Prosim o kontrolu logu

[Zabiacik]

Cauko, prosim o kontrolu logu.
Win sa mi nechce updatovat cez win update a ani instalovat ziadne nove uz stiahnute updaty

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:10, on 29. 6. 2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Zabiacik\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 1.20.208.183 d208s183.d208d.tog.sk
O1 - Hosts: 1.20.208.182 d208s182.d208d.tog.sk
O1 - Hosts: 1.20.203.24 d208s24.d208d.tog.sk
O1 - Hosts: 1.20.203.24 d203s24.d203d.grecodata.sk
O1 - Hosts: 81.91.83.14 L2authd.lineage2.com #L2
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com #L2 - GameGuard
O1 - Hosts: 81.91.83.14 l2 #web
O1 - Hosts: 81.91.83.14 Umbrella
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Zabiacik\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] "C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {6348A476-7FCF-4117-9A62-8F916614114C} (DMSelect Control) - http://d208s178.d208d.tog.sk:8901/graph ... Select.cab
O16 - DPF: {70E271D6-D305-11D7-8277-005056201604} (DMUpload Control) - http://d208s178.d208d.tog.sk:8901/graph ... Upload.cab
O16 - DPF: {8007756F-1C6E-430B-A41C-8CBACFEB68D7} (DMRegistry Control) - http://d208s178.d208d.tog.sk:8901/graph ... gistry.cab
O16 - DPF: {A59C68BC-803D-450E-B380-D414C4DB4650} (DMOfficeUpgrade Control) - http://d208s178.d208d.tog.sk:8901/graph ... pgrade.cab
O16 - DPF: {E059429D-2FF9-42EE-88A7-124C258B2D27} (DMDownload Control) - http://d208s178.d208d.tog.sk:8901/graph ... wnload.cab
O16 - DPF: {E73B15C8-64AE-4833-95B3-3432F1A085D7} (DMToolkit Control) - http://d208s178.d208d.tog.sk:8901/graph ... oolkit.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Saitek DirectOutput (SaiDOutput) - Saitek - C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12838 bytes

[Reklama]

[jaro3]

Odinstaluj:
AskBar,AskBarDis,Ask Toolbar

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Zabiacik\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 1.20.208.183 d208s183.d208d.tog.sk
O1 - Hosts: 1.20.208.182 d208s182.d208d.tog.sk
O1 - Hosts: 1.20.203.24 d208s24.d208d.tog.sk
O1 - Hosts: 1.20.203.24 d203s24.d203d.grecodata.sk
O1 - Hosts: 81.91.83.14 l2 #web
O1 - Hosts: 81.91.83.14 Umbrella
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Zabiacik\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (file missing)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O13 - Gopher Prefix:
O20 - AppInit_DLLs:


Pokud toto neznáš , tak též:

Kód: Vybrat vše

O16 - DPF: {6348A476-7FCF-4117-9A62-8F916614114C} (DMSelect Control) - http://d208s178.d208d.tog.sk:8901/graph ... Select.cab
O16 - DPF: {70E271D6-D305-11D7-8277-005056201604} (DMUpload Control) - http://d208s178.d208d.tog.sk:8901/graph ... Upload.cab
O16 - DPF: {8007756F-1C6E-430B-A41C-8CBACFEB68D7} (DMRegistry Control) - http://d208s178.d208d.tog.sk:8901/graph ... gistry.cab
O16 - DPF: {A59C68BC-803D-450E-B380-D414C4DB4650} (DMOfficeUpgrade Control) - http://d208s178.d208d.tog.sk:8901/graph ... pgrade.cab
O16 - DPF: {E059429D-2FF9-42EE-88A7-124C258B2D27} (DMDownload Control) - http://d208s178.d208d.tog.sk:8901/graph ... wnload.cab
O16 - DPF: {E73B15C8-64AE-4833-95B3-3432F1A085D7} (DMToolkit Control) - http://d208s178.d208d.tog.sk:8901/graph ... oolkit.ocx


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Zabiacik]

