Při sputění windowsu, seklá lišta

[Zlocenkova]

Dobré ráno.
Předevčírem večer sem vlezla na nějakou stránku a hned mi antivir hlásil že viry byli přesunuty do truhly, kde sem je vymazala a provedla pro jistotu úplný test systému.
Ráno jsem ho zapla, naběhlo to, ale byla seklá lišta, nešlo jít do startu a nic s tim dělat.
Přibližně do 10minut to naběhlo, začali naskakovat ikonky a vše šlo v pořádku.
Spustila jsem Malwarebytes' Anti-Malware
kde mi to našlo dalších 9virů ,,fake trojan" které sem hned tedy vymazala.
Ale po restartnutí PC se to stále opakuje. Lišta je seklá a naběhne přibližně do 10min.
Už si nevim rady, proto budu vděčná za jakoukoliv pomoc.
Předem děkuji za odpověď.

[stell]

Zdravim,,

Stiahnes>>RSIT >>logy vloz sem,

[Zlocenkova]

Logfile of random's system information tool 1.06 (written by random/random)
Run by David at 2010-04-14 09:47:14
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 22 GB (29%) free of 76 GB
Total RAM: 1023 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:47:19, on 14.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\Cyberlink\Shared files\brs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\David\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\David.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe
O4 - HKCU\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ICQ] ~"C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe
O4 - Startup: Registration THE SETTLERS - Dědictví králů.LNK = ?
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 8802 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll [2010-01-28 671480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-05 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-05-14 67072]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-07 57344]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2008-12-02 111928]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-03-09 2769336]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-02-15 417792]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-03-05 1135912]
"RemoteControl10"=C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [2010-02-03 87336]
"BDRegion"=C:\Program Files\Cyberlink\Shared files\brs.exe [2010-03-13 75048]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitComet"=C:\Program Files\BitComet\BitComet.exe [2010-03-25 3059448]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-02-22 26101032]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"ICQ"=~C:\Program Files\ICQ6.5\ICQ.exe silent []

