Problém s přihlášením se do windows.

[insane221]

Zdravím,

mám na mém pc na operační systémy, a to WIN XP a WIN 7.Mám pevný disc rozdělený na dva, a na každém je jiný OS. Na windows XP trávím poměrně více času, takže veliká veliká většina virů se ukládá na XPčkách. Jenže asi před týdnem jsem stáhl nějakého prevíta který se choval velice nenápadně. Nejdřív se mi viditelně zhoršila rychlost PC, na to jsem moc nebral ohled, protože problém setrvával cca. 5 dnů. Předevčírem jsem zapnul PC, byl jsem tam cca. 10 minut a najednou se sekl a já s ním kromě restartu neudělal. Po zapnutí vyberu OS XP, načítá se mi, a najednou se mi jakoby hodí monitor do úsporného režimu (zčerná mi obrazovka a bliká mi kontrolka). Zkoušel jsem vypojit a zapojit kabel jestli tam nijak nedrhne kontakt.. Ale po více restartech PC mi bylo jasné že problém s monitorem na 100% není. Tak jsem zapnul OS 7 a vidím že i na OS 7 mám problém podobný (tentokrát monitor byl zapnutý ale obrazovka zčernala). Nevěřím tomu že je to shoda náhod. Tak jsem restartoval PC a hodil jsem se do nouzového režimu a OS 7 mi běží jak má (tedy tak jak má běžet nouzový režim). Stáhl jsem si pár programů který mi měli vyčistit registry apod. Bohužel problém přetrvává. Zde dávám svůj LOG, aby jste se podívali jestli tu chybu neuvidíte.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Libor at 2010-11-21 18:42:44
Microsoft Windows 7 Professional
System drive C: has 65 GB (54%) free of 120 GB
Total RAM: 2039 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:42:57, on 21.11.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\helppane.exe
D:\Program Files\Metin2\metin2.bin
C:\Users\Libor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Libor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Libor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Libor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Libor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Libor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\mmc.exe
C:\Users\Libor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Libor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Libor\Downloads\RSIT.exe
C:\Program Files\trend micro\Libor.exe
C:\Users\Libor\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Google Update] "C:\Users\Libor\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\RunOnce: [iolo 3rd Party Reboot] C:\ProgramData\iolo\IRestartStub.exe /t "System Mechanic Professional" /i "fromreg" /v "iolo 3rd Party Reboot" /av "fromreg"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 10163 bytes

======Scheduled tasks folder======

C:\Windows\tasks\AWC Startup.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3155157807-1783997255-2731335254-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3155157807-1783997255-2731335254-1001UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3155157807-1783997255-2731335254-1003Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3155157807-1783997255-2731335254-1003UA.job
C:\Windows\tasks\Norton Security Scan for Libor.job
C:\Windows\tasks\RMSchedule.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-14 278192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-10-20 842296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-09-02 1175944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2008-06-16 191096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-09-02 1175944]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-03-28 1017592]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-14 278192]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2010-06-01 1093208]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2009-06-05 1310720]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [2009-05-18 3866624]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-04-12 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-04-12 8429568]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-04-12 81920]
"ASUSGamerOSD"=C:\Program Files\ASUS\GamerOSD\GamerOSD.exe [2007-04-26 380928]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-01-12 37888]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-06-28 2837864]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-03-30 1820040]
"SSDMonitor"=C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [2010-09-16 104408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]
"Google Update"=C:\Users\Libor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-15 136176]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-04-30 39408]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 354304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"iolo 3rd Party Reboot"=C:\ProgramData\iolo\IRestartStub.exe [2010-10-12 419000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-11-21 17:49:25 ----D---- C:\rsit
2010-11-21 17:49:25 ----D---- C:\Program Files\trend micro
2010-11-20 18:47:19 ----D---- C:\ProgramData\IObit
2010-11-20 18:30:47 ----A---- C:\Windows\system32\STKIT432.DLL
2010-11-20 18:23:31 ----A---- C:\Windows\system32\mfc45.dll
2010-11-20 18:23:28 ----D---- C:\iolo
2010-11-20 18:13:20 ----D---- C:\Users\Libor\AppData\Roaming\iolo
2010-11-20 18:13:20 ----D---- C:\ProgramData\iolo
2010-11-20 18:11:09 ----D---- C:\Users\Libor\AppData\Roaming\Registry Mechanic
2010-11-20 18:09:13 ----A---- C:\Windows\system32\msxml.dll
2010-11-20 18:09:13 ----A---- C:\Windows\system32\CleanMFT32.exe
2010-11-20 18:09:11 ----D---- C:\Program Files\Registry Mechanic
2010-11-20 18:09:11 ----D---- C:\Program Files\Common Files\PC Tools
2010-11-20 18:09:11 ----AD---- C:\ProgramData\TEMP
2010-11-20 17:56:05 ----D---- C:\Users\Libor\AppData\Roaming\IObit
2010-11-20 17:56:05 ----D---- C:\Program Files\IObit
2010-11-12 18:02:50 ----A---- C:\Windows\system32\drivers\PnkBstrK.sys
2010-11-12 18:01:11 ----D---- C:\Program Files\GamePark
2010-11-12 17:59:19 ----A---- C:\Windows\system32\PnkBstrB.exe
2010-11-12 17:59:02 ----A---- C:\Windows\system32\PnkBstrA.exe

