Váš počítač byl zablokován + ovladače

[Jenda66]

Zdravím,
omlouvám se, že Vás ruším, ale dostal jsem se do pěkné kaše. Dneska se mi podařilo prokliknout na stránku, kde Avast zahlásil trojský kůň, a okamžik na to jsem měl počítač zablokován Policií ČR. Vir jsem smazal z nouzového režimu pomocí roguekiller. Nyní už se tedy dostanu do Windows XP normální cestou, ale problém je v tom, že nejde zvuk, síťové připojení vůbec nereaguje (všechna jsou pryč), avast odmítá naskočit do normálního režimu a je stále vypnutý. Celkově mi připadá, že mi chybí ovladače, ale jistý si tím vůbec nejsem. Po čištění aplikací roguekiller jsem použil pouze CCleaner na vyčištění registrů. Zasílám log z RSIT a budu doufat, že to nějak půjde opravit. Děkuji Vám!

Logfile of random's system information tool 1.09 (written by random/random)
Run by Jenda at 2013-03-14 19:19:30
WIN_XP Service Pack 3
System drive E: has 330 GB (69%) free of 476 GB
Total RAM: 3036 MB (88% free)

HijackThis download failed

======Scheduled tasks folder======

E:\WINDOWS\tasks\avast! Emergency Update.job

=========Mozilla firefox=========

ProfilePath - E:\Documents and Settings\Jenda\Data aplikací\Mozilla\Firefox\Profiles\280igl9w.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, illimitux@illimitux.net:4.0, {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"

"{20a82645-c095-46ed-80e3-08825760534b}"=E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=E:\Program Files\Alwil Software\Avast5\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.135 Plugin
"Path"=E:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=E:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.4.0]
"Description"=
"Path"=E:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=E:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=e:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=E:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=E:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=E:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=E:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=E:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=E:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

E:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

E:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

E:\Program Files\Mozilla Firefox\plugins\
exeImagine.IMD
npImagine.dll
nppdf32.dll

E:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

E:\Documents and Settings\Jenda\Data aplikací\Mozilla\Firefox\Profiles\280igl9w.default\extensions\
illimitux@illimitux.net
{20a82645-c095-46ed-80e3-08825760534b}
{32a1fd71-835e-4b11-8e54-886fda0b4c89}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - E:\Program Files\CommonFiles\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - E:\Program Files\Java\jre7\bin\ssv.dll [2012-05-09 453064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - E:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-10-30 1227736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - E:\Program Files\CommonFiles\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - E:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-05-09 157640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - E:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-10-30 1227736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"=E:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2009-03-10 506936]
"SoundMAXPnP"=E:\Program Files\Analog Devices\Core\smax4pnp.exe [2009-01-16 1044480]
"Samsung PanelMgr"=E:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2011-07-06 688128]
"QlbCtrl.exe"=E:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2010-02-25 287800]
"MSConfig"=E:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2008-04-14 171008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=E:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
E:\Program Files\CommonFiles\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]
E:\Program Files\Alwil Software\Avast5\avastUI.exe [2012-10-30 4297136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^Jenda^Nabídka Start^Programy^Po spuštění^runctf.lnk]
e:\docume~1\jenda\3160316.dll [2013-03-14 151552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
E:\WINDOWS\system32\Ati2evxx.dll [2009-02-03 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\wpdshserviceobj.dll [2008-08-08 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=E:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Program Files\QIP\qip.exe"="E:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"E:\Program Files\Opera\opera.exe"="E:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"E:\WINDOWS\system32\dplaysvr.exe"="E:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"E:\Program Files\TmNationsForever\TmForever.exe"="E:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"E:\Program Files\uTorrent\uTorrent.exe"="E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"E:\Program Files\Samsung\Samsung Universal Scan Driver\USDAgent.exe"="E:\Program Files\Samsung\Samsung Universal Scan Driver\USDAgent.exe:*:Enabled:USDAgent"
"E:\Program Files\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe"="E:\Program Files\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe:*:Enabled:ICCUpdater"
"E:\Documents and Settings\Jenda\Plocha\Games\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe"="E:\Documents and Settings\Jenda\Plocha\Games\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"E:\Documents and Settings\Jenda\Plocha\Games\Microsoft Games\Age of Empires II\empires2.exe"="E:\Documents and Settings\Jenda\Plocha\Games\Microsoft Games\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II"
"E:\Program Files\Valve\hl.exe"="E:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"E:\Program Files\EA Sports\NHL 09\nhl2009.exe"="E:\Program Files\EA Sports\NHL 09\nhl2009.exe:*:Enabled:nhl2009"
"E:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="E:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"E:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="E:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"E:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="E:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"E:\Documents and Settings\Jenda\Local Settings\Data aplikací\Microsoft\Age of Empires Online\Spartan.exe"="E:\Documents and Settings\Jenda\Local Settings\Data aplikací\Microsoft\Age of Empires Online\Spartan.exe:*:Enabled:Age of Empires Online"
"E:\Program Files\Ubisoft\IL-2 Sturmovik 1946\il2fb.exe"="E:\Program Files\Ubisoft\IL-2 Sturmovik 1946\il2fb.exe:*:Enabled:il2fb"
"E:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe"="E:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine"
"E:\Documents and Settings\Jenda\Plocha\COD 2\CoD2MP_s.exe"="E:\Documents and Settings\Jenda\Plocha\COD 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"E:\Documents and Settings\Jenda\Plocha\Games\COD 2\CoD2MP_s.exe"="E:\Documents and Settings\Jenda\Plocha\Games\COD 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"E:\Documents and Settings\Jenda\Plocha\Data\COD 2\CoD2MP_s.exe"="E:\Documents and Settings\Jenda\Plocha\Data\COD 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"E:\WINDOWS\system32\javaw.exe"="E:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"E:\Program Files\SAS\SAS Learning Edition 4.1\sas.exe"="E:\Program Files\SAS\SAS Learning Edition 4.1\sas.exe:*:Enabled:SAS 9.1 for Windows"
"E:\Documents and Settings\Jenda\Plocha\rollcage\Rollcage\Direct3D\Rollcage.exe"="E:\Documents and Settings\Jenda\Plocha\rollcage\Rollcage\Direct3D\Rollcage.exe:*:Enabled:Rollcage Main Game Executable"
"E:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe"="E:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=E:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=E:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux2"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll

