Preventivní kontrola, Díky!

[Larsnip]

Zdravím, prosím o preventivní kontrolu LOGU. PC se zdá být OK jen si nevím rady s chybovým hlašením (odeslat zprávu o chybách/ neodesílat) které mi tak dvakrát zaden zničeho nic vyskočí. Jedná se o hlášení nazvané jako Generic Host Process for Win 32 Services a následkem toho mi nejde zvuk. Pomůže jen restart. Napadlo mě jestli to nemůže způsobovat nějaká havěť, páč jako jiné řešení mě napadá už jen reinstal.
Děkuji.


Logfile of random's system information tool 1.06 (written by random/random)
Run by Romča at 2013-03-13 22:19:55
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 68 GB (30%) free of 226 GB
Total RAM: 2047 MB (53% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1500820517-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1500820517-839522115-1003UA.job
C:\WINDOWS\tasks\PCConfidential.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-606747145-1500820517-839522115-1003.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-606747145-1500820517-839522115-1006.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-1500820517-839522115-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-1500820517-839522115-1006.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2009-04-27 169392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-31 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-31 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-10-30 4297136]
"ISUSPM Startup"=c:\progra~1\common~1\instal~1\update~1\isuspm.exe [2004-04-17 196608]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-16 16862720]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2012-09-23 15512424]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2012-09-23 1634112]
"RivaTunerStartupDaemon"=I:\RivaTuner v2.11\RivaTuner v2.23\RivaTuner.exe [2009-02-15 2777088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files\Internet Download Manager\IDMan.exe [2009-07-16 2799024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-12-10 2254768]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
AutorunsDisabled

C:\Documents and Settings\Romča\Nabídka Start\Programy\Po spuštění
SpeedFan.lnk - C:\Program Files\SpeedFan\speedfan.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ASUS\GamerOSD\GamerOSD.exe"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe:*:Enabled:ASUS GamerOSD"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\Games\Boiling Point\Boiling Point\XENUS.EXE"="E:\Games\Boiling Point\Boiling Point\XENUS.EXE:*:Disabled:XENUS"
"E:\Games\The Club\Launcher.exe"="E:\Games\The Club\Launcher.exe:*:Enabled:The Club Launcher"
"E:\Games\The Club\TheClub.exe"="E:\Games\The Club\TheClub.exe:*:Enabled:The Club"
"E:\Games\S.T.A.L.K.E.R. - Shadow of Chernobyl\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="E:\Games\S.T.A.L.K.E.R. - Shadow of Chernobyl\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"E:\Games\S.T.A.L.K.E.R. - Shadow of Chernobyl\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="E:\Games\S.T.A.L.K.E.R. - Shadow of Chernobyl\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"E:\Games\Crysis\Bin32\Crysis.exe"="E:\Games\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"E:\Games\Crysis\Bin32\CrysisDedicatedServer.exe"="E:\Games\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"E:\Games\America's Army\System\ArmyOps.exe"="E:\Games\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"E:\Games\Test Drive Unlimited\TestDriveUnlimited.exe"="E:\Games\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited"
"E:\Games\Call of Duty 2\CoD2MP_s.exe"="E:\Games\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"E:\Games\Activision\Call of Duty 4\iw3mp.exe"="E:\Games\Activision\Call of Duty 4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"E:\Games\Call of Juarez\CoJ.exe"="E:\Games\Call of Juarez\CoJ.exe:*:Enabled:The Call of Juarez"
"E:\Games\Mirror's Edge\Binaries\MirrorsEdge.exe"="E:\Games\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™"
"E:\Games\Pro Evolution Soccer 2009\pes2009.exe"="E:\Games\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Games\Activision\Call of Duty - World at War\CoDWaW.exe"="E:\Games\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
"E:\Games\Activision\Call of Duty - World at War\CoDWaWmp.exe"="E:\Games\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
"E:\Games\FPSCORE Metro\FPSCORE Metro\fpscore.exe"="E:\Games\FPSCORE Metro\FPSCORE Metro\fpscore.exe:*:Enabled:fpscore"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"E:\Games\Bohemia Interactive\ArmA\ArmA\arma.exe"="E:\Games\Bohemia Interactive\ArmA\ArmA\arma.exe:*:Enabled:ArmA"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Program Files\Altitude\altitude.exe"="C:\Program Files\Altitude\altitude.exe:*:Enabled:altitude"
"E:\left 4 death\Left.4.Dead.Full-Rip.Up.By.0wn3R\Left 4 Dead\left4dead.exe"="E:\left 4 death\Left.4.Dead.Full-Rip.Up.By.0wn3R\Left 4 Dead\left4dead.exe:*:Enabled:left4dead"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"E:\Games\Prototype\prototypef.exe"="E:\Games\Prototype\prototypef.exe:*:Enabled:Prototype(TM)"
"C:\Documents and Settings\All Users\Data aplikací\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users\Data aplikací\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"E:\Games\Combat arms eu\Combat Arms EU\CombatArms.exe"="E:\Games\Combat arms eu\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"E:\Games\Combat arms eu\Combat Arms EU\Engine.exe"="E:\Games\Combat arms eu\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"E:\Games\Battlefield Bad Company 2 - BETA\BFBC2BetaUpdater.exe"="E:\Games\Battlefield Bad Company 2 - BETA\BFBC2BetaUpdater.exe:*:Enabled:Battlefield Bad Company 2 - BETA"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"E:\Games\Medal of Honor MP Beta\MoHMPUpdater.exe"="E:\Games\Medal of Honor MP Beta\MoHMPUpdater.exe:*:Enabled:Medal of Honor™ MP Beta"
"E:\Games\Medal of Honor MP Open Beta\MoHMPUpdater.exe"="E:\Games\Medal of Honor MP Open Beta\MoHMPUpdater.exe:*:Enabled:Medal of Honor™ MP Open Beta"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"E:\Games\Assassin's Creed II\AssassinsCreedIIGame.exe"="E:\Games\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II"
"E:\Games\Assassin's Creed II\AssassinsCreedII.exe"="E:\Games\Assassin's Creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update"
"E:\Games\Assassin's Creed II\UPlayBrowser.exe"="E:\Games\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"E:\Games\Crysis 2 Demo\bin32\Crysis2Launcher.exe"="E:\Games\Crysis 2 Demo\bin32\Crysis2Launcher.exe:*:Enabled:Crysis® 2 Demo"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"
"C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe:*:Enabled:Sunbelt Firewall Service"
"E:\Games\APB Reloaded\Binaries\APB.exe"="E:\Games\APB Reloaded\Binaries\APB.exe:*:Enabled:APB: APB.exe"
"E:\Games\APB Reloaded\Binaries\VivoxVoiceService.exe"="E:\Games\APB Reloaded\Binaries\VivoxVoiceService.exe:*:Enabled:APB: VivoxVoiceService.exe"
"E:\Games\ArmA 2 Free\Bohemia Interactive\arma2free.exe"="E:\Games\ArmA 2 Free\Bohemia Interactive\arma2free.exe:*:Enabled:ArmA 2 Free"
"C:\Documents and Settings\Romča\Local Settings\Data aplikací\Akamai\netsession_win.exe"="C:\Documents and Settings\Romča\Local Settings\Data aplikací\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface"
"E:\Games\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe"="E:\Games\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe:*:Enabled:Batman: Arkham Asylum"
"H:\Games\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe"="H:\Games\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe:*:Enabled:Batman: Arkham City™ GOTY"
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe"
"I:\Games\BioShock 2\SP\Builds\Binaries\Bioshock2.exe"="I:\Games\BioShock 2\SP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2"
"I:\Games\BioShock 2\MP\Builds\Binaries\Bioshock2.exe"="I:\Games\BioShock 2\MP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 Multiplayer"
"C:\Program Files\TeamViewer\Version8\TeamViewer.exe"="C:\Program Files\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Games\Combat arms eu\Combat Arms EU\CombatArms.exe"="E:\Games\Combat arms eu\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"E:\Games\Combat arms eu\Combat Arms EU\Engine.exe"="E:\Games\Combat arms eu\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{059f2b48-baae-11e1-bbab-00221599ace1}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\m.exe /s