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 6.0.6001 Service Pack 1

29. 6. 2009 15:04:29
mbam-log-2009-06-29 (15-04-11).txt

Scan type: Quick Scan
Objects scanned: 79915
Time elapsed: 2 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\administrator\AppData\Local\Temp\01639.exe (Trojan.DNSChanger) -> No action taken.
c:\Users\administrator\AppData\Local\Temp\19451.exe (Trojan.DNSChanger) -> No action taken.
c:\Users\administrator\AppData\Local\Temp\21710.exe (Trojan.DNSChanger) -> No action taken.
c:\Users\administrator\AppData\Local\Temp\47810.exe (Trojan.DNSChanger) -> No action taken.
c:\Users\administrator\AppData\Local\Temp\51093.exe (Trojan.DNSChanger) -> No action taken.
c:\Users\administrator\AppData\Local\Temp\54550.exe (Trojan.DNSChanger) -> No action taken.
c:\Users\administrator\AppData\Local\Temp\79905.exe (Trojan.DNSChanger) -> No action taken.
c:\Users\administrator\AppData\Local\Temp\85414.exe (Trojan.DNSChanger) -> No action taken.
c:\Users\administrator\AppData\Local\Temp\95279.exe (Trojan.DNSChanger) -> No action taken.
c:\Users\administrator\AppData\Local\Temp\96019.exe (Trojan.DNSChanger) -> No action taken.
c:\Users\Administrator\AppData\Local\Temp\FreeHDplay.exe (Trojan.DNSChanger) -> No action taken.

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log

Stáhni si RSIT (by random/random)
- spusť ho, objeví se ti okno, tak pro pokračování klikni na Continue
- počkej až program proběhne a zobrazí se ti log jinak ho najdeš zde: C:\rsit\log.txt zkopíruj sem prosím celý jeho obsah
Později se podívám.

[Zabiacik]

MbAM
Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 6.0.6001 Service Pack 1

29. 6. 2009 15:18:00
mbam-log-2009-06-29 (15-18-00).txt

Scan type: Quick Scan
Objects scanned: 79913
Time elapsed: 1 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\administrator\AppData\Local\Temp\01639.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\19451.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\21710.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\47810.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\51093.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\54550.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\79905.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\85414.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\95279.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\96019.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\Users\Administrator\AppData\Local\Temp\FreeHDplay.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.

RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-06-29 15:21:20
Microsoft« Windows VistaÖ Business Service Pack 1
System drive C: has 15 GB (15%) free of 102 GB
Total RAM: 4094 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:21:26, on 29. 6. 2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\totalcmd\TOTALCMD.EXE
G:\RSIT.exe
C:\Program Files (x86)\Trend Micro\HijackThis\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O1 - Hosts: 1.20.208.183 d208s183.d208d.tog.sk
O1 - Hosts: 1.20.208.182 d208s182.d208d.tog.sk
O1 - Hosts: 1.20.203.24 d208s24.d208d.tog.sk
O1 - Hosts: 1.20.203.24 d203s24.d203d.grecodata.sk
O1 - Hosts: 81.91.83.14 L2authd.lineage2.com #L2
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com #L2 - GameGuard
O1 - Hosts: 81.91.83.14 l2 #web
O1 - Hosts: 81.91.83.14 Umbrella
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] "C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O16 - DPF: {6348A476-7FCF-4117-9A62-8F916614114C} (DMSelect Control) - http://d208s178.d208d.tog.sk:8901/graph ... Select.cab
O16 - DPF: {70E271D6-D305-11D7-8277-005056201604} (DMUpload Control) - http://d208s178.d208d.tog.sk:8901/graph ... Upload.cab
O16 - DPF: {8007756F-1C6E-430B-A41C-8CBACFEB68D7} (DMRegistry Control) - http://d208s178.d208d.tog.sk:8901/graph ... gistry.cab
O16 - DPF: {A59C68BC-803D-450E-B380-D414C4DB4650} (DMOfficeUpgrade Control) - http://d208s178.d208d.tog.sk:8901/graph ... pgrade.cab
O16 - DPF: {E059429D-2FF9-42EE-88A7-124C258B2D27} (DMDownload Control) - http://d208s178.d208d.tog.sk:8901/graph ... wnload.cab
O16 - DPF: {E73B15C8-64AE-4833-95B3-3432F1A085D7} (DMToolkit Control) - http://d208s178.d208d.tog.sk:8901/graph ... oolkit.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Intel« PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel« PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Saitek DirectOutput (SaiDOutput) - Saitek - C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12070 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{C73FDED3-9F75-4AA7-B5DB-CB93E0FD85EC}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"ITSecMng"=C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
"RemoteControl8"=C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
"PDVD8LanguageShortcut"=C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
"BDRegion"=C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [2008-05-19 91432]
"AdobeCS4ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1555968]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2007-06-20 451872]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-07-04 148776]
"PC Suite Tray"=C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-12 1414144]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Monitor Apache Servers.lnk - C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46390791-571d-11de-a523-00215dc18744}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f27cc565-d320-11dd-875b-002185529e08}]
shell\AutoRun\command - F:\autorun.exe