======List of files/folders created in the last 1 month======

2013-03-14 19:19:30 ----D---- E:\Program Files\trend micro
2013-03-14 18:25:22 ----A---- E:\Documents and Settings\All Users\Data aplikací\6130613.js
2013-03-14 17:46:10 ----A---- E:\WINDOWS\ntbtlog.txt
2013-03-09 11:57:10 ----D---- E:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2013-03-14 19:19:30 ----RD---- E:\Program Files
2013-03-14 19:17:48 ----A---- E:\WINDOWS\NeroDigital.ini
2013-03-14 19:10:39 ----A---- E:\WINDOWS\win.ini
2013-03-14 19:10:39 ----A---- E:\WINDOWS\system.ini
2013-03-14 19:09:08 ----A---- E:\Documents and Settings\All Users\Data aplikací\HPWALog.txt
2013-03-14 18:56:39 ----D---- E:\WINDOWS\pss
2013-03-14 18:47:47 ----D---- E:\WINDOWS\system32\drivers
2013-03-14 18:14:21 ----D---- E:\WINDOWS\temp
2013-03-14 18:14:18 ----D---- E:\WINDOWS\system32\ias
2013-03-14 18:05:13 ----A---- E:\WINDOWS\SchedLgU.Txt
2013-03-14 17:46:10 ----D---- E:\WINDOWS
2013-03-14 17:35:21 ----D---- E:\WINDOWS\Prefetch
2013-03-13 15:32:47 ----D---- E:\WINDOWS\system32
2013-03-11 00:47:44 ----D---- E:\WINDOWS\system32\CatRoot2
2013-03-10 21:27:50 ----A---- E:\WINDOWS\system32\PerfStringBackup.INI
2013-03-09 14:43:11 ----D---- E:\Program Files\Mozilla Maintenance Service
2013-03-06 21:51:25 ----D---- E:\Documents and Settings\Jenda\Data aplikací\uTorrent