C:\Documents and Settings\David\Nabídka Start\Programy\Po spuštění
Registration Heroes of Might & Magic 5.LNK - C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe
Registration THE SETTLERS - Dědictví králů.LNK - C:\Program Files\Ubisoft\Blue Byte\THE SETTLERS - Dědictví králů\Support\Register\RegistrationReminder.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat"="C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat"="C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:*:Enabled:The Lord of the Rings, The Rise of the Witch-king"
"C:\Program Files\Microsoft Games\Age of Empires II\empires2.EXE"="C:\Program Files\Microsoft Games\Age of Empires II\empires2.EXE:*:Enabled:Age of Empires II"
"C:\Documents and Settings\David\Plocha\wow-enus-tbc-downloader.exe"="C:\Documents and Settings\David\Plocha\wow-enus-tbc-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\THQ\Dawn Of War\W40k.exe"="C:\Program Files\THQ\Dawn Of War\W40k.exe:*:Enabled:W40k"
"C:\Program Files\THQ\Dawn Of War\W40kWA.exe"="C:\Program Files\THQ\Dawn Of War\W40kWA.exe:*:Enabled:W40kWA"
"C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe"="C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade"
"C:\Program Files\Warcraft III\War3.exe"="C:\Program Files\Warcraft III\War3.exe:*:Enabled:Warcraft III"
"C:\Program Files\Midway Games\Rise and Fall\RiseAndFall.exe"="C:\Program Files\Midway Games\Rise and Fall\RiseAndFall.exe:*:Enabled:Rise and Fall: Civilizations at War"
"C:\Program Files\Metin2_TESTER\metin2.bin"="C:\Program Files\Metin2_TESTER\metin2.bin:*:Enabled:metin2"
"C:\Documents and Settings\David\Plocha\World of Warcraft\Launcher.exe"="C:\Documents and Settings\David\Plocha\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Documents and Settings\David\Plocha\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"="C:\Documents and Settings\David\Plocha\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\David\Plocha\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"="C:\Documents and Settings\David\Plocha\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Documents and Settings\David\Plocha\wowclient-downloader.exe"="C:\Documents and Settings\David\Plocha\wowclient-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe"="C:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe:*:Enabled:BattlefrontII"
"C:\Program Files\Electronic Arts\Armády Exiga\Exigo2213.exe"="C:\Program Files\Electronic Arts\Armády Exiga\Exigo2213.exe:*:Enabled:Armies of Exigo"
"C:\Documents and Settings\David\Plocha\Star Wars Jedi Knight Jedi Academy\Star Wars Jedi Knight Jedi Academy\GameData\jampDed.exe"="C:\Documents and Settings\David\Plocha\Star Wars Jedi Knight Jedi Academy\Star Wars Jedi Knight Jedi Academy\GameData\jampDed.exe:*:Enabled:Jedi Academy MP Dedicated Server"
"C:\Documents and Settings\David\Plocha\Star Wars Jedi Knight Jedi Academy\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe"="C:\Documents and Settings\David\Plocha\Star Wars Jedi Knight Jedi Academy\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"C:\Program Files\Ubisoft\Blue Byte\THE SETTLERS - Dedičstvo kráľov\bin\settlershok221.exe"="C:\Program Files\Ubisoft\Blue Byte\THE SETTLERS - Dedičstvo kráľov\bin\settlershok221.exe:*:Enabled:THE SETTLERS - Heritage of Kings"
"C:\Program Files\Blue Byte\Settlers IV\Exe\S4_Main.exe"="C:\Program Files\Blue Byte\Settlers IV\Exe\S4_Main.exe:*:Enabled:S4_Main"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\World of Warcraft\WoW-3.3.2.11403-to-3.3.3.11685-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.3.2.11403-to-3.3.3.11685-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{519ff047-5692-11de-9c16-00115b59150e}]
shell\Auto\command - tel.xls.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a77d7cc2-30af-11dd-9acd-00115b59150e}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2010-04-14 08:28:19 ----A---- C:\WINDOWS\system32\wshirda.dll
2010-04-14 08:28:19 ----A---- C:\WINDOWS\system32\irmon.dll
2010-04-14 08:28:19 ----A---- C:\WINDOWS\system32\irftp.exe
2010-04-14 08:20:20 ----D---- C:\Documents and Settings\David\Data aplikací\Malwarebytes
2010-04-14 08:20:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-04-14 08:20:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-14 07:53:44 ----D---- C:\Program Files\CCleaner
2010-04-14 07:38:09 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 07:37:57 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 07:35:07 ----D---- C:\Program Files\trend micro
2010-04-14 07:35:03 ----D---- C:\rsit
2010-04-14 07:33:55 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 07:33:41 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 07:33:30 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 07:33:02 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-13 09:06:57 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-04-06 22:31:38 ----D---- C:\Program Files\EA GAMES
2010-04-05 23:53:36 ----D---- C:\Program Files\DAEMON Tools Lite
2010-04-05 23:46:54 ----D---- C:\Program Files\ICQ6.5
2010-04-05 20:19:20 ----D---- C:\Program Files\Common Files\CyberLink
2010-04-05 20:16:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Temp
2010-04-05 20:05:17 ----D---- C:\Program Files\Common Files\Skype
2010-04-05 19:58:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2010-04-05 19:49:29 ----D---- C:\Documents and Settings\David\Data aplikací\DAEMON Tools Lite
2010-03-30 00:09:16 ----D---- C:\Program Files\MagicISO
2010-03-30 00:05:48 ----D---- C:\Documents and Settings\David\Data aplikací\Software Informer
2010-03-22 23:47:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952011$
2010-03-22 11:19:33 ----D---- C:\Documents and Settings\David\Data aplikací\DivX
2010-03-22 11:18:47 ----N---- C:\WINDOWS\system32\vxblock.dll
2010-03-22 11:18:47 ----N---- C:\WINDOWS\system32\pxwave.dll
2010-03-22 11:18:47 ----N---- C:\WINDOWS\system32\pxsfs.dll
2010-03-22 11:18:47 ----N---- C:\WINDOWS\system32\pxmas.dll
2010-03-22 11:18:47 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2010-03-22 11:18:47 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2010-03-22 11:18:47 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2010-03-22 11:18:47 ----N---- C:\WINDOWS\system32\pxdrv.dll
2010-03-22 11:18:47 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2010-03-22 11:18:47 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2010-03-22 11:18:47 ----N---- C:\WINDOWS\system32\pxafs.dll
2010-03-22 11:18:46 ----N---- C:\WINDOWS\system32\px.dll
2010-03-22 11:17:55 ----D---- C:\Program Files\Common Files\DivX Shared
2010-03-22 11:16:00 ----D---- C:\Program Files\DivX
2010-03-22 11:15:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX
2010-03-22 08:49:31 ----D---- C:\Program Files\QuickTime
2010-03-22 08:49:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2010-03-22 08:48:37 ----D---- C:\Program Files\Common Files\Apple
2010-03-22 08:47:58 ----D---- C:\Program Files\Apple Software Update
2010-03-22 08:47:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple
2010-03-15 17:48:31 ----D---- C:\WINDOWS\Sun