======File associations======

.txt - open - "C:\Program Files (x86)\PSPad editor\PSPad.exe" "%1"

======List of files/folders created in the last 1 months======

2009-06-29 15:21:20 ----D---- C:\rsit
2009-06-29 14:49:40 ----D---- C:\Users\Administrator\AppData\Roaming\Malwarebytes
2009-06-29 14:49:35 ----D---- C:\ProgramData\Malwarebytes
2009-06-29 14:49:35 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2009-06-29 12:55:00 ----D---- C:\Program Files (x86)\Trend Micro
2009-06-29 01:12:38 ----D---- C:\Program Files (x86)\Common Files\PCSuite
2009-06-29 01:12:14 ----SHD---- C:\Config.Msi
2009-06-29 01:11:33 ----D---- C:\Program Files (x86)\PC Connectivity Solution
2009-06-28 00:19:09 ----D---- C:\Users\Administrator\AppData\Roaming\teamspeak2
2009-06-28 00:19:01 ----D---- C:\Program Files (x86)\Teamspeak2_RC2
2009-06-28 00:13:42 ----D---- C:\Users\Administrator\AppData\Roaming\Hamachi
2009-06-27 22:56:28 ----D---- C:\Users\Administrator\AppData\Roaming\Notepad++
2009-06-27 13:37:43 ----D---- C:\Program Files (x86)\Common Files\PX Storage Engine
2009-06-27 13:37:41 ----D---- C:\Users\Administrator\AppData\Roaming\Winamp
2009-06-27 13:37:41 ----D---- C:\Program Files (x86)\Winamp
2009-06-25 18:55:00 ----D---- C:\Users\Administrator\AppData\Roaming\Zoner
2009-06-25 18:53:49 ----D---- C:\Program Files (x86)\Zoner
2009-06-14 00:00:54 ----D---- C:\Users\Administrator\AppData\Roaming\PTGui Pro
2009-06-13 23:59:52 ----D---- C:\Users\Administrator\AppData\Roaming\ZoomBrowser EX
2009-06-13 23:58:53 ----D---- C:\ProgramData\PhotoStitch
2009-06-13 23:34:18 ----D---- C:\Users\Administrator\AppData\Roaming\PTGui
2009-06-13 23:34:14 ----D---- C:\Program Files (x86)\PTGui
2009-06-09 16:37:18 ----D---- C:\Users\Administrator\AppData\Roaming\Canon
2009-06-09 16:11:40 ----D---- C:\ProgramData\ZoomBrowser
2009-06-09 16:10:44 ----D---- C:\Program Files (x86)\Canon
2009-06-09 16:06:20 ----D---- C:\Program Files (x86)\Common Files\Canon
2009-06-08 20:46:04 ----D---- C:\ProgramData\ALM
2009-05-31 13:58:48 ----D---- C:\Program Files (x86)\Lavasoft
2009-05-31 13:58:47 ----D---- C:\ProgramData\Lavasoft
2009-05-31 13:50:09 ----D---- C:\Windows\SoftwareDistribution