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; E:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-04-27 45648]
R0 SFAUDIO;Sonic Focus DSP Driver; E:\WINDOWS\system32\drivers\sfaudio.sys [2008-03-28 24064]
R0 sptd;sptd; E:\WINDOWS\System32\Drivers\sptd.sys [2010-08-14 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; E:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; E:\WINDOWS\system32\drivers\Aavmker4.sys [2012-10-30 25256]
R1 aswRdr;aswRdr; E:\WINDOWS\system32\drivers\aswRdr.sys [2012-10-30 35928]
R1 aswSnx;aswSnx; E:\WINDOWS\system32\drivers\aswSnx.sys [2012-10-30 738504]
R1 aswSP;aswSP; E:\WINDOWS\system32\drivers\aswSP.sys [2012-10-30 361032]
R1 aswTdi;avast! Network Shield Support; E:\WINDOWS\system32\drivers\aswTdi.sys [2012-10-30 54232]
R1 intelppm;Řadič procesoru Intel; E:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; E:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; E:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswFsBlk;aswFsBlk; E:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-10-30 21256]
R2 aswMon2;avast! Standard Shield Support; E:\WINDOWS\system32\drivers\aswMon2.sys [2012-10-30 97608]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; E:\WINDOWS\system32\drivers\ADIHdAud.sys [2009-01-16 339456]
R3 AEAudio;AE Audio Service; E:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 AgereSoftModem;Agere Systems Soft Modem; E:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-10-29 1204128]
R3 ati2mtag;ati2mtag; E:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-04 3488768]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; E:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-04-01 93184]
R3 BTDriver;Ovladač virtuálních komunikací Bluetooth; E:\WINDOWS\system32\DRIVERS\btport.sys [2009-01-14 37160]
R3 BTKRNL;Enumenátor sběrnice Bluetooth; E:\WINDOWS\system32\DRIVERS\btkrnl.sys [2009-01-14 991656]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; E:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; E:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HpqKbFiltr;HpqKbFilter Driver; E:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2010-02-25 16768]
R3 mouhid;Ovladač myši standardu HID; E:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; E:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; E:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; E:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; E:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; E:\WINDOWS\system32\DRIVERS\yk51x86.sys [2012-01-25 299424]
S1 kbdhid;Ovladač klávesnice standardu HID; E:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 DgiVecp;DgiVecp; \??\E:\WINDOWS\system32\Drivers\DgiVecp.sys []
S2 SSPORT;SSPORT; \??\E:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; E:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-08-26 1735296]
S3 btaudio;Zvukové zařízení Bluetooth; E:\WINDOWS\system32\drivers\btaudio.sys [2009-01-14 534568]
S3 BTWDNDIS;Server pro přístup k síti LAN Bluetooth; E:\WINDOWS\system32\DRIVERS\btwdndis.sys [2009-01-14 156816]
S3 btwhid;btwhid; E:\WINDOWS\system32\DRIVERS\btwhid.sys [2009-01-14 57384]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; E:\WINDOWS\System32\Drivers\btwusb.sys [2009-01-14 47272]
S3 catchme;catchme; \??\E:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; E:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 hamachi;Hamachi Network Interface; E:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\E:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\E:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\E:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\E:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\E:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\E:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; E:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; E:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; E:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; E:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; E:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; E:\WINDOWS\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; E:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; E:\WINDOWS\system32\DRIVERS\pccsmcfd.sys []
S3 SLIP;BDA Slip De-Framer; E:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; E:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 upperdev;upperdev; E:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usb_rndisx;Adaptér USB RNDIS; E:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; E:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; E:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; E:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; E:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; E:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 usbvideo;Zobrazovací zařízení USB (WDM); E:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WinUSB;Sony sa0102 ADB Interface; E:\WINDOWS\system32\DRIVERS\WinUSB.sys [2009-07-13 34944]
S3 WpdUsb;WpdUsb; E:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-08-08 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; E:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; E:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S4 AgereModemAudio;Agere Modem Call Progress Audio; E:\Program Files\LSI SoftModem\agrsmsvc.exe [2008-08-26 14336]
S4 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S4 Ati HotKey Poller;Ati HotKey Poller; E:\WINDOWS\system32\Ati2evxx.exe [2009-02-03 602112]
S4 avast! Antivirus;avast! Antivirus; E:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-10-30 44808]
S4 btwdins;Bluetooth Service; E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-12-11 346720]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S4 Com4QLBEx;Com4QLBEx; E:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S4 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; e:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S4 hpqwmiex;hpqwmiex; E:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
S4 idsvc;Windows CardSpace; e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; E:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S4 MozillaMaintenance;Mozilla Maintenance Service; E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-03-09 115608]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 ose;Office Source Engine; E:\Program Files\CommonFiles\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S4 osppsvc;Office Software Protection Platform; E:\Program Files\CommonFiles\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S4 PnkBstrA;PnkBstrA; E:\WINDOWS\system32\PnkBstrA.exe [2010-04-25 75064]
S4 wlidsvc;Windows Live ID Sign-in Assistant; E:\Program Files\CommonFiles\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S4 WMPNetworkSvc;Služba Windows Media Player Network Sharing; E:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; E:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