======List of files/folders modified in the last 1 months======

2010-04-14 09:25:12 ----D---- C:\Documents and Settings\David\Data aplikací\Skype
2010-04-14 09:24:07 ----D---- C:\WINDOWS\Prefetch
2010-04-14 09:18:02 ----D---- C:\Program Files\BitComet
2010-04-14 09:12:31 ----D---- C:\WINDOWS\Temp
2010-04-14 09:10:33 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-14 09:10:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-14 08:34:55 ----RD---- C:\Program Files
2010-04-14 08:28:37 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-14 08:28:32 ----D---- C:\WINDOWS\system32\drivers
2010-04-14 08:28:29 ----D---- C:\WINDOWS\Media
2010-04-14 08:28:25 ----D---- C:\WINDOWS\system32
2010-04-14 08:03:16 ----D---- C:\WINDOWS
2010-04-14 07:49:29 ----HD---- C:\WINDOWS\inf
2010-04-14 07:38:04 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-14 07:38:01 ----A---- C:\WINDOWS\imsins.BAK
2010-04-14 07:33:19 ----D---- C:\WINDOWS\ie8updates
2010-04-14 07:29:22 ----D---- C:\Documents and Settings\David\Data aplikací\skypePM
2010-04-14 00:09:00 ----D---- C:\Program Files\World of Warcraft
2010-04-12 01:31:29 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-06 02:50:50 ----SHD---- C:\WINDOWS\Installer
2010-04-06 02:50:49 ----D---- C:\WINDOWS\WinSxS
2010-04-05 23:19:02 ----D---- C:\Downloads
2010-04-05 21:27:12 ----D---- C:\Documents and Settings\David\Data aplikací\Adobe
2010-04-05 21:27:10 ----D---- C:\Program Files\Common Files\Adobe
2010-04-05 21:26:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-04-05 21:26:06 ----D---- C:\Program Files\Adobe
2010-04-05 20:19:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\CyberLink
2010-04-05 20:19:20 ----D---- C:\Program Files\Common Files
2010-04-05 20:19:19 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-05 20:17:38 ----D---- C:\Program Files\Mozilla Firefox
2010-04-05 20:16:20 ----D---- C:\Program Files\CyberLink
2010-04-05 20:16:01 ----A---- C:\WINDOWS\system32\msxml3a.dll
2010-04-05 20:15:59 ----A---- C:\WINDOWS\system32\msvcr71.dll
2010-04-05 20:15:59 ----A---- C:\WINDOWS\system32\msvcp71.dll
2010-04-05 20:15:01 ----D---- C:\Documents and Settings\David\Data aplikací\ICQ
2010-04-05 20:06:49 ----D---- C:\Program Files\ICQ6Toolbar
2010-04-05 20:06:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2010-04-05 20:05:18 ----RD---- C:\Program Files\Skype
2010-04-05 20:05:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2010-04-05 19:46:43 ----D---- C:\Program Files\WinRAR
2010-03-31 12:06:50 ----D---- C:\Program Files\Internet Explorer
2010-03-31 12:01:53 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-30 18:26:32 ----A---- C:\WINDOWS\setuplog.txt
2010-03-30 06:34:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-30 00:47:34 ----D---- C:\Install
2010-03-22 23:47:08 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-03-09 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-03-09 162640]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-03-09 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/04/05 20:19:36]; \??\C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-03-09 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-03-09 100432]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-05-14 622172]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-03-09 23376]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IpwP;IPWireless 3G Network Adapter; C:\WINDOWS\system32\DRIVERS\ipw3gnet.sys [2008-10-10 51040]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 ar0jy7nx;ar0jy7nx; C:\WINDOWS\system32\drivers\ar0jy7nx.sys []
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-05 153376]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-02-15 66872]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2008-09-24 126976]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