======List of files/folders modified in the last 1 months======

2010-11-21 18:42:54 ----D---- C:\Windows\Temp
2010-11-21 18:13:48 ----D---- C:\wowowow
2010-11-21 18:12:52 ----RD---- C:\Program Files
2010-11-21 18:12:25 ----D---- C:\Program Files\EA GAMES
2010-11-21 18:10:54 ----D---- C:\Program Files\LogMeIn Hamachi
2010-11-21 18:10:00 ----D---- C:\Windows\system32\drivers
2010-11-21 18:05:43 ----SD---- C:\Users\Libor\AppData\Roaming\Microsoft
2010-11-21 17:34:31 ----D---- C:\Windows\System32
2010-11-21 17:34:31 ----D---- C:\Windows\inf
2010-11-21 17:34:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-11-21 17:29:42 ----A---- C:\Windows\ntbtlog.txt
2010-11-20 18:47:19 ----HD---- C:\ProgramData
2010-11-20 18:45:16 ----D---- C:\Windows\system32\config
2010-11-20 18:44:55 ----D---- C:\Users\Libor\AppData\Roaming\uTorrent
2010-11-20 18:12:03 ----SD---- C:\ProgramData\Microsoft
2010-11-20 18:11:06 ----D---- C:\Windows\Downloaded Program Files
2010-11-20 18:10:55 ----D---- C:\Windows\debug
2010-11-20 18:09:22 ----D---- C:\Windows\Tasks
2010-11-20 18:09:11 ----D---- C:\Program Files\Common Files
2010-11-20 17:52:21 ----D---- C:\Windows\system32\drivers\etc
2010-11-12 19:41:06 ----D---- C:\Users\Libor\AppData\Roaming\ICQ
2010-11-12 17:59:03 ----D---- C:\Windows\system32\LogFiles
2010-11-10 17:31:45 ----D---- C:\Program Files\ICQ7.1

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2009-07-18 93096]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-06-28 23376]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2009-09-23 55040]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2009-09-23 165376]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-07-27 691696]
S1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-06-28 165456]
S1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-06-28 46672]
S1 atkdisplf;ATK Kernel Mode Enhanced Driver; C:\Windows\System32\Drivers\atkdisplowfilter.sys [2007-04-26 19968]
S1 EIO;EIO; C:\Windows\System32\Drivers\eio.sys [2006-06-14 12288]
S1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
S1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2009-09-23 294912]
S2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-06-28 17744]
S2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-04-17 165376]
S2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-04-17 18048]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2009-06-05 380416]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\Windows\system32\drivers\asusgsb.sys [2007-02-01 13184]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 PnkBstrK;PnkBstrK; \??\C:\Windows\system32\drivers\PnkBstrK.sys [2010-11-20 138904]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2009-09-23 78336]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2009-06-05 90112]
S2 ATKFUSService;ATK Fast User Switch Service; C:\Windows\system32\ATKFUSService.exe [2007-04-02 67072]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-30 135664]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
S2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
S2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792]
S2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
S2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-11-20 75136]
S2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2010-11-20 234392]
S2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-04-30 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-26 1343400]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[insane221]

upřímně, práci s combofixem jsem nikdy nezkoušel, a slyšel jsem že může v nesprávných rukou způsobit pěknou paseku. Na google jsem nenašel žádný návody jak z něj ten log dostat.. Nevíte o něčem?