======List of files/folders modified in the last 1 months======

2009-06-29 15:21:27 ----D---- C:\Windows\Prefetch
2009-06-29 15:21:14 ----D---- C:\Windows\Temp
2009-06-29 14:49:36 ----D---- C:\Windows\system32\drivers
2009-06-29 14:49:35 ----RD---- C:\Program Files (x86)
2009-06-29 14:49:35 ----HD---- C:\ProgramData
2009-06-29 14:47:17 ----D---- C:\Program Files (x86)\Mozilla Firefox
2009-06-29 12:55:26 ----D---- C:\Windows\System32
2009-06-29 12:55:26 ----D---- C:\Windows\inf
2009-06-29 11:42:16 ----D---- C:\Users\Administrator\AppData\Roaming\Nokia
2009-06-29 11:27:55 ----AD---- C:\Windows
2009-06-29 01:13:25 ----SHD---- C:\System Volume Information
2009-06-29 01:12:52 ----SHD---- C:\Windows\Installer
2009-06-29 01:12:38 ----D---- C:\Program Files (x86)\Common Files
2009-06-29 01:12:36 ----D---- C:\Program Files (x86)\Nokia
2009-06-29 01:12:36 ----D---- C:\Program Files (x86)\Common Files\Nokia
2009-06-29 01:12:25 ----D---- C:\Windows\SysWOW64
2009-06-29 01:08:30 ----D---- C:\ProgramData\Installations
2009-06-28 13:08:07 ----D---- C:\Program Files (x86)\Warcraft III
2009-06-28 11:01:02 ----D---- C:\Users\Administrator\AppData\Roaming\uTorrent
2009-06-27 22:58:36 ----A---- C:\Windows\NeroDigital.ini
2009-06-27 13:28:19 ----SD---- C:\Users\Administrator\AppData\Roaming\Microsoft
2009-06-25 07:41:12 ----D---- C:\Users\Administrator\AppData\Roaming\Ahead
2009-06-14 00:00:52 ----RD---- C:\Program Files
2009-06-09 16:04:28 ----D---- C:\Users\Administrator\AppData\Roaming\Adobe
2009-06-08 20:46:04 ----D---- C:\Program Files (x86)\Adobe
2009-06-08 19:22:29 ----D---- C:\ProgramData\Adobe
2009-05-31 13:57:59 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2009-05-31 13:33:48 ----D---- C:\Program Files (x86)\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys []
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys []
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys []
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys []
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2008-05-15 32240]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys []
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys []
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 NETw5v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ; C:\Windows\system32\DRIVERS\NETw5v64.sys []
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2mdx64.sys []
R3 O2SDRDR;O2SDRDR; C:\Windows\system32\DRIVERS\o2sdx64.sys []
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 SaiMini;SaiMini; C:\Windows\system32\DRIVERS\SaiMini.sys []
R3 SaiNtBus;SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys []
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys []
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys []
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S3 aow9v6qd;aow9v6qd; C:\Windows\system32\drivers\aow9v6qd.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 dump_wmimmc;dump_wmimmc; \??\C:\Program Files (x86)\Lineage II\system\GameGuard\dump_wmimmc.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 Inspect;Comodo Firewall Network Driver; C:\Windows\system32\DRIVERS\inspect.sys []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [2008-04-10 4682]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 SaiH0762;SaiH0762; C:\Windows\system32\DRIVERS\SaiH0762.sys []
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys []
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys []
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys []
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys []
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys []
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys []
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys []
S3 whfltr2k;WheelMouse USB Lower Filter Driver; C:\Windows\system32\DRIVERS\whfltr2k.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe [2008-05-12 611664]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 EvtEng;Intel« PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-04-30 1371136]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
R2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=C:\Program Files\MySQL\MySQL Server 5.1\my.ini MySQL []
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe [2007-02-12 65536]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-01-05 66872]
R2 RegSrvc;Intel« PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-04-30 826368]
R2 SaiDOutput;Saitek DirectOutput; C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe [2008-04-04 241152]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-09-28 168296]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-07-04 267560]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S2 Apache2.2;Apache2.2; C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2008-12-10 24636]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-05 93696]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-05-18 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-18 655624]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-07-04 779560]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-19 19968]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []

-----------------EOF-----------------

[jaro3]

Stáhni si program OTMoveIt3 (by OldTimer)
http://www.edisk.cz/stahni/07995/OTMove ... .39KB.html
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services
aow9v6qd;aow9v6qd
aow9v6qd

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=-
"ForceActiveDesktopOn"=-
"NoActiveDesktopChanges"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46390791-571d-11de-a523-00215dc18744}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f27cc565-d320-11dd-875b-002185529e08}]

:Files
H:\Info.exe
F:\autorun.exe
C:\Windows\system32\drivers\aow9v6qd.sys

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.

V HJT proveď ten fix a vlož sem potom nový log z HJT.