[Rudy]

Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

[Jenda66]

Přikládám log z ComboFixu.

ComboFix 13-03-14.02 - Jenda 14.03.2013 19:33:26.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3036.2540 [GMT 1:00]
Spuštěný z: e:\documents and settings\Jenda\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\documents and settings\Jenda\3160316.dll
e:\program files\lol
e:\program files\lol\League of Legends\0x0409.ini
e:\program files\lol\League of Legends\0x0415.ini
e:\program files\lol\League of Legends\0x0418.ini
e:\program files\lol\League of Legends\data1.cab
e:\program files\lol\League of Legends\data1.hdr
e:\program files\lol\League of Legends\data2.cab
e:\program files\lol\League of Legends\ISSetup.dll
e:\program files\lol\League of Legends\layout.bin
e:\program files\lol\League of Legends\setup.exe
e:\program files\lol\League of Legends\setup.ini
e:\program files\lol\League of Legends\setup.inx
e:\program files\lol\League of Legends\setup.isn
e:\windows\EventSystem.log
e:\windows\system32\URTTemp
e:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-14 do 2013-03-14 )))))))))))))))))))))))))))))))
.
.
2013-03-14 18:19 . 2013-03-14 18:19 -------- d-----w- e:\program files\trend micro
2013-03-14 17:25 . 2013-03-14 17:25 2802 ----a-w- e:\documents and settings\All Users\Data aplikací\6130613.js
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-05 18:33 . 2012-09-21 16:42 697272 ----a-w- e:\windows\system32\FlashPlayerApp.exe
2013-01-05 18:33 . 2011-10-04 15:54 73656 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2005-03-31 20:17 . 2009-09-30 18:22 40960 ----a-w- e:\program files\Uninstall_CDS.exe
2013-03-09 10:57 . 2013-03-09 10:57 263064 ----a-w- e:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-08-08 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . e:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- e:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="e:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-03-10 506936]
"SoundMAXPnP"="e:\program files\Analog Devices\Core\smax4pnp.exe" [2009-01-16 1044480]
"Samsung PanelMgr"="e:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128]
"QlbCtrl.exe"="e:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\E:^Documents and Settings^Jenda^Nabídka Start^Programy^Po spuštění^runctf.lnk]
path=e:\documents and settings\Jenda\Nabídka Start\Programy\Po spuštění\runctf.lnk
backup=e:\windows\pss\runctf.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-23 19:43 926896 ----a-w- e:\program files\commonfiles\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]
2012-10-30 22:50 4297136 ----a-w- e:\program files\Alwil Software\Avast5\AvastUI.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\QIP\\qip.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"e:\\WINDOWS\\system32\\dplaysvr.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\Samsung\\Samsung Universal Scan Driver\\USDAgent.exe"=
"e:\\Program Files\\Samsung\\Samsung Universal Scan Driver\\ICCUpdater.exe"=
"e:\\Documents and Settings\\Jenda\\Plocha\\Games\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"e:\\Documents and Settings\\Jenda\\Plocha\\Games\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"e:\\Program Files\\Valve\\hl.exe"=
"e:\\Program Files\\EA Sports\\NHL 09\\nhl2009.exe"=
"e:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"e:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"e:\\WINDOWS\\system32\\javaw.exe"=
"e:\\Program Files\\SAS\\SAS Learning Edition 4.1\\sas.exe"=
"e:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57828:TCP"= 57828:TCP:Pando Media Booster
"57828:UDP"= 57828:UDP:Pando Media Booster
.
R0 SFAUDIO;Sonic Focus DSP Driver;e:\windows\system32\drivers\sfaudio.sys [28.3.2008 10:14 24064]
R0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [19.9.2009 19:10 691696]
R1 aswSnx;aswSnx;e:\windows\system32\drivers\aswSnx.sys [24.6.2011 9:57 738504]
R1 aswSP;aswSP;e:\windows\system32\drivers\aswSP.sys [25.8.2009 12:48 361032]
R2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [25.8.2009 12:48 21256]
S2 SSPORT;SSPORT;\??\e:\windows\system32\Drivers\SSPORT.sys --> e:\windows\system32\Drivers\SSPORT.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;e:\windows\system32\drivers\nmwcdnsu.sys [13.6.2010 15:52 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;e:\windows\system32\drivers\nmwcdnsuc.sys [13.6.2010 15:52 8320]
S4 Com4QLBEx;Com4QLBEx;e:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [21.9.2011 22:15 227896]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-03-14 e:\windows\Tasks\avast! Emergency Update.job
- e:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-09 22:50]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - e:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat do zařízení &Bluetooth... - e:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - e:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - e:\documents and settings\Jenda\Data aplikací\Mozilla\Firefox\Profiles\280igl9w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: !HIDDEN! 2009-09-01 17:09; {20a82645-c095-46ed-80e3-08825760534b}; e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-14 19:38
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(732)
e:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2013-03-14 19:40:18
ComboFix-quarantined-files.txt 2013-03-14 18:40
ComboFix2.txt 2012-10-16 08:12
ComboFix3.txt 2012-10-14 18:41
.
Před spuštěním: Volných bajtů: 345 838 366 720
Po spuštění: Volných bajtů: 345 817 108 480
.
- - End Of File - - 7D5DF041259210C89FBC79D71A6B1AF9

