Prosím o kontrolu. Problém s explorer.exe

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Collect::
c:\windows\system32\azton.mt
c:\windows\system32\ltqzwir

File::
c:\documents and settings\All Users.WINDOWS\Data aplikací\20E5E011EE.sys

Driver::
20E5E011EE

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Na disku C se ti vytvoří adresář/složka pojmenovaná Qoobox a v ní bude další adresář Quarantine a v ní najdeš 2 archivy v podobném tvaru [4]-Submit a_2008-10-26@14.14.zip kde čísla za @ znamenají aktuální čas vytvoření souboru. Pošli mi je jako přílohu přes SZ. Dík.

[Reklama]

[jaboos]

ComboFix 09-02-07.01 - Dušan 2009-02-08 18:22:55.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.895.368 [GMT 1:00]
Spuštěný z: c:\documents and settings\Dušan\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Dušan\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090207-0] *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení

FILE ::
c:\documents and settings\All Users.WINDOWS\Data aplikací\20E5E011EE.sys
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS\Data aplikací\20E5E011EE.sys
c:\windows\system32\azton.mt
c:\windows\system32\ltqzwir

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-08 do 2009-02-08 )))))))))))))))))))))))))))))))
.

2009-02-08 17:58 . 2009-02-08 18:23 36,139,680 --a------ C:\09_Pili_jsme_a_budem.rar
2009-02-08 12:21 . 2008-10-04 11:38 <DIR> d-------- c:\documents and settings\Administrator.DU-C98609251519\Plocha
2009-02-08 12:21 . 2008-10-04 11:38 <DIR> d--h----- c:\documents and settings\Administrator.DU-C98609251519\Okolní tiskárny
2009-02-08 12:21 . 2008-10-04 11:38 <DIR> d--h----- c:\documents and settings\Administrator.DU-C98609251519\Okolní síť
2009-02-08 12:21 . 2008-10-04 11:38 <DIR> d-------- c:\documents and settings\Administrator.DU-C98609251519\Oblíbené položky
2009-02-08 12:21 . 2008-10-04 10:07 <DIR> d--h----- c:\documents and settings\Administrator.DU-C98609251519\Šablony
2009-02-08 12:21 . 2008-10-04 11:38 <DIR> dr------- c:\documents and settings\Administrator.DU-C98609251519\Nabídka Start
2009-02-08 12:21 . 2008-10-04 11:38 <DIR> d-------- c:\documents and settings\Administrator.DU-C98609251519\Dokumenty
2009-02-08 12:21 . 2009-02-08 12:24 <DIR> dr-h----- c:\documents and settings\Administrator.DU-C98609251519\Data aplikací
2009-02-08 12:21 . 2009-02-08 12:21 <DIR> d-------- c:\documents and settings\Administrator.DU-C98609251519
2009-02-03 13:29 . 2009-02-03 13:29 <DIR> d-------- c:\documents and settings\Dominik.DU-C98609251519\Data aplikací\Logitech
2009-02-01 15:41 . 2009-02-01 15:41 <DIR> d-------- c:\program files\Quicksys
2009-02-01 15:41 . 2009-02-01 15:41 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikací\Quicksys
2009-01-31 11:58 . 2009-01-31 11:58 <DIR> d---s---- c:\program files\Xfire
2009-01-31 11:58 . 2009-01-31 23:06 <DIR> d-------- c:\documents and settings\Dušan\Data aplikací\Xfire
2009-01-31 11:57 . 2003-03-16 00:15 90,112 --a------ c:\windows\unvise32.exe
2009-01-31 11:44 . 2009-01-31 20:26 <DIR> d-------- c:\program files\The Guild 2
2009-01-30 12:03 . 2009-01-30 12:03 <DIR> d-------- c:\documents and settings\Dušan\Data aplikací\AVS4YOU
2009-01-30 12:02 . 2009-01-30 12:02 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikací\AVS4YOU
2009-01-30 12:01 . 2009-01-30 12:54 <DIR> d-------- c:\program files\Common Files\AVSMedia
2009-01-30 12:01 . 2009-01-30 13:00 <DIR> d-------- c:\program files\AVS4YOU
2009-01-30 12:01 . 2008-08-13 10:22 1,700,352 --a------ c:\windows\system32\GdiPlus.dll
2009-01-30 11:57 . 2009-01-30 11:57 <DIR> d-------- c:\program files\VideoLAN
2009-01-30 11:50 . 2009-01-30 11:50 <DIR> d-------- c:\program files\Combined Community Codec Pack
2009-01-30 11:44 . 2009-01-30 11:46 156 --a------ c:\windows\Eztoo MKV Video Converter.ini
2009-01-30 11:44 . 2009-01-30 11:45 118 --a------ c:\windows\pro Eztoo MKV Video Converter.ini
2009-01-30 11:44 . 2009-01-30 11:46 1 --a------ c:\windows\system32\Eztoo MKV Video Converter.dat
2009-01-30 11:40 . 2009-01-30 11:42 <DIR> d-------- c:\program files\MKV to DVD Converter
2009-01-30 11:40 . 2009-01-30 11:40 <DIR> d-------- c:\documents and settings\Dušan\Data aplikací\DVD Flick
2009-01-30 11:40 . 2004-03-09 00:00 662,288 --a------ c:\windows\system32\mscomct2.ocx
2009-01-30 11:40 . 2004-03-09 00:00 212,240 --a------ c:\windows\system32\richtx32.ocx
2009-01-30 11:40 . 2000-05-19 17:56 81,920 --a------ c:\windows\system32\mbmouse.ocx
2009-01-30 11:40 . 2000-11-05 15:27 36,864 --a------ c:\windows\system32\trayicon.ocx
2009-01-29 21:03 . 2009-01-29 21:03 <DIR> d-------- c:\program files\Common Files\CyberLink
2009-01-20 17:13 . 2009-01-20 17:13 <DIR> d-------- c:\documents and settings\Dušan\Data aplikací\EPSON
2009-01-17 20:22 . 2009-01-17 20:30 <DIR> d-------- c:\program files\RegCleaner
2009-01-13 19:45 . 2009-01-13 19:45 <DIR> d-------- c:\documents and settings\Dušan\Data aplikací\skypePM
2009-01-13 19:45 . 2009-01-13 19:45 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-01-13 19:42 . 2009-01-13 19:42 <DIR> d-------- c:\program files\Skype
2009-01-13 19:42 . 2009-01-14 19:33 <DIR> d-------- c:\documents and settings\Dušan\Data aplikací\Skype
2009-01-13 19:41 . 2009-01-13 19:42 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikací\Skype
2009-01-12 18:03 . 2009-01-12 18:03 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikací\Raxco
2009-01-12 18:03 . 2009-01-05 14:16 71,184 -ra------ c:\windows\system32\drivers\DefragFS.sys
2009-01-12 18:02 . 2009-01-12 18:03 <DIR> d-------- c:\program files\Raxco