[stell]

:arrow:pripoj USB-kluce- -Stiahni na plochu UsbFix
-spust>>zvol Jazyk E-[enter]
-stlac 2-[enter]>po skane log vloz sem

PROSIM CITAJTE POZORNE NAVODY!!!,

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte>>
http://download.bleepingcomputer.com/sUBs/ComboFix.exe



Suhlasit instalacio Konzoly pre zotavenie (Recovery console)


- ComboFix je třeba spustit pod účtem s právy administrátora.
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano;

A este raz >ANO<

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího modreho okna

- Po dokončení skenování, trvajícího maximálně 10-15 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah do svého threadu na forum
- Před použitím ComboFixu je treba vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. NAVOD: http://www.bleepingcomputer.com/forums/topic114351.html
Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
V případě detekce antiviru u ComboFixu se jedná o falešný poplach.

[Zlocenkova]

píše mi to
please connect all your drivers usb keys
please introduce a disk in the different cd-rom readers
please disable the read protection of your usb keys , memory cards
a pak dám ok a je tam
UsbFix will delete files and folders known to be harmful

[stell]

please connect all your drivers usb keys
please introduce a disk in the different cd-rom readers
please disable the read protection of your usb keys , memory cards

No treba spravit co pise
1:Pripoj USB KLUCE,kameru vsetko co mas cez USB

2:Treba prepnut na USB-packu .

[Zlocenkova]

Udělala sem to a píše mi to to samé.

[stell]

dobre spust combofix.

[Zlocenkova]

Nevím jestli ste po mě chtěl ten log z toho.
ComboFix 10-04-13.03 - David 14.04.2010 12:11:28.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.764 [GMT 2:00]
Spuštěný z: c:\documents and settings\David\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-14 do 2010-04-14 )))))))))))))))))))))))))))))))
.