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57828:TCP"=-
"57828:UDP"=-

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[Jenda66]

Teď nevím, zda se udělalo, co se udělat mělo. Přišlo mi, že CF jel znova jako před tím. Nicméně pořád nejde zvuk a zbytek věcí. Avast se chová celkově strašně divně. Nejdou mu vypnout štíty a ani není dole na liště. Zkusil jsem ho odinstalovat a potom ho přeinstaluji. Při zabíjení viru roguekillerem jsem také vracel Windows do poslední známé funkční konfigurace. Je možné, aby to mělo nějaký vliv na zvuk a ovladače síťové karty? Mám je zkusit znovu nainstalovat? Přikládám log z CF.

ComboFix 13-03-14.02 - Jenda 14.03.2013 20:44:31.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3036.2604 [GMT 1:00]
Spuštěný z: e:\documents and settings\Jenda\Plocha\ComboFix.exe
Použité ovládací přepínače :: e:\documents and settings\Jenda\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-02-14 do 2013-03-14 )))))))))))))))))))))))))))))))
.
.
2013-03-14 18:19 . 2013-03-14 18:19 -------- d-----w- e:\program files\trend micro
2013-03-14 17:25 . 2013-03-14 17:25 2802 ----a-w- e:\documents and settings\All Users\Data aplikací\6130613.js
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-05 18:33 . 2012-09-21 16:42 697272 ----a-w- e:\windows\system32\FlashPlayerApp.exe
2013-01-05 18:33 . 2011-10-04 15:54 73656 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2005-03-31 20:17 . 2009-09-30 18:22 40960 ----a-w- e:\program files\Uninstall_CDS.exe
2013-03-09 10:57 . 2013-03-09 10:57 263064 ----a-w- e:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-08-08 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . e:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="e:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="e:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-03-10 506936]
"SoundMAXPnP"="e:\program files\Analog Devices\Core\smax4pnp.exe" [2009-01-16 1044480]
"Samsung PanelMgr"="e:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128]
"QlbCtrl.exe"="e:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\E:^Documents and Settings^Jenda^Nabídka Start^Programy^Po spuštění^runctf.lnk]
path=e:\documents and settings\Jenda\Nabídka Start\Programy\Po spuštění\runctf.lnk
backup=e:\windows\pss\runctf.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-23 19:43 926896 ----a-w- e:\program files\commonfiles\Adobe\ARM\1.0\AdobeARM.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\QIP\\qip.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"e:\\WINDOWS\\system32\\dplaysvr.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\Samsung\\Samsung Universal Scan Driver\\USDAgent.exe"=
"e:\\Program Files\\Samsung\\Samsung Universal Scan Driver\\ICCUpdater.exe"=
"e:\\Documents and Settings\\Jenda\\Plocha\\Games\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"e:\\Documents and Settings\\Jenda\\Plocha\\Games\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"e:\\Program Files\\Valve\\hl.exe"=
"e:\\Program Files\\EA Sports\\NHL 09\\nhl2009.exe"=
"e:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"e:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"e:\\WINDOWS\\system32\\javaw.exe"=
"e:\\Program Files\\SAS\\SAS Learning Edition 4.1\\sas.exe"=
"e:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
.
R0 SFAUDIO;Sonic Focus DSP Driver;e:\windows\system32\drivers\sfaudio.sys [28.3.2008 10:14 24064]