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 17:25 --------- d-----w c:\documents and settings\Dušan\Data aplikací\uTorrent
2009-02-07 15:56 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Data aplikací\TEMP
2009-02-07 09:14 --------- d-----w c:\program files\QIP
2009-02-04 16:01 --------- d-----w c:\program files\Warcraft III
2009-02-03 15:54 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\DriverScanner
2009-01-30 10:34 47,360 ----a-w c:\documents and settings\Dušan\Data aplikací\pcouffin.sys
2009-01-30 10:34 --------- d-----w c:\documents and settings\Dušan\Data aplikací\Vso
2009-01-29 20:07 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-29 20:04 --------- d-----w c:\documents and settings\Dušan\Data aplikací\CyberLink
2009-01-29 20:04 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\CyberLink
2009-01-29 20:02 --------- d-----w c:\program files\CyberLink
2009-01-29 19:31 --------- d-----w c:\documents and settings\Dušan\Data aplikací\dvdcss
2009-01-27 22:15 --------- d-----w c:\documents and settings\Dušan\Data aplikací\Hamachi
2009-01-26 16:14 --------- d-----w c:\program files\Kooperativa
2009-01-26 15:03 --------- d-----w c:\documents and settings\Dušan\Data aplikací\ICQ
2009-01-20 16:37 --------- d-----w c:\program files\ABBYY FineReader 6.0 Sprint
2009-01-13 18:42 --------- d-----w c:\program files\Common Files\Skype
2009-01-12 16:09 --------- d-----w c:\program files\RegScrubXP
2009-01-10 10:18 --------- d-----w c:\program files\EA GAMES
2009-01-07 16:24 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-06 17:04 626,688 ----a-w c:\windows\system32\msvcr80.dll
2009-01-06 17:04 548,864 ----a-w c:\windows\system32\msvcp80.dll
2009-01-06 17:03 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\MicroWorld
2009-01-04 17:38 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-04 17:38 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-04 17:21 --------- d-----w c:\program files\RegistryFix6
2009-01-03 17:48 --------- d-----w c:\documents and settings\Dušan\Data aplikací\Malwarebytes
2009-01-03 17:48 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2008-12-31 12:12 230,664 ----a-w c:\windows\system32\PDBoot.exe
2008-12-30 09:57 --------- d-----w c:\program files\Xilisoft
2008-12-25 09:18 --------- d-----w c:\program files\OLYMPUS
2008-12-23 17:24 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-23 17:14 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-23 17:14 --------- d-----w c:\documents and settings\Dušan\Data aplikací\SUPERAntiSpyware.com
2008-12-23 10:26 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\LogiShrd
2008-12-23 09:50 --------- d-----w c:\program files\Common Files\Logitech
2008-12-23 09:50 --------- d-----w c:\documents and settings\Dušan\Data aplikací\InstallShield
2008-12-22 17:33 --------- d-----w c:\documents and settings\Mamka.DU-C98609251519\Data aplikací\Logitech
2008-12-22 15:53 --------- d-----w c:\program files\PKR
2008-12-22 15:36 387 ----a-w c:\documents and settings\Dušan\Cossacks.reg
2008-12-22 15:36 387 ----a-w c:\documents and settings\Dušan\Cossacks.reg
2008-12-22 15:08 --------- d-----w c:\documents and settings\Dušan\Data aplikací\Logitech
2008-12-22 15:07 127,034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-12-22 15:07 --------- d-----w c:\program files\Logitech
2008-12-22 15:06 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\Logitech
2008-12-22 12:49 --------- dc-h--w c:\documents and settings\All Users.WINDOWS\Data aplikací\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-12-21 19:35 --------- d-----w c:\program files\ICQ6.5
2008-12-20 18:51 --------- d-----w c:\program files\Realtek AC97
2008-12-20 18:33 --------- dc-h--w c:\documents and settings\All Users.WINDOWS\Data aplikací\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
2008-12-20 18:33 --------- d-----w c:\program files\Uniblue DriverScanner 2009
2008-12-17 16:55 --------- d-----w c:\program files\Opera
2008-12-12 23:08 --------- d-----w c:\program files\RadLight Company
2008-12-12 23:08 --------- d-----w c:\documents and settings\Dušan\Data aplikací\RadLight Company
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-09 18:09 --------- d-----w c:\program files\QIP Infium
2008-12-09 16:20 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\SUPERAntiSpyware.com
2008-11-19 18:25 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-10-06 18:58 2,516 --sha-w c:\documents and settings\All Users.WINDOWS\Data aplikací\KGyGaAvL.sys
2007-06-04 14:54 47,360 ----a-w c:\documents and settings\Dušánek\Data aplikací\pcouffin.sys
2007-05-31 15:37 12 ----a-w c:\documents and settings\Dušánek\USERDATA.DAT
2004-08-17 13:49 27,648 ----a-w c:\documents and settings\Dušánek\findstr.exe
2004-08-17 13:49 147,968 ----a-w c:\documents and settings\Dušánek\regedit.exe
2001-10-25 14:00 9,216 ----a-w c:\documents and settings\Dušánek\find.exe
2001-10-25 14:00 11,264 ----a-w c:\documents and settings\Dušánek\attrib.exe
2008-10-04 09:17 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008100420081005\index.dat
.