2010-04-14 10:01 . 2010-04-14 10:00 390144 ----a-w- c:\windows\system32\CF20072.exe
2010-04-14 08:16 . 2010-04-14 08:16 17141571 ----a-w- C:\UsbFix_Upload_Me_DAVID-56D158AFA.zip
2010-04-14 07:56 . 2010-04-14 09:08 -------- d-----w- C:\UsbFix
2010-04-14 06:28 . 2001-08-17 19:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2010-04-14 06:28 . 2001-08-17 19:51 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2010-04-14 06:28 . 2008-04-14 02:22 152064 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2010-04-14 06:28 . 2008-04-14 02:22 152064 ----a-w- c:\windows\system32\irftp.exe
2010-04-14 06:28 . 2008-04-14 02:22 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-04-14 06:28 . 2008-04-14 02:22 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-04-14 06:28 . 2008-04-14 02:21 27648 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2010-04-14 06:28 . 2008-04-14 02:21 27648 ----a-w- c:\windows\system32\irmon.dll
2010-04-14 06:28 . 2008-04-13 17:54 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2010-04-14 06:28 . 2008-04-13 17:54 88192 ----a-w- c:\windows\system32\drivers\irda.sys
2010-04-14 06:28 . 2001-08-17 19:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2010-04-14 06:28 . 2001-08-17 19:51 18688 ----a-w- c:\windows\system32\drivers\irsir.sys
2010-04-14 06:20 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-14 06:20 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-14 06:20 . 2010-04-14 06:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-14 05:53 . 2010-04-14 05:53 -------- d-----w- c:\program files\CCleaner
2010-04-14 05:35 . 2010-04-14 07:47 -------- d-----w- c:\program files\trend micro
2010-04-14 05:35 . 2010-04-14 05:35 -------- d-----w- C:\rsit
2010-04-13 07:06 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-12 17:15 . 2008-04-13 17:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-04-12 17:15 . 2008-04-13 17:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-04-12 17:14 . 2008-04-13 17:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-04-12 17:14 . 2008-04-13 17:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-04-12 17:14 . 2008-04-13 17:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-04-12 17:14 . 2008-04-13 17:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-04-06 20:31 . 2010-04-06 20:31 -------- d-----w- c:\program files\EA GAMES
2010-04-05 21:53 . 2010-04-05 21:54 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-04-05 21:46 . 2010-04-05 23:46 -------- d-----w- c:\program files\ICQ6.5
2010-04-05 18:19 . 2010-04-05 18:19 -------- d-----w- c:\program files\Common Files\CyberLink
2010-04-05 18:05 . 2010-04-05 18:05 -------- d-----w- c:\program files\Common Files\Skype
2010-03-29 22:09 . 2010-04-05 18:01 -------- d-----w- c:\program files\MagicISO
2010-03-22 09:16 . 2010-03-22 09:19 -------- d-----w- c:\program files\DivX
2010-03-22 06:49 . 2010-03-22 06:50 -------- d-----w- c:\program files\QuickTime
2010-03-22 06:48 . 2010-03-22 06:48 -------- d-----w- c:\program files\Common Files\Apple
2010-03-22 06:47 . 2010-03-22 06:48 -------- d-----w- c:\program files\Apple Software Update
2010-03-15 15:48 . 2010-03-15 15:48 -------- d-----w- c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-14 09:59 . 2010-03-11 06:23 -------- d-----w- c:\program files\BitComet
2010-04-13 22:09 . 2009-08-04 15:25 -------- d-----w- c:\program files\World of Warcraft
2010-04-05 21:54 . 2008-02-24 20:27 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-05 19:27 . 2008-06-03 13:08 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-05 18:19 . 2007-12-27 14:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-05 18:16 . 2007-12-27 14:28 -------- d-----w- c:\program files\CyberLink
2010-04-05 18:16 . 2008-12-07 19:32 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-04-05 18:15 . 2007-12-27 14:12 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-04-05 18:15 . 2007-12-27 14:12 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-04-05 18:06 . 2009-09-12 13:38 -------- d-----w- c:\program files\ICQ6Toolbar
2010-04-05 18:05 . 2008-03-14 21:41 -------- d-----r- c:\program files\Skype
2010-03-30 04:34 . 2006-03-02 12:00 61958 ----a-w- c:\windows\system32\perfc005.dat
2010-03-30 04:34 . 2006-03-02 12:00 379294 ----a-w- c:\windows\system32\perfh005.dat
2010-03-22 21:47 . 2008-03-14 21:41 -------- d-----w- c:\program files\Google
2010-03-22 09:18 . 2010-03-22 09:17 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-14 19:17 . 2009-01-30 07:37 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-03-13 13:53 . 2010-03-13 13:53 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2010-03-13 12:48 . 2010-03-13 12:48 -------- d-----w- c:\program files\GameSpy Arcade
2010-03-11 08:17 . 2008-01-01 19:30 -------- d-----w- c:\program files\Common Files\Teleca Shared
2010-03-11 07:51 . 2010-03-11 07:51 -------- d-----w- c:\program files\Alwil Software
2010-03-11 06:45 . 2010-03-11 06:45 0 ----a-w- c:\windows\nsreg.dat
2010-03-10 06:17 . 2006-03-02 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 11:24 . 2010-03-11 07:51 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-09 11:24 . 2010-03-11 07:51 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2010-03-11 07:51 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2010-03-11 07:51 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2010-03-11 07:51 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2010-03-11 07:51 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2010-03-11 07:51 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2010-03-11 07:51 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2010-03-11 07:51 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-05 15:45 . 2010-03-05 15:45 -------- d-----w- c:\program files\Common Files\Java
2010-03-05 15:44 . 2010-03-05 15:44 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-05 15:44 . 2010-03-05 15:44 -------- d-----w- c:\program files\Java
2010-02-25 06:18 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2006-03-02 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-17 12:09 . 2006-03-02 12:00 2192128 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09 . 2004-08-17 15:45 2068992 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:35 . 2006-03-02 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2006-03-02 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2010-03-25 3059448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-02-22 26101032]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 67072]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-12-02 111928]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-15 417792]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-03-13 75048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.3.2.11403-to-3.3.3.11685-enUS-downloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"26606:TCP"= 26606:TCP:BitComet 26606 TCP
"26606:UDP"= 26606:UDP:BitComet 26606 UDP