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f795494-8c86-11e1-bb49-00221599ace1}]
shell\AutoRun\command - H:\RunClubSanDisk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{346ebc4a-969c-11e1-bb5e-00221599ace1}]
shell\AutoRun\command - H:\Samsung_Drive_Manager.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd023f46-0f4d-11df-b6a9-00221599ace1}]
shell\AutoRun\command - H:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1345db6-8860-11e0-b963-00221599ace1}]
shell\AutoRun\command - H:\LaunchU3.exe -a


======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2013-03-08 19:34:57 ----D---- C:\Program Files\Mozilla Firefox
2013-03-07 21:17:23 ----D---- C:\Documents and Settings\Romča\Data aplikací\MyPhoneExplorer
2013-03-07 21:17:18 ----D---- C:\Program Files\MyPhoneExplorer
2013-03-06 20:07:11 ----D---- C:\Program Files\Windows Mobile Developer Power Toys
2013-03-06 20:05:51 ----N---- C:\WINDOWS\system32\spmsg.dll
2013-03-06 20:05:50 ----HDC---- C:\WINDOWS\$NtUninstallKB894476$
2013-03-06 20:05:10 ----D---- C:\Program Files\Microsoft ActiveSync

======List of files/folders modified in the last 1 months======

2013-03-13 22:19:57 ----D---- C:\Program Files\trend micro
2013-03-13 22:10:30 ----D---- C:\Documents and Settings\Romča\Data aplikací\Skype
2013-03-13 22:07:41 ----D---- C:\WINDOWS\Temp
2013-03-13 21:28:22 ----D---- C:\WINDOWS\Prefetch
2013-03-13 20:19:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-03-13 18:06:12 ----D---- C:\Program Files\SpeedFan
2013-03-13 17:06:06 ----D---- C:\Documents and Settings\Romča\Data aplikací\skypePM
2013-03-12 20:38:04 ----D---- C:\WINDOWS
2013-03-12 19:22:42 ----D---- C:\WINDOWS\system32
2013-03-12 19:22:41 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-03-08 23:19:06 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-03-08 23:17:28 ----SH---- C:\boot.ini
2013-03-08 23:17:28 ----A---- C:\WINDOWS\win.ini
2013-03-08 23:17:28 ----A---- C:\WINDOWS\system.ini
2013-03-08 22:23:58 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2013-03-08 22:20:47 ----RD---- C:\Program Files
2013-03-07 22:50:52 ----D---- C:\WINDOWS\system32\CatRoot2
2013-03-06 20:07:13 ----SHD---- C:\WINDOWS\Installer
2013-03-06 20:07:13 ----D---- C:\Config.Msi
2013-03-06 20:06:40 ----HD---- C:\WINDOWS\inf
2013-03-06 20:05:11 ----D---- C:\WINDOWS\Help
2013-03-06 20:05:11 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-03-06 14:36:58 ----D---- C:\Documents and Settings\Romča\Data aplikací\DMCache
2013-03-03 13:32:46 ----D---- C:\Steam
2013-02-22 21:34:06 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2013-02-21 23:12:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2013-02-21 00:27:13 ----D---- C:\Documents and Settings\Romča\Data aplikací\uTorrent
2013-02-20 17:35:25 ----D---- C:\Documents and Settings\Romča\Data aplikací\Vso