------- Sigcheck -------

2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-04-13 23:50 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys
2008-06-20 12:51 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-02-08_13.37.40.96 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-08 13:55:42 16,384 ----atw c:\windows\temp\Perflib_Perfdata_574.dat
+ 2009-02-08 13:55:15 16,384 ----atw c:\windows\temp\Perflib_Perfdata_798.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"QIP2005"="c:\program files\QIP\qip.exe" [2009-02-06 3367424]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2008-10-08 270128]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-11-07 95536]
"Google Update"="c:\documents and settings\Dušan\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-01-20 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-17 7307264]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-17 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 97357]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-11-07 54576]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-10-07 75048]
"nwiz"="nwiz.exe" [2005-10-17 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Duçan\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-11-10 625952]

c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-22 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-23 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 AFPAnsi;Alfa File Protector Ansi;c:\windows\system32\drivers\AFPAnsi.sys [2008-12-22 43936]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-06 111184]
R1 SuperMounter;SuperMounter;c:\windows\system32\drivers\supermounter.sys [2008-12-22 11264]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-10-07 20:31:38 61424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-06 20560]
R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-12-31 693512]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2008-04-13 69120]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-12-31 910600]
.
Obsah adresáře 'Naplánované úlohy'

2009-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1450960922-682003330-1003.job
- c:\documents and settings\Dua []
.
.
------- Doplňkový sken -------
.
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 18:26:22
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1708537768-1450960922-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
.
Celkový čas: 2009-02-08 18:28:40
ComboFix-quarantined-files.txt 2009-02-08 17:28:37
ComboFix2.txt 2009-02-08 16:20:17
ComboFix3.txt 2009-02-08 12:38:32

Před spuštěním: 5 851 361 280
Po spuštění: 5,841,358,848

245 --- E O F --- 2009-01-14 18:45:02




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:36, on 8.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Documents and Settings\Dušan\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hamachi\hamachi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QIP\qip.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dušan\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8180 bytes

[jaro3]

Logy O.K.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Pokud nejsou problémy , je to vše.
EDIT , dík za zaslání.

[jaboos]

Takže problém stále přetrvává a teď se ještě k chybným hlášním přidal DRWTSN:EXE!!! Pleas help me!

[jaboos]

Přikládám HJT


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:39, on 14.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Documents and Settings\Dušan\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\RunOnce: [LogiSPSetupNeedReboot] rundll32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dušan\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8067 bytes

[jaro3]

Fix v HJT:
O4 - HKLM\..\RunOnce: [LogiSPSetupNeedReboot] rundll32.exe

Nic závadného tam není.
Stáhni si : Dr. Web CureIt
http://www.studna.cz/go/download/fid/48 ... 8c7f27dce2
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat.
Případně se muset win opravit, Dr,Watson.