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11.3.2010 9:51 162640]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/04/05 20:19];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [13.3.2010 12:58 87536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.3.2010 9:51 19024]
R3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\drivers\ipw3gnet.sys [11.3.2010 8:15 51040]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.2.2008 22:27 691696]
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
FF - ProfilePath - c:\documents and settings\David\Data aplikací\Mozilla\Firefox\Profiles\vnt1alwq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-ICQ - ~c:\program files\ICQ6.5\ICQ.exe
AddRemove-NeroMultiInstaller!UninstallKey - c:\program files\Common Files\Ahead\Uninstall\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-14 12:17
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1606980848-1647877149-1801674531-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:67,ed,0e,36,03,d1,76,c3,7d,da,9c,ef,6c,46,4e,0d,25,3d,cc,54,12,c8,3e,
58,a7,05,8b,38,4c,26,1b,be,3c,45,4a,57,06,93,db,87,45,a3,fc,f6,8a,5d,f6,3b,\
"??"=hex:06,cd,90,f2,fe,b5,aa,6c,70,f8,57,40,a5,8b,4c,9d
.
Celkový čas: 2010-04-14 12:20:09
ComboFix-quarantined-files.txt 2010-04-14 10:20

Před spuštěním: Volných bajtů: 23 151 312 896
Po spuštění: Volných bajtů: 24 614 674 432

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - C3FFAFFCE5E5489576A1C9EE934AC45E
teď to zkusím restartovat

[stell]

ok,ako je na tom pocitac??

[Zlocenkova]

Restartovala sem to a zas stejné.
Seklá lišta po cca 10min to začalo reagovat.

[stell]

Stáhni si a spusť program StartUpLite - http://www.malwarebytes.org/StartUpLite.exe
- Program vypíše seznam zbytečných programů spouštějících se při startu Windows
- K vypnutí spouštění těchto programů zaškrtni u příslušných řádků Disable a klikni na Continue

> Vyčisti počítač od nepotřebných souborů, vyčisti a optimalizuj registry:

Stáhni, nainstaluj program CCleaner - http://www.ccleaner.com/download/downloadpage.aspx?f=2
- PravyKlik na kos-spustit ccleaner ->>>Cakas>>na cistenie,,
PravyKlik na kos-otvorit ccleaner-záložka Windows a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na záložku Aplikace a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na Registry, stiskni Hledej problémy, po dokončení skenování klikni na Opravit vybrané problémy,
-zvol Ano pro vytvoření zálohy, ulož nabídnutý soubor a klikni na Opravit všechny problémy,

Start-spustit-napis cleanmgr klik>> ok>>pockas>>dalsie moznosti-obnova systemu-vycistit,,ok,,ok

Start-spustit-napis cleanmgr,,ok,ok,zafajkni
Temporary Internet Files
kos
Temporary Files
vycistit,ok
Click OK,Yes

Stiahnes na plochu TFC
zatvor vsetko co mas otvorene a spust-po skane restart

das este log z GMER
http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

[jthorn]

Dovolim si vám do vaší komunikace vstoupit. Cca před měsícem jsem měl obdobné problémy. Po odstranění havěti se zasekávala lišta (nefungovalo tlačítko start, na liště nešlo spustit kontextové menu přes pravou klávesu), ale ikony na ploše spouštět šly.
Zkuste se podívat do správce zařízení (klávesa Win+Pauza -> karta Hardware -> tlačítko Správce zařízení) jestli nemáte problém u Microsoft kernel Audio. Položky Microsoft Kernel Acoustic Echo Canceller, Microsoft Kernel Audio Splitter, Microsoft Kernel DLS Synthesizer, Microsoft Kernel DRM Audio Descrambler, Microsoft Kernel GS Wavetable Synthesizer.
Pokud ano, doinstalujte ovladače, pokud vám tedy dá svolení rádce co s vámi řeší logy.