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-10-30 25256]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2008-05-28 11136]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2012-10-30 35928]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-10-30 738504]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-10-30 361032]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-10-30 54232]
R1 EIO_XP;EIO_XP; \??\C:\WINDOWS\system32\drivers\EIO_XP.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-11-02 56572]
R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-10-30 21256]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-10-30 97608]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-10-03 44704]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-20 4800000]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2010-03-19 46632]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2012-09-23 12557728]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-09-22 47360]
R3 RivaTuner32;RivaTuner32; \??\I:\RivaTuner v2.11\RivaTuner v2.23\RivaTuner32.sys []
R3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2010-08-20 26112]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2008-05-28 10752]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2010-04-28 22856]
R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2010-04-28 66632]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 a44th99k;a44th99k; C:\WINDOWS\system32\drivers\a44th99k.sys []
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys [2008-05-28 12416]
S3 ASUSVRC;ASUSTeK Virtual Capture Device; C:\WINDOWS\system32\DRIVERS\AsusVRC.sys [2007-01-29 18432]
S3 CamSpaceBus;CamSpace Virtual Joystick Bus device driver; C:\WINDOWS\system32\drivers\CamSpaceBus.sys [2008-08-24 14848]
S3 CamSpaceJoy;CamSpace Virtual Joystick device driver; C:\WINDOWS\system32\drivers\CamSpaceJoy.sys [2008-08-24 30464]
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 catchme;catchme; \??\C:\DOCUME~1\ROMA~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena Classic\safedrv.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 PAC207;i-Look 110; C:\WINDOWS\system32\DRIVERS\PFC027.SYS []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2010-04-27 37704]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2010-04-28 31816]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2010-04-28 15048]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2008-05-28 262144]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-30 44808]
R2 GS In-Game Service;GS In-Game Service; C:\Program Files\GameTracker\GSInGameService.exe [2010-10-13 1677096]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 1435568]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-31 153376]
R2 mitsijm2011;Správce úloh aplikace Autodesk Moldflow Inventor Tool Suite Integration 2011; E:\Inventor2011\Moldflow\bin\mitsijm.exe [2010-01-23 462336]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2012-09-23 164200]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2012-05-18 76888]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2005-08-08 167936]
R2 TeamViewer8;TeamViewer 8; C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [2013-02-26 3560800]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-07 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-09-23 1258856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-12 253656]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-04-24 1045256]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-07 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe []
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-03-08 115608]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Zdravím!
Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

[Larsnip]

Díky za odpověď!

LOG z ComboFixu:


ComboFix 13-03-14.02 - Romča 14.03.2013 22:52:17.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1284 [GMT 1:00]
Spuštěný z: c:\documents and settings\RomŔa\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\ROMA~1\LOCALS~1\Temp\sfamcc00001.dll
c:\docume~1\ROMA~1\LOCALS~1\Temp\sfareca00001.dll
c:\documents and settings\Romča\Data aplikací\DVDSubEditLastFile0.txt
c:\documents and settings\Romča\Local Settings\temp\sfamcc00001.dll
c:\documents and settings\Romča\Local Settings\temp\sfareca00001.dll
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\msmqinst.log
c:\windows\system32\tmp1B4.tmp
c:\windows\system32\tmp1B5.tmp
c:\windows\system32\tmp20D.tmp
c:\windows\system32\tmp20E.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-14 do 2013-03-14 )))))))))))))))))))))))))))))))
.
.
2013-03-07 20:17 . 2013-03-07 20:17 -------- d-----w- c:\documents and settings\Romča\Data aplikací\MyPhoneExplorer
2013-03-07 20:17 . 2013-03-07 20:17 -------- d-----w- c:\program files\MyPhoneExplorer
2013-03-06 19:07 . 2013-03-06 19:08 -------- d-----w- c:\program files\Windows Mobile Developer Power Toys
2013-03-06 19:05 . 2013-03-06 19:05 -------- d-----w- c:\program files\Microsoft ActiveSync
2013-03-01 21:36 . 2013-03-01 21:36 -------- d-----w- c:\documents and settings\LocalService\Plocha
2013-03-01 21:36 . 2013-03-01 21:36 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2013-02-21 22:43 . 2013-02-21 22:43 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-14 20:09 . 2008-11-25 20:21 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2013-03-12 18:22 . 2012-06-09 16:18 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-12 18:22 . 2011-09-27 21:37 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 21:24 . 2008-11-26 19:47 139048 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-03-08 21:23 . 2009-03-24 20:29 282296 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-03-08 21:23 . 2008-11-26 19:47 282296 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-02-26 21:15 . 2008-11-26 19:47 282296 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-03-08 18:35 . 2013-03-08 18:34 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-04-17 196608]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-09-23 15512424]
"NvMediaCenter"="NvMCTray.dll" [2012-09-23 108392]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-09-23 1634112]
"RivaTunerStartupDaemon"="i:\rivatuner v2.11\RivaTuner v2.23\RivaTuner.exe" [2009-02-15 2777088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Romča\Nabídka Start\Programy\Po spuštění\
SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2012-9-12 4679672]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AutorunsDisabled
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [N/A]
GamersFirst LIVE!.lnk - c:\program files\GamersFirst\LIVE!\Live.exe [N/A]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [N/A]
Rychlé spuštění aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 15:50 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2009-07-16 20:42 2799024 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-12-10 16:29 2254768 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ASUS\\GamerOSD\\GamerOSD.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Games\\Crysis\\Bin32\\Crysis.exe"=
"e:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"e:\\Games\\Activision\\Call of Duty 4\\iw3mp.exe"=
"e:\\Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"e:\\left 4 death\\Left.4.Dead.Full-Rip.Up.By.0wn3R\\Left 4 Dead\\left4dead.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"e:\\Games\\Prototype\\prototypef.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"e:\\Games\\ArmA 2 Free\\Bohemia Interactive\\arma2free.exe"=
"e:\\Games\\Batman Arkham Asylum\\Binaries\\ShippingPC-BmGame.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"i:\\Games\\BioShock 2\\SP\\Builds\\Binaries\\Bioshock2.exe"=
"i:\\Games\\BioShock 2\\MP\\Builds\\Binaries\\Bioshock2.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9495:TCP"= 9495:TCP:BitComet 9495 TCP
"9495:UDP"= 9495:UDP:BitComet 9495 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"58511:TCP"= 58511:TCP:Pando Media Booster
"58511:UDP"= 58511:UDP:Pando Media Booster
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2.10.2012 23:14 161640]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.11.2008 20:21 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12.7.2011 14:57 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [26.11.2008 16:06 361032]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 6:51 277736]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26.11.2008 16:06 21256]
R2 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [13.10.2010 19:51 1677096]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [10.12.2012 17:29 1435568]
R2 mitsijm2011;Správce úloh aplikace Autodesk Moldflow Inventor Tool Suite Integration 2011;e:\inventor2011\Moldflow\bin\mitsijm.exe [23.1.2010 7:12 462336]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [29.12.2012 20:53 3560800]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [6.2.2009 19:42 47360]
S3 CamSpaceBus;CamSpace Virtual Joystick Bus device driver;c:\windows\system32\drivers\CamSpaceBus.sys [24.8.2008 12:55 14848]
S3 CamSpaceJoy;CamSpace Virtual Joystick device driver;c:\windows\system32\drivers\CamSpaceJoy.sys [24.8.2008 12:55 30464]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Classic\safedrv.sys --> c:\program files\Garena Classic\safedrv.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe" --> c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [?]
S3 PAC207;i-Look 110;c:\windows\system32\DRIVERS\PFC027.SYS --> c:\windows\system32\DRIVERS\PFC027.SYS [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2013-03-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 18:22]
.
2013-03-14 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-15 22:50]
.
2013-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-07 21:57]
.
2013-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-07 21:57]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Romča\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Romča\Data aplikací\Mozilla\Firefox\Profiles\7d9b3rxb.default\
FF - prefs.js: browser.startup.homepage - stahuj.cz
FF - ExtSQL: 2013-03-14 16:53; firefox@mega.co.nz; c:\documents and settings\Romča\Data aplikací\Mozilla\Firefox\Profiles\7d9b3rxb.default\extensions\firefox@mega.co.nz.xpi
.
.
------- Asociace souborů -------
.
.scr=DWGTrueViewScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{1EAC1D02-C6AC-4FA6-9A44-96258C37C813}_is1 - h:\games\World_of_Warplanes\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-14 22:59
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\avast! sandbox
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-606747145-1500820517-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1d,99,c9,47,de,82,cb,ac,76,97,09,de,31,fa,19,c7,09,be,44,e9,b1,03,6f,
4e,c3,2d,cf,b0,4e,9c,30,3f,5c,a8,09,6f,42,65,f6,38,19,ad,2d,fd,f7,1e,02,0f,\
"??"=hex:cb,d1,2f,38,60,0f,c0,e0,9a,0c,03,aa,c1,47,8a,b1
.
[HKEY_USERS\S-1-5-21-606747145-1500820517-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:24,3c,f6,53,3b,ff,83,f5,ca,48,e6,0d,cd,ad,71,13,ae,bf,99,e9,6f,
c8,2d,d7,b4,a6,2f,b5,ff,25,09,0d,e7,a8,bb,53,c0,b3,90,ba,1d,4c,04,5a,35,c9,\
"rkeysecu"=hex:26,d8,7e,0a,d9,45,e6,06,90,62,08,75,fc,2f,b1,87
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3a986b29-d712-476b-bb29-513cfc22a416}]
@Denied: (Full) (Everyone)
"Model"=dword:0000013c
"Therad"=dword:0000001c
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):63,3b,76,fc,3c,a2,d5,15,16,44,c5,0c,5b,50,df,25,65,09,f6,e1,69,
4f,99,d2,03,1f,d9,ab,fa,f4,92,cc,89,d6,da,6e,45,e7,33,e0,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):5d,fd,fe,fc,15,f5,53,27,27,f9,e9,ae,72,4c,cf,ce,28,95,bc,54,29,
f0,56,fd,89,5e,d8,72,2a,3c,fd,af,31,25,d5,b7,8b,9a,bf,cb,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{921db969-142d-45f7-bce3-fc41634edb8f}]
@Denied: (Full) (Everyone)
"Model"=dword:000000c1
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1516)
c:\windows\system32\msi.dll
c:\windows\system32\AcSignIcon.dll
e:\inventor2011\Bin\AcSignCore16.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\ATKKBService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\RunDLL32.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2013-03-14 23:03:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-03-14 22:02
.
Před spuštěním: Volných bajtů: 69 684 494 336
Po spuštění: Volných bajtů: 73 589 796 864
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 68DF07180C03A1830C01F34963485969

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Regnull::
[HKEY_USERS\S-1-5-21-606747145-1500820517-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-606747145-1500820517-839522115-1003\Software\SecuROM\License information*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3a986b29-d712-476b-bb29-513cfc22a416}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{921db969-142d-45f7-bce3-fc41634edb8f}]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[Larsnip]

Dočištění provedeno díky, doufám že pomohlo i na ty chybová hlášení .

