- C:\Windows\ST6UNST.EXE
2009-03-29 10:20:38 ----A---- C:\Windows\DIIUnin.exe
2009-03-27 20:45:14 ----A---- C:\Windows\system32\NMSDVDXU.dll
2009-03-27 20:45:14 ----A---- C:\Windows\system32\borlndmm.dll
2009-03-27 19:59:17 ----D---- C:\Users\F$$lings\AppData\Roaming\Hamachi
2009-03-27 19:58:45 ----D---- C:\Program Files (x86)\Hamachi
2009-03-27 19:33:44 ----D---- C:\Users\F$$lings\AppData\Roaming\DAEMON Tools Pro
2009-03-27 19:33:44 ----D---- C:\Users\F$$lings\AppData\Roaming\DAEMON Tools
2009-03-27 19:33:02 ----D---- C:\ProgramData\DAEMON Tools Lite
2009-03-27 19:32:44 ----D---- C:\Program Files (x86)\DAEMON Tools Toolbar
2009-03-27 19:32:42 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2009-03-27 19:14:47 ----D---- C:\Users\F$$lings\AppData\Roaming\DAEMON Tools Lite
2009-03-27 16:31:58 ----D---- C:\NVIDIA
2009-03-27 08:23:25 ----A---- C:\Windows\War3Unin.exe
2009-03-15 12:22:23 ----D---- C:\Program Files (x86)\ICQ6Toolbar
2009-03-15 12:22:15 ----D---- C:\ProgramData\ICQ
2009-03-15 12:21:21 ----D---- C:\Program Files (x86)\ICQ6.5
2009-03-11 23:10:57 ----D---- C:\Program Files (x86)\DVDVideoSoft
2009-03-11 23:01:29 ----A---- C:\Windows\dd_NET_Framework35_LangPack_MSI013E.txt
2009-03-11 23:01:18 ----A---- C:\Windows\dd_depcheck_NETFX_EXP_35.txt
2009-03-11 23:01:13 ----A---- C:\Windows\uxeventlog.txt
2009-03-11 23:01:13 ----A---- C:\Windows\dd_dotnetfx35install_lp.txt
2009-03-11 23:01:13 ----A---- C:\Windows\dd_dotnetfx35error_lp.txt
2009-03-11 16:51:40 ----A---- C:\Windows\system32\schannel.dll
2009-03-10 16:48:48 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-03-10 16:48:48 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-03-10 16:48:48 ----A---- C:\Windows\system32\infocardapi.dll
2009-03-10 16:48:48 ----A---- C:\Windows\system32\icardres.dll
2009-03-10 16:48:47 ----A---- C:\Windows\system32\icardagt.exe
2009-03-10 16:48:45 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-10 16:48:44 ----A---- C:\Windows\system32\PresentationHost.exe
2009-03-10 16:43:52 ----A---- C:\Windows\system32\netfxperf.dll
2009-03-10 16:43:42 ----A---- C:\Windows\system32\dfshim.dll
2009-03-10 16:43:31 ----A---- C:\Windows\system32\mscoree.dll
2009-03-10 16:43:23 ----A---- C:\Windows\system32\mscorier.dll
2009-03-10 16:43:20 ----A---- C:\Windows\system32\mscories.dll