[Zlocenkova]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-14 17:53:20
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\David\LOCALS~1\Temp\kwwoipow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF5728C56]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF5728B12]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xF57290C6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF5728FF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF57286E8]
SSDT sprb.sys ZwEnumerateKey [0xF7767DA4]
SSDT sprb.sys ZwEnumerateValueKey [0xF7768132]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF5728BEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF5728628]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF572868C]
SSDT sprb.sys ZwQueryKey [0xF776820A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF5728D0C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xF5729194]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF5728CCC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF5728E4C]

INT 0x62 ? 867DABF8
INT 0x63 ? 8626DBF8
INT 0x63 ? 8626DBF8
INT 0x63 ? 8626DBF8
INT 0x63 ? 8626DBF8
INT 0x63 ? 8626DBF8
INT 0x63 ? 8626DBF8
INT 0x82 ? 867DABF8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xF57354FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xF5735322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xF573545C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 15C 804E27C8 4 Bytes CALL 4C439A53
PAGE ntoskrnl.exe!ObInsertObject 8056503A 5 Bytes JMP F5732972 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!NtCreateSection 805652B3 7 Bytes JMP F5735326 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FE4C 7 Bytes JMP F5735502 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059F8CA 5 Bytes JMP F57314BA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805A3B73 7 Bytes JMP F5735460 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
? sprb.sys Systém nemůže nalézt uvedený soubor. !
.sfreloc˙˙˙˙sfsync04unknown last section [0xF76F6000, 0xBC6, 0x40000040] C:\WINDOWS\system32\drivers\sfsync04.sys unknown last section [0xF76F6000, 0xBC6, 0x40000040]
.text USBPORT.SYS!DllUnload F6B9A8AC 5 Bytes JMP 8626D1D8
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF6AAC900]
.text azcuu3cy.SYS F6A19386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text azcuu3cy.SYS F6A193AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text azcuu3cy.SYS F6A193C4 3 Bytes [00, 80, 02]
.text azcuu3cy.SYS F6A193C9 1 Byte [30]
.text azcuu3cy.SYS F6A193C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl section is writeable [0xF34DF000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl entry point in ".vmp2" section [0xF3502050]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[420] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 867DC2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F777ADDC] sprb.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F777AE30] sprb.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7750042] sprb.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F775013E] sprb.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F77500C0] sprb.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7750800] sprb.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F77506D6] sprb.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8626D2D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F775FB90] sprb.sys
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!swprintf] 001CBA86
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8986
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C8B
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!MmFreeMappingAddress] 96868801
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CB286
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!MmUnmapIoSpace] 88968B00
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IofCompleteRequest] 001CA496
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IofCallDriver] 001CC186
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] C286880C
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CC386
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!sprintf] 968D5140
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C98
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!ObfDereferenceObject] 22F6E852
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!ZwClose] 1CB48E8D
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 000022E4
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoCreateDevice] 00001CA0
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 22D2E850
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!ZwOpenKey] 1CBC968D
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoStartTimer] 000022C0
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoInitializeTimer] 001CC38E
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CC58688
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CC386
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C98
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2292E851
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CB4868D
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!MmUnlockPages] 00002280
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CC38E
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CC58688
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CC396
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!KeSetTimer] F6317300
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!_allmul] 74070647
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CC5
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!_aulldiv] 03087408
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!strstr] 72F93B3F
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CC5
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CC68E
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC886
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoAllocateIrp] 11E85000
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000022
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CC08E
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!MmLockPagableDataSection] C4968B00
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CCC8E
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!ExFreePoolWithTag] D0968900
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!InitSafeBootMode] D4C68150
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!PoCallDriver] 0021E7E8
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!memmove] 18C48300
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\azcuu3cy.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[560] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[560] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Ntfs \Ntfs 867D91F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-0 8626C1F8
Device \Driver\usbuhci \Device\USBPDO-1 8626C1F8
Device \Driver\usbuhci \Device\USBPDO-2 8626C1F8
Device \Driver\usbuhci \Device\USBPDO-3 8626C1F8
Device \Driver\usbehci \Device\USBPDO-4 8623E1F8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8676E1F8
Device \Driver\Cdrom \Device\CdRom0 863B0500
Device \Driver\Cdrom \Device\CdRom1 863B0500
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F76B7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F76B7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F76B7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F76B7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F76B7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom2 863B0500
Device \Driver\NetBT \Device\NetBT_Tcpip_{B3888DD9-41F9-4BA4-8E01-5ABEDD83235C} 865A1500
Device \Driver\NetBT \Device\NetBt_Wins_Export 865A1500
Device \Driver\PCI_PNP2026 \Device\0000004b sprb.sys
Device \Driver\NetBT \Device\NetbiosSmb 865A1500