ComboFix vyhodil další LOG:

ComboFix 13-03-14.02 - Romča 15.03.2013 22:49:00.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1325 [GMT 1:00]
Spuštěný z: c:\documents and settings\RomŔa\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\RomŔa\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\ROMA~1\LOCALS~1\Temp\sfamcc00001.dll
c:\docume~1\ROMA~1\LOCALS~1\Temp\sfareca00001.dll
c:\documents and settings\Romča\Local Settings\temp\sfamcc00001.dll
c:\documents and settings\Romča\Local Settings\temp\sfareca00001.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\drivers\etc\hosts.ics
.
Nakažená kopie c:\windows\system32\Drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\erdnt\cache\atapi.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-15 do 2013-03-15 )))))))))))))))))))))))))))))))
.
.
2013-03-07 20:17 . 2013-03-07 20:17 -------- d-----w- c:\documents and settings\Romča\Data aplikací\MyPhoneExplorer
2013-03-07 20:17 . 2013-03-07 20:17 -------- d-----w- c:\program files\MyPhoneExplorer
2013-03-06 19:07 . 2013-03-06 19:08 -------- d-----w- c:\program files\Windows Mobile Developer Power Toys
2013-03-06 19:05 . 2013-03-06 19:05 -------- d-----w- c:\program files\Microsoft ActiveSync
2013-03-01 21:36 . 2013-03-01 21:36 -------- d-----w- c:\documents and settings\LocalService\Plocha
2013-03-01 21:36 . 2013-03-01 21:36 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2013-02-21 22:43 . 2013-02-21 22:43 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-14 20:09 . 2008-11-25 20:21 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2013-03-12 18:22 . 2012-06-09 16:18 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-12 18:22 . 2011-09-27 21:37 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 21:24 . 2008-11-26 19:47 139048 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-03-08 21:23 . 2009-03-24 20:29 282296 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-03-08 21:23 . 2008-11-26 19:47 282296 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-02-26 21:15 . 2008-11-26 19:47 282296 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-03-08 18:35 . 2013-03-08 18:34 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-04-17 196608]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-09-23 15512424]
"NvMediaCenter"="NvMCTray.dll" [2012-09-23 108392]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-09-23 1634112]
"RivaTunerStartupDaemon"="i:\rivatuner v2.11\RivaTuner v2.23\RivaTuner.exe" [2009-02-15 2777088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Romča\Nabídka Start\Programy\Po spuštění\
SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2012-9-12 4679672]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AutorunsDisabled
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [N/A]
GamersFirst LIVE!.lnk - c:\program files\GamersFirst\LIVE!\Live.exe [N/A]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [N/A]
Rychlé spuštění aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 15:50 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2009-07-16 20:42 2799024 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-12-10 16:29 2254768 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ASUS\\GamerOSD\\GamerOSD.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Games\\Crysis\\Bin32\\Crysis.exe"=
"e:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"e:\\Games\\Activision\\Call of Duty 4\\iw3mp.exe"=
"e:\\Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"e:\\left 4 death\\Left.4.Dead.Full-Rip.Up.By.0wn3R\\Left 4 Dead\\left4dead.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"e:\\Games\\Prototype\\prototypef.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"e:\\Games\\ArmA 2 Free\\Bohemia Interactive\\arma2free.exe"=
"e:\\Games\\Batman Arkham Asylum\\Binaries\\ShippingPC-BmGame.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"i:\\Games\\BioShock 2\\SP\\Builds\\Binaries\\Bioshock2.exe"=
"i:\\Games\\BioShock 2\\MP\\Builds\\Binaries\\Bioshock2.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9495:TCP"= 9495:TCP:BitComet 9495 TCP
"9495:UDP"= 9495:UDP:BitComet 9495 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"58511:TCP"= 58511:TCP:Pando Media Booster
"58511:UDP"= 58511:UDP:Pando Media Booster
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2.10.2012 23:14 161640]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.11.2008 20:21 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12.7.2011 14:57 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [26.11.2008 16:06 361032]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 6:51 277736]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26.11.2008 16:06 21256]
R2 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [13.10.2010 19:51 1677096]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [10.12.2012 17:29 1435568]
R2 mitsijm2011;Správce úloh aplikace Autodesk Moldflow Inventor Tool Suite Integration 2011;e:\inventor2011\Moldflow\bin\mitsijm.exe [23.1.2010 7:12 462336]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [29.12.2012 20:53 3560800]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [6.2.2009 19:42 47360]
S3 CamSpaceBus;CamSpace Virtual Joystick Bus device driver;c:\windows\system32\drivers\CamSpaceBus.sys [24.8.2008 12:55 14848]
S3 CamSpaceJoy;CamSpace Virtual Joystick device driver;c:\windows\system32\drivers\CamSpaceJoy.sys [24.8.2008 12:55 30464]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Classic\safedrv.sys --> c:\program files\Garena Classic\safedrv.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe" --> c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [?]
S3 PAC207;i-Look 110;c:\windows\system32\DRIVERS\PFC027.SYS --> c:\windows\system32\DRIVERS\PFC027.SYS [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-03-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 18:22]
.
2013-03-15 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-15 22:50]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-07 21:57]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-07 21:57]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Romča\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Romča\Data aplikací\Mozilla\Firefox\Profiles\7d9b3rxb.default\
FF - prefs.js: browser.startup.homepage - stahuj.cz
FF - ExtSQL: 2013-03-14 16:53; firefox@mega.co.nz; c:\documents and settings\Romča\Data aplikací\Mozilla\Firefox\Profiles\7d9b3rxb.default\extensions\firefox@mega.co.nz.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-15 22:59
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-606747145-1500820517-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1d,99,c9,47,de,82,cb,ac,76,97,09,de,31,fa,19,c7,09,be,44,e9,b1,03,6f,
4e,c3,2d,cf,b0,4e,9c,30,3f,5c,a8,09,6f,42,65,f6,38,19,ad,2d,fd,f7,1e,02,0f,\
"??"=hex:cb,d1,2f,38,60,0f,c0,e0,9a,0c,03,aa,c1,47,8a,b1
.
[HKEY_USERS\S-1-5-21-606747145-1500820517-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:24,3c,f6,53,3b,ff,83,f5,ca,48,e6,0d,cd,ad,71,13,ae,bf,99,e9,6f,
c8,2d,d7,b4,a6,2f,b5,ff,25,09,0d,e7,a8,bb,53,c0,b3,90,ba,1d,4c,04,5a,35,c9,\
"rkeysecu"=hex:26,d8,7e,0a,d9,45,e6,06,90,62,08,75,fc,2f,b1,87
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3a986b29-d712-476b-bb29-513cfc22a416}]
@Denied: (Full) (Everyone)
"Model"=dword:0000013c
"Therad"=dword:0000001c
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):63,3b,76,fc,3c,a2,d5,15,16,44,c5,0c,5b,50,df,25,65,09,f6,e1,69,
4f,99,d2,03,1f,d9,ab,fa,f4,92,cc,89,d6,da,6e,45,e7,33,e0,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):5d,fd,fe,fc,15,f5,53,27,27,f9,e9,ae,72,4c,cf,ce,28,95,bc,54,29,
f0,56,fd,89,5e,d8,72,2a,3c,fd,af,31,25,d5,b7,8b,9a,bf,cb,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{921db969-142d-45f7-bce3-fc41634edb8f}]
@Denied: (Full) (Everyone)
"Model"=dword:000000c1
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3260)
c:\windows\system32\msi.dll
c:\windows\system32\AcSignIcon.dll
e:\inventor2011\Bin\AcSignCore16.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\ATKKBService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2013-03-15 23:01:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-03-15 22:01
ComboFix2.txt 2013-03-14 22:03
.
Před spuštěním: Volných bajtů: 73 318 273 024
Po spuštění: Volných bajtů: 73 295 147 008
.
- - End Of File - - F291114F6101FF524566221CA494BBCB