R0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [19.9.2009 19:10 691696]
S2 SSPORT;SSPORT;\??\e:\windows\system32\Drivers\SSPORT.sys --> e:\windows\system32\Drivers\SSPORT.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;e:\windows\system32\drivers\nmwcdnsu.sys [13.6.2010 15:52 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;e:\windows\system32\drivers\nmwcdnsuc.sys [13.6.2010 15:52 8320]
S4 Com4QLBEx;Com4QLBEx;e:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [21.9.2011 22:15 227896]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - e:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat do zařízení &Bluetooth... - e:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - e:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - e:\documents and settings\Jenda\Data aplikací\Mozilla\Firefox\Profiles\280igl9w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: !HIDDEN! 2009-09-01 17:09; {20a82645-c095-46ed-80e3-08825760534b}; e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-avast - e:\program files\Alwil Software\Avast5\avastUI.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-14 20:51
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
e:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(932)
e:\progra~1\COMMON~2\MICROS~1\OFFICE14\Cultures\office.odf
e:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
e:\windows\system32\msimtf.dll
e:\windows\system32\wpdshserviceobj.dll
e:\windows\system32\btncopy.dll
e:\windows\system32\portabledevicetypes.dll
e:\windows\system32\portabledeviceapi.dll
.
Celkový čas: 2013-03-14 20:54:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-03-14 19:53
ComboFix2.txt 2013-03-14 18:40
ComboFix3.txt 2012-10-16 08:12
ComboFix4.txt 2012-10-14 18:41
.
Před spuštěním: Volných bajtů: 345 915 125 760
Po spuštění: Volných bajtů: 345 898 151 936
.
- - End Of File - - 4DF164255CB92A1A1EE23D3619646DEC

[Jenda66]

Tak ve správci zařízení nemám ani jedno zařízení. Programy nejdou odinstalovat, protože to píše nějakou hlášku, že to lze pouze v nouzovém režimu. Obávám se, že mě čeká kompletní reinstalace systému.

[Rudy]

Zkuste ještě jeden restart.

[Jenda66]

Bohužel. Zase nic. Nevadí, už zálohuju a bude to lepší kompletně přeinstalovat. Přece jen ten systém běží skoro 4 roky, tak tohle mu jen prospěje. Příště si holt musím dávat bacha. Asi už Vás nenapadne žádný důvod, čím by to mohlo být, že? Přesto Vám moc děkuji za snahu!

[Rudy]

Zkusil bych před kompletním reinstalem ještě opravu systému z instal. média. Zřejmě ten vir něco v systému pohrábl.

[Jenda66]

Tak jsem narazil na problém. Jelikož mi nejde CD mechanika, tak musím všechno řešit přes usb. Proto jsem pomocí programu Wintoflash přenesl windows z CD na flashdisk, ale nevím, jak z něj mám spustit tu opravu systému. Bohužel mi nejde ani nabootovat flash disk přes bios. Neměl byste ještě nějakou radu?

[Rudy]

V biosu musíte povolit bootování z dalších zařízení. Uložte a po restartu byste měl mít v nabídce možnost bootovat z USB.

[Jenda66]

To vše mám povolené. Bohužel když dám boot menu, tak vidím pouze optical disk drive, notebook hard drive, notebook ethernet a boot from efi file. S tím že jsem dal floppy USB na nejvyšší příčku v boot order.

[Rudy]

Pokud je možné bootovat z USB a bootovat při tom nelze, pak hledejte problém na USB. Možná není bootovatelný.