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\sptd \Device\572253276 sprb.sys

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBFDO-0 8626C1F8
Device \Driver\usbuhci \Device\USBFDO-1 8626C1F8
Device \Driver\usbuhci \Device\USBFDO-2 8626C1F8
Device \Driver\usbuhci \Device\USBFDO-3 8626C1F8
Device \Driver\usbehci \Device\USBFDO-4 8623E1F8
Device \Driver\Ftdisk \Device\FtControl 8676E1F8
Device \Driver\azcuu3cy \Device\Scsi\azcuu3cy1 861491F8
Device \Driver\azcuu3cy \Device\Scsi\azcuu3cy1 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \Driver\azcuu3cy \Device\Scsi\azcuu3cy1Port2Path0Target0Lun0 861491F8
Device \Driver\azcuu3cy \Device\Scsi\azcuu3cy1Port2Path0Target0Lun0 sfsync04.sys (FrontLine Synchronization Driver/Protection Technology (StarForce))
Device \FileSystem\Cdfs \Cdfs 862F1500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -801307077
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1019045198
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x97 0x05 0xBC 0x68 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0F 0xE8 0x62 0x63 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4D 0x5E 0xC6 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0xAC 0xE6 0x03 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x40 0xB2 0x52 0x77 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0xCF 0x15 0x04 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0xAC 0xE6 0x03 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x40 0xB2 0x52 0x77 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xAE 0xA6 0x3A 0x3C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x97 0x05 0xBC 0x68 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0F 0xE8 0x62 0x63 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4D 0x5E 0xC6 0xEB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0xAC 0xE6 0x03 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x40 0xB2 0x52 0x77 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0xCF 0x15 0x04 ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\David\Dokumenty\ICQ\445627129\ReceivedFiles\370935231 ..\já.jpg 17539 bytes

---- EOF - GMER 1.0.15 ----



Jinak v těch správce zařízní mam z některých uvedených ovládačů a jsou poškozené.
Odstranila jsem je.

[stell]

Program Files\DAEMON Tools
Odinstaluj progrm C:\Program Files\DAEMON Tools Lite
Stahni dle ze stranek SPTD http://www.duplexsecure.com/en/downloads verzi dle sveho operacniho systemu. SPTD for Windows (32 bit) nebo (64b) na plochu
- spust
- zvol moznost Uninstall
- restart PC
stiahni>> MBR - http://www2.gmer.net/mbr/mbr.exe

klik-start-klik-spustit-vloz prikaz
cmd /c mbr.exe -t >log.txt&start log.txt
log.txt vloz sem.
Stahni OTListIt2>> OTL
- spust
-zafajkni
-Scan all users.
-Lop check.
-Purity check.
-v sekciiExtra Registry>zaboduj>Use SafeList
-do okna Custom Scans/Fixes>vloz zeleny text a klik Run SCAN
-scan trva [10-15 min]>.potom vloz sem
-OTL.txt (bude na ploche).

Kód: Vybrat vše

netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
%SYSTEMDRIVE%\viamraid.sys /s /md5
%SYSTEMDRIVE%\nvata.sys /s /md5
%SYSTEMROOT%\*. /mp /s
CREATERESTOREPOINT
%SYSTEMROOT%\system32\*.dll /lockedfiles