[Zabiacik]

OTMovelt3
========== PROCESSES ==========
Unable to kill process: explorer.exe
========== SERVICES/DRIVERS ==========
Service\Driver aow9v6qd;aow9v6qd not found.
Service\Driver aow9v6qd;aow9v6qd not found.
Service\Driver aow9v6qd not found.
Service\Driver aow9v6qd not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\\ForceActiveDesktopOn deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\\NoActiveDesktopChanges deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46390791-571d-11de-a523-00215dc18744}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f27cc565-d320-11dd-875b-002185529e08}\\ deleted successfully.
========== FILES ==========
File/Folder H:\Info.exe not found.
File/Folder F:\autorun.exe not found.
File/Folder C:\Windows\system32\drivers\aow9v6qd.sys not found.
========== COMMANDS ==========
File delete failed. C:\Users\ADMINI~1\AppData\Local\Temp\NGLATempNokia\Nokia Sans Wide Bold v3.1.ttf scheduled to be deleted on reboot.
File delete failed. C:\Users\ADMINI~1\AppData\Local\Temp\etilqs_KylKjCeHSyQZF5J0LOXo scheduled to be deleted on reboot.
File delete failed. C:\Users\ADMINI~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be deleted on reboot.
File delete failed. C:\Users\ADMINI~1\AppData\Local\Temp\NGLALog.txt scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\TMP000000655F5408D5112494A8 scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\idaabuoi.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\idaabuoi.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\idaabuoi.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\idaabuoi.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\idaabuoi.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\idaabuoi.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTM by OldTimer - Version 2.1.0.1 log created on 06292009_210938

Files moved on Reboot...
C:\Users\ADMINI~1\AppData\Local\Temp\NGLATempNokia\Nokia Sans Wide Bold v3.1.ttf moved successfully.
File C:\Users\ADMINI~1\AppData\Local\Temp\etilqs_KylKjCeHSyQZF5J0LOXo not found!
C:\Users\ADMINI~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\ADMINI~1\AppData\Local\Temp\NGLALog.txt moved successfully.
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\Windows\temp\TMP000000655F5408D5112494A8 not found!
C:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\idaabuoi.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\idaabuoi.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\idaabuoi.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\idaabuoi.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\idaabuoi.default\urlclassifier3.sqlite moved successfully.
C:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\idaabuoi.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:14:27, on 29. 6. 2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O1 - Hosts: 1.20.208.183 d208s183.d208d.tog.sk
O1 - Hosts: 1.20.208.182 d208s182.d208d.tog.sk
O1 - Hosts: 1.20.203.24 d208s24.d208d.tog.sk
O1 - Hosts: 1.20.203.24 d203s24.d203d.grecodata.sk
O1 - Hosts: 81.91.83.14 L2authd.lineage2.com #L2
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com #L2 - GameGuard
O1 - Hosts: 81.91.83.14 l2 #web
O1 - Hosts: 81.91.83.14 Umbrella
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] "C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O16 - DPF: {6348A476-7FCF-4117-9A62-8F916614114C} (DMSelect Control) - http://d208s178.d208d.tog.sk:8901/graph ... Select.cab
O16 - DPF: {70E271D6-D305-11D7-8277-005056201604} (DMUpload Control) - http://d208s178.d208d.tog.sk:8901/graph ... Upload.cab
O16 - DPF: {8007756F-1C6E-430B-A41C-8CBACFEB68D7} (DMRegistry Control) - http://d208s178.d208d.tog.sk:8901/graph ... gistry.cab
O16 - DPF: {A59C68BC-803D-450E-B380-D414C4DB4650} (DMOfficeUpgrade Control) - http://d208s178.d208d.tog.sk:8901/graph ... pgrade.cab
O16 - DPF: {E059429D-2FF9-42EE-88A7-124C258B2D27} (DMDownload Control) - http://d208s178.d208d.tog.sk:8901/graph ... wnload.cab
O16 - DPF: {E73B15C8-64AE-4833-95B3-3432F1A085D7} (DMToolkit Control) - http://d208s178.d208d.tog.sk:8901/graph ... oolkit.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: IntelŽ PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: IntelŽ PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Saitek DirectOutput (SaiDOutput) - Saitek - C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12152 bytes

[jaro3]

Položky 01 a 016 jsi zkoušel fixovat nebo je znáš?

[Zabiacik]

Tie poznam

[jaro3]

Takže můžeš fixnout zbytečnosti:

Kód: Vybrat vše

O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

vyčisti systém CCleanerem

Žádná nákaza by tam již neměla být, jak vypadají aktualizace vyzkoušej a dej vědět třeba zítra.Nebo zkus manuálně.

[Zabiacik]

tento nejde zmazat
O1 - Hosts: ::1 localhost
mam manulane z hosta ?

[jaro3]

můžeš ponechat, zkus potom ty aktualizace, zítra..