[Rudy]

Log již vypadá čistý.

[Larsnip]

Děkuji za pomoc s přočištěním PC od havěti. ale chybové hlášení sem tam vyskočí takže se stejně reinstalu nevyhnu

[Rudy]

Dejte ještě log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[Larsnip]

Díky za Váš čas. Nyní jsem spustil ComboFix po chybovém hlášení, díky němuž mi pokaždá nejde zvuk.

ComboFix 13-03-17.01 - Romča 17.03.2013 17:09:06.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1252 [GMT 1:00]
Spuštěný z: c:\documents and settings\Romča\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\ROMA~1\LOCALS~1\Temp\sfamcc00001.dll
c:\docume~1\ROMA~1\LOCALS~1\Temp\sfareca00001.dll
c:\documents and settings\Romča\Local Settings\temp\sfamcc00001.dll
c:\documents and settings\Romča\Local Settings\temp\sfareca00001.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-17 do 2013-03-17 )))))))))))))))))))))))))))))))
.
.
2013-03-07 20:17 . 2013-03-07 20:17 -------- d-----w- c:\documents and settings\Romča\Data aplikací\MyPhoneExplorer
2013-03-07 20:17 . 2013-03-07 20:17 -------- d-----w- c:\program files\MyPhoneExplorer
2013-03-06 19:07 . 2013-03-06 19:08 -------- d-----w- c:\program files\Windows Mobile Developer Power Toys
2013-03-06 19:05 . 2013-03-06 19:05 -------- d-----w- c:\program files\Microsoft ActiveSync
2013-03-01 21:36 . 2013-03-01 21:36 -------- d-----w- c:\documents and settings\LocalService\Plocha
2013-03-01 21:36 . 2013-03-01 21:36 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2013-02-21 22:43 . 2013-02-21 22:43 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-16 21:32 . 2008-11-25 20:21 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2013-03-16 20:48 . 2008-11-26 19:47 139048 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-03-16 20:48 . 2009-03-24 20:29 282296 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-03-16 20:48 . 2008-11-26 19:47 282296 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-03-12 18:22 . 2012-06-09 16:18 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-12 18:22 . 2011-09-27 21:37 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 21:23 . 2008-11-26 19:47 282296 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-03-08 18:35 . 2013-03-08 18:34 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-04-17 196608]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-09-23 15512424]
"NvMediaCenter"="NvMCTray.dll" [2012-09-23 108392]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-09-23 1634112]
"RivaTunerStartupDaemon"="i:\rivatuner v2.11\RivaTuner v2.23\RivaTuner.exe" [2009-02-15 2777088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Romča\Nabídka Start\Programy\Po spuštění\
SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2012-9-12 4679672]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AutorunsDisabled
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [N/A]
GamersFirst LIVE!.lnk - c:\program files\GamersFirst\LIVE!\Live.exe [N/A]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [N/A]
Rychlé spuštění aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 15:50 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2009-07-16 20:42 2799024 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-12-10 16:29 2254768 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ASUS\\GamerOSD\\GamerOSD.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Games\\Crysis\\Bin32\\Crysis.exe"=
"e:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"e:\\Games\\Activision\\Call of Duty 4\\iw3mp.exe"=
"e:\\Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"e:\\left 4 death\\Left.4.Dead.Full-Rip.Up.By.0wn3R\\Left 4 Dead\\left4dead.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"e:\\Games\\Prototype\\prototypef.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"e:\\Games\\ArmA 2 Free\\Bohemia Interactive\\arma2free.exe"=
"e:\\Games\\Batman Arkham Asylum\\Binaries\\ShippingPC-BmGame.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"i:\\Games\\BioShock 2\\SP\\Builds\\Binaries\\Bioshock2.exe"=
"i:\\Games\\BioShock 2\\MP\\Builds\\Binaries\\Bioshock2.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9495:TCP"= 9495:TCP:BitComet 9495 TCP
"9495:UDP"= 9495:UDP:BitComet 9495 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"58511:TCP"= 58511:TCP:Pando Media Booster
"58511:UDP"= 58511:UDP:Pando Media Booster
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2.10.2012 23:14 161640]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.11.2008 20:21 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12.7.2011 14:57 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [26.11.2008 16:06 361032]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 6:51 277736]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26.11.2008 16:06 21256]