======List of files/folders modified in the last 1 months======

2009-04-03 21:30:38 ----D---- C:\Windows\Temp
2009-04-03 21:27:18 ----D---- C:\Windows\SysWOW64
2009-04-03 21:27:18 ----D---- C:\Program Files (x86)\ICQToolbar
2009-04-03 20:48:00 ----D---- C:\Windows\system32\drivers
2009-04-03 20:47:57 ----RD---- C:\Program Files (x86)
2009-04-03 20:47:57 ----HD---- C:\ProgramData
2009-04-03 20:34:00 ----D---- C:\Windows\System32
2009-04-03 20:33:59 ----D---- C:\Windows\inf
2009-04-03 16:30:37 ----D---- C:\ProgramData\Spyware Terminator
2009-04-03 16:30:37 ----D---- C:\Program Files (x86)\Spyware Terminator
2009-04-03 16:19:02 ----D---- C:\Users\F$$lings\AppData\Roaming\Spyware Terminator
2009-04-03 16:04:44 ----SHD---- C:\System Volume Information
2009-04-03 16:01:46 ----SHD---- C:\Windows\Installer
2009-04-03 16:00:46 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2009-04-03 15:59:39 ----D---- C:\Windows\Prefetch
2009-04-03 15:59:01 ----D---- C:\ProgramData\Electronic Arts
2009-04-03 15:22:42 ----D---- C:\Windows
2009-03-29 13:00:05 ----A---- C:\Windows\system32\CmdLineExt03.dll
2009-03-29 10:28:10 ----D---- C:\Program Files (x86)\Mozilla Firefox
2009-03-29 10:27:51 ----D---- C:\Users\F$$lings\AppData\Roaming\uTorrent
2009-03-27 16:34:53 ----D---- C:\ProgramData\NVIDIA
2009-03-27 16:33:34 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2009-03-27 16:33:34 ----D---- C:\Program Files (x86)\AGEIA Technologies
2009-03-19 08:52:23 ----AD---- C:\ProgramData\TEMP
2009-03-19 08:52:21 ----D---- C:\Program Files (x86)\Fraps
2009-03-15 12:21:59 ----D---- C:\Program Files (x86)\ICQ6
2009-03-11 23:18:22 ----D---- C:\Windows\winsxs
2009-03-11 23:10:58 ----D---- C:\Program Files (x86)\Common Files\DVDVideoSoft
2009-03-11 23:06:50 ----D---- C:\Program Files (x86)\Windows Mail
2009-03-11 23:01:38 ----RSD---- C:\Windows\assembly
2009-03-10 19:13:55 ----D---- C:\Windows\Microsoft.NET
2009-03-10 17:14:38 ----D---- C:\Windows\rescache
2009-03-10 16:57:52 ----D---- C:\Windows\system32\cs-CZ
2009-03-10 16:57:51 ----D---- C:\Windows\system32\XPSViewer
2009-03-10 16:57:50 ----D---- C:\Windows\system32\wbem
2009-03-10 16:57:50 ----D---- C:\Windows\system32\en-US
2009-03-10 16:48:19 ----A---- C:\Windows\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 NVR0Dev;NVR0Dev; \??\C:\Windows\nvoclk64.sys [2007-09-04 39968]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
S1 EIO;EIO; \??\C:\Windows\system32\drivers\EIO64.sys []
S3 abjfi2az;abjfi2az; C:\Windows\system32\drivers\abjfi2az.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys []
S3 ENTECH64;ENTECH64; \??\C:\Windows\system32\DRIVERS\ENTECH64.sys []
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2009-02-15 20544]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys []
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys []
S3 HidBatt;Ovladač baterie zdroje UPS standardu HID; C:\Windows\system32\DRIVERS\HidBatt.sys []
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 APC UPS Service;APC UPS Service; C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe [2007-07-19 689408]
R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 nTuneService;nTune Service; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 180224]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe [2009-01-31 540672]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-27 93184]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]

-----------------EOF-----------------

F$$lings · Příspěvekod **F$$lings** » 03 dub 2009 21:41

Muj problem byl to ze se mi pri kombinaci CTRL+ALT+DEL neukazal spravce zarizeni uz ho tam mam takze diky moc za pomoc ale muzeme pokracovat dal a vymazat vsecko co tu nemam mit.

Příspěvekod **jaro3** » 03 dub 2009 22:30

Stáhni si program OTMoveIt3 (by OldTimer) a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services
abjfi2az

:Reg

:Files
C:\Windows\tasks\cjfusyxi.job
C:\Windows\system32\drivers\abjfi2az.sys
C:\Program Files (x86)\Trend Micro\HijackThis\F$$lings.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.

F$$lings · Příspěvekod **F$$lings** » 03 dub 2009 22:55

========== PROCESSES ==========
Unable to kill process: explorer.exe
========== SERVICES/DRIVERS ==========
Service\Driver abjfi2az not found.
Unable to delete service\driver keyabjfi2az.
========== REGISTRY ==========
========== FILES ==========
File move failed. C:\Windows\tasks\cjfusyxi.job scheduled to be moved on reboot.
File/Folder C:\Windows\system32\drivers\abjfi2az.sys not found.
File move failed. C:\Program Files (x86)\Trend Micro\HijackThis\F$$lings.exe scheduled to be moved on reboot.

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04032009_225441

Příspěvekod **jaro3** » 04 dub 2009 07:46

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files (x86)\BS.Player ControlBar\BSToolbar.dll (file missing)
O13 - Gopher Prefix:

takže jestli nejsou problémy,tak vyčisti systém CCleanerem

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Nainstaluj javu:
Java SE Runtime Environment 6u13
Vyber OS ( předpokládám Windows x64), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u13-windows-i586-p.exe
Pokud nejsou problémy , je to vše.

F$$lings · Příspěvekod **F$$lings** » 04 dub 2009 16:37

Dekuji mockrat vsecko funguje jak ma.

Prosim o kontrolu logu

Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Kdo je online