R2 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [13.10.2010 19:51 1677096]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [10.12.2012 17:29 1435568]
R2 mitsijm2011;Správce úloh aplikace Autodesk Moldflow Inventor Tool Suite Integration 2011;e:\inventor2011\Moldflow\bin\mitsijm.exe [23.1.2010 7:12 462336]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [29.12.2012 20:53 3560800]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [6.2.2009 19:42 47360]
S3 CamSpaceBus;CamSpace Virtual Joystick Bus device driver;c:\windows\system32\drivers\CamSpaceBus.sys [24.8.2008 12:55 14848]
S3 CamSpaceJoy;CamSpace Virtual Joystick device driver;c:\windows\system32\drivers\CamSpaceJoy.sys [24.8.2008 12:55 30464]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Classic\safedrv.sys --> c:\program files\Garena Classic\safedrv.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe" --> c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [?]
S3 PAC207;i-Look 110;c:\windows\system32\DRIVERS\PFC027.SYS --> c:\windows\system32\DRIVERS\PFC027.SYS [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-03-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 18:22]
.
2013-03-17 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-15 22:50]
.
2013-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-07 21:57]
.
2013-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-07 21:57]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Romča\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Romča\Data aplikací\Mozilla\Firefox\Profiles\7d9b3rxb.default\
FF - prefs.js: browser.startup.homepage - stahuj.cz
FF - ExtSQL: 2013-03-14 16:53; firefox@mega.co.nz; c:\documents and settings\Romča\Data aplikací\Mozilla\Firefox\Profiles\7d9b3rxb.default\extensions\firefox@mega.co.nz.xpi
.
.
------- Asociace souborů -------
.
.scr=DWGTrueViewScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-17 17:20
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-606747145-1500820517-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1d,99,c9,47,de,82,cb,ac,76,97,09,de,31,fa,19,c7,09,be,44,e9,b1,03,6f,
4e,c3,2d,cf,b0,4e,9c,30,3f,5c,a8,09,6f,42,65,f6,38,19,ad,2d,fd,f7,1e,02,0f,\
"??"=hex:cb,d1,2f,38,60,0f,c0,e0,9a,0c,03,aa,c1,47,8a,b1
.
[HKEY_USERS\S-1-5-21-606747145-1500820517-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:24,3c,f6,53,3b,ff,83,f5,ca,48,e6,0d,cd,ad,71,13,ae,bf,99,e9,6f,
c8,2d,d7,b4,a6,2f,b5,ff,25,09,0d,e7,a8,bb,53,c0,b3,90,ba,1d,4c,04,5a,35,c9,\
"rkeysecu"=hex:26,d8,7e,0a,d9,45,e6,06,90,62,08,75,fc,2f,b1,87
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3a986b29-d712-476b-bb29-513cfc22a416}]
@Denied: (Full) (Everyone)
"Model"=dword:0000013c
"Therad"=dword:0000001c
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):63,3b,76,fc,3c,a2,d5,15,16,44,c5,0c,5b,50,df,25,65,09,f6,e1,69,
4f,99,d2,03,1f,d9,ab,fa,f4,92,cc,89,d6,da,6e,45,e7,33,e0,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):5d,fd,fe,fc,15,f5,53,27,27,f9,e9,ae,72,4c,cf,ce,28,95,bc,54,29,
f0,56,fd,89,5e,d8,72,2a,3c,fd,af,31,25,d5,b7,8b,9a,bf,cb,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{921db969-142d-45f7-bce3-fc41634edb8f}]
@Denied: (Full) (Everyone)
"Model"=dword:000000c1
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(260)
c:\windows\system32\msi.dll
c:\windows\system32\AcSignIcon.dll
e:\inventor2011\Bin\AcSignCore16.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\windows\ATKKBService.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2013-03-17 17:22:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-03-17 16:22
ComboFix2.txt 2013-03-15 22:01
ComboFix3.txt 2013-03-14 22:03
.
Před spuštěním: Volných bajtů: 73 381 965 824
Po spuštění: Volných bajtů: 73 487 704 064
.
- - End Of File - - A5A09834946824AC7B51C418F545AA83

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopíárujte do něj:

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Regnull::
[HKEY_USERS\S-1-5-21-606747145-1500820517-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-606747145-1500820517-839522115-1003\Software\SecuROM\License information*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3a986b29-d712-476b-bb29-513cfc22a416}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{921db969-142d-45f7-bce3-fc41634edb8f}]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přezáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[Larsnip]

Tak snad už to bude konečná
zde je ještě log:

ComboFix 13-03-17.01 - Romča 17.03.2013 20:42:54.6.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1338 [GMT 1:00]
Spuštěný z: c:\documents and settings\Romča\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Romča\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-17 do 2013-03-17 )))))))))))))))))))))))))))))))
.
.
2013-03-17 19:53 . 2013-03-17 19:53 9310 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2013-03-17 19:53 . 2013-03-17 19:53 8646 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2013-03-17 19:53 . 2013-03-17 19:53 8613 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2013-03-17 19:53 . 2013-03-17 19:53 6429 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2013-03-17 19:53 . 2013-03-17 19:53 63115 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2013-03-17 19:53 . 2013-03-17 19:53 5927 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2013-03-17 19:53 . 2013-03-17 19:53 4599 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2013-03-17 19:53 . 2013-03-17 19:53 1651 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2013-03-17 19:53 . 2013-03-17 19:53 8288 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2013-03-17 19:53 . 2013-03-17 19:53 6910 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2013-03-17 19:53 . 2013-03-17 19:53 6208 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2013-03-17 19:53 . 2013-03-17 19:53 18541 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2013-03-17 19:52 . 2013-03-17 19:52 51852 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2013-03-17 19:52 . 2013-03-17 19:52 8782 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2013-03-17 19:52 . 2013-03-17 19:52 7271 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2013-03-17 19:52 . 2013-03-17 19:52 23327 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2013-03-17 19:52 . 2013-03-17 19:52 20719 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2013-03-07 20:17 . 2013-03-07 20:17 -------- d-----w- c:\documents and settings\Romča\Data aplikací\MyPhoneExplorer
2013-03-07 20:17 . 2013-03-07 20:17 -------- d-----w- c:\program files\MyPhoneExplorer
2013-03-06 19:07 . 2013-03-06 19:08 -------- d-----w- c:\program files\Windows Mobile Developer Power Toys
2013-03-06 19:05 . 2013-03-06 19:05 -------- d-----w- c:\program files\Microsoft ActiveSync
2013-03-01 21:36 . 2013-03-01 21:36 -------- d-----w- c:\documents and settings\LocalService\Plocha
2013-03-01 21:36 . 2013-03-01 21:36 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2013-02-21 22:43 . 2013-02-21 22:43 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-16 21:32 . 2008-11-25 20:21 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2013-03-16 20:48 . 2008-11-26 19:47 139048 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-03-16 20:48 . 2009-03-24 20:29 282296 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-03-16 20:48 . 2008-11-26 19:47 282296 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-03-12 18:22 . 2012-06-09 16:18 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-12 18:22 . 2011-09-27 21:37 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 21:23 . 2008-11-26 19:47 282296 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-03-08 18:35 . 2013-03-08 18:34 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-04-17 196608]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-09-23 15512424]
"NvMediaCenter"="NvMCTray.dll" [2012-09-23 108392]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-09-23 1634112]
"RivaTunerStartupDaemon"="i:\rivatuner v2.11\RivaTuner v2.23\RivaTuner.exe" [2009-02-15 2777088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Romča\Nabídka Start\Programy\Po spuštění\
SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2012-9-12 4679672]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AutorunsDisabled
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [N/A]
GamersFirst LIVE!.lnk - c:\program files\GamersFirst\LIVE!\Live.exe [N/A]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [N/A]
Rychlé spuštění aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 15:50 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2009-07-16 20:42 2799024 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-12-10 16:29 2254768 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ASUS\\GamerOSD\\GamerOSD.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Games\\Crysis\\Bin32\\Crysis.exe"=
"e:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"e:\\Games\\Activision\\Call of Duty 4\\iw3mp.exe"=
"e:\\Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"e:\\left 4 death\\Left.4.Dead.Full-Rip.Up.By.0wn3R\\Left 4 Dead\\left4dead.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"e:\\Games\\Prototype\\prototypef.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"e:\\Games\\ArmA 2 Free\\Bohemia Interactive\\arma2free.exe"=
"e:\\Games\\Batman Arkham Asylum\\Binaries\\ShippingPC-BmGame.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"i:\\Games\\BioShock 2\\SP\\Builds\\Binaries\\Bioshock2.exe"=
"i:\\Games\\BioShock 2\\MP\\Builds\\Binaries\\Bioshock2.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9495:TCP"= 9495:TCP:BitComet 9495 TCP
"9495:UDP"= 9495:UDP:BitComet 9495 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"58511:TCP"= 58511:TCP:Pando Media Booster
"58511:UDP"= 58511:UDP:Pando Media Booster
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2.10.2012 23:14 161640]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.11.2008 20:21 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12.7.2011 14:57 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [26.11.2008 16:06 361032]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 6:51 277736]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26.11.2008 16:06 21256]
R2 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [13.10.2010 19:51 1677096]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [10.12.2012 17:29 1435568]
R2 mitsijm2011;Správce úloh aplikace Autodesk Moldflow Inventor Tool Suite Integration 2011;e:\inventor2011\Moldflow\bin\mitsijm.exe [23.1.2010 7:12 462336]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [29.12.2012 20:53 3560800]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [6.2.2009 19:42 47360]
S3 CamSpaceBus;CamSpace Virtual Joystick Bus device driver;c:\windows\system32\drivers\CamSpaceBus.sys [24.8.2008 12:55 14848]
S3 CamSpaceJoy;CamSpace Virtual Joystick device driver;c:\windows\system32\drivers\CamSpaceJoy.sys [24.8.2008 12:55 30464]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Classic\safedrv.sys --> c:\program files\Garena Classic\safedrv.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe" --> c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [?]
S3 PAC207;i-Look 110;c:\windows\system32\DRIVERS\PFC027.SYS --> c:\windows\system32\DRIVERS\PFC027.SYS [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-03-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 18:22]
.
2013-03-17 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-15 22:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Romča\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Romča\Data aplikací\Mozilla\Firefox\Profiles\7d9b3rxb.default\
FF - prefs.js: browser.startup.homepage - stahuj.cz
FF - ExtSQL: 2013-03-14 16:53; firefox@mega.co.nz; c:\documents and settings\Romča\Data aplikací\Mozilla\Firefox\Profiles\7d9b3rxb.default\extensions\firefox@mega.co.nz.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-17 20:53
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3488)
c:\windows\system32\msi.dll
c:\windows\system32\AcSignIcon.dll
e:\inventor2011\Bin\AcSignCore16.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\ATKKBService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2013-03-17 20:55:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-03-17 19:55
ComboFix2.txt 2013-03-17 16:22
ComboFix3.txt 2013-03-15 22:01
ComboFix4.txt 2013-03-14 22:03
.
Před spuštěním: Volných bajtů: 73 492 500 480
Po spuštění: Volných bajtů: 73 474 232 320
.
- - End Of File - - F78F895EB894F992CEA2057E404F2E1A

[Rudy]

Log je již OK.

[Larsnip]

Ještě jednou děkuji za pomoc

[Rudy]

Nemáte zač!