//RE: teprv jsem si všiml vaší citace.. Jdu na to

[insane221]

log z Combofixu zde:


ComboFix 10-11-20.07 - Libor 21.11.2010 19:14:48.1.2 - x86 NETWORK
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2039.1400 [GMT 1:00]
Spuštěný z: c:\users\Libor\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\wpe pro.INI

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-21 do 2010-11-21 )))))))))))))))))))))))))))))))
.

2010-11-21 18:18 . 2010-11-21 18:18 -------- d-----w- c:\users\Libor\AppData\Local\temp
2010-11-21 18:02 . 2010-11-21 18:03 301568 ----a-w- c:\windows\system32\cmd.execf
2010-11-21 16:49 . 2010-11-21 17:42 -------- d-----w- c:\program files\trend micro
2010-11-21 16:49 . 2010-11-21 16:49 -------- d-----w- C:\rsit
2010-11-20 17:47 . 2010-11-20 17:47 -------- d-----w- c:\programdata\IObit
2010-11-20 17:09 . 2010-11-20 17:09 -------- d-----w- c:\program files\Common Files\PC Tools
2010-11-20 16:56 . 2010-11-20 17:47 -------- d-----w- c:\program files\IObit
2010-11-20 16:56 . 2010-11-20 16:56 -------- d-----w- c:\users\Libor\AppData\Roaming\IObit
2010-11-12 17:02 . 2010-11-20 13:00 138904 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-12 17:01 . 2010-11-12 17:01 -------- d-----w- c:\program files\GamePark
2010-11-12 16:59 . 2010-11-20 13:00 234392 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-12 16:59 . 2010-11-20 13:00 234392 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-12 16:59 . 2010-11-20 12:57 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-11-12 16:58 . 2010-11-12 16:58 -------- d-----w- c:\users\Libor\AppData\Local\PunkBuster

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 06:00 . 2010-08-30 06:00 34064 ----a-w- c:\windows\system32\lhacm.acm
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 12:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"Google Update"="c:\users\Libor\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-15 136176]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-30 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-04-26 380928]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-12 37888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-09-16 104408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-27 691696]
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 135664]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-26 1343400]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.
Obsah adresáře 'Naplánované úlohy'

2010-11-20 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-11-20 20:33]

2010-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 13:19]

2010-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 13:19]

2010-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3155157807-1783997255-2731335254-1001Core.job
- c:\users\Honza\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-15 17:47]

2010-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3155157807-1783997255-2731335254-1001UA.job
- c:\users\Honza\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-15 17:47]

2010-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3155157807-1783997255-2731335254-1003Core.job
- c:\users\Libor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-15 18:49]

2010-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3155157807-1783997255-2731335254-1003UA.job
- c:\users\Libor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-15 18:49]

2010-09-05 c:\windows\Tasks\Norton Security Scan for Libor.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-08-21 07:48]

2010-11-20 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2010-11-20 08:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-Axxin Wow Logo Creator - c:\program files\Axxin Wow Logo Creator\Uninstal.exe
AddRemove-Blender - c:\program files\Blender Foundation\Blender\uninstall.exe
AddRemove-CamStudio - c:\program files\CamStudio\uninstall.exe
AddRemove-EVE - c:\program files\CCP\EVE\Uninstall.exe
AddRemove-Quake III Arena - c:\program files\Quake III Arena\QIII.isu
AddRemove-Super Screen Capture_is1 - c:\program files\Zeallsoft\Super Screen Capture\unins000.exe
AddRemove-{6889EE56-1816-4E89-94DF-9F56E7804039}_is1 - c:\program files\Valve\unins000.exe


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-11-21 19:20:47
ComboFix-quarantined-files.txt 2010-11-21 18:20

Před spuštěním: Volných bajtů: 75 725 955 072
Po spuštění: Volných bajtů: 76 090 408 960

- - End Of File - - 5C5AB53D5A35502936B38C2A13A55942

[insane221]

c:\users\Libor\AppData\Local\temp Tohle jsem někde viděl, když jsem čistil PC.. Vyběhlo mi to v nějakém erroru.

[Rudy]

Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\system32\cmd.execf

Folder::
c:\program files\Ask.com

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
{D4027C7F-154A-4066-A1AD-4243D8127440}"=-

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[insane221]

hotovo. tady mi vysel log




ComboFix 10-11-20.07 - Libor 21.11.2010 20:35:21.2.2 - x86 NETWORK
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2039.1264 [GMT 1:00]
Spuštěný z: c:\users\Libor\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Libor\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
* Vytvořen nový Bod Obnovení

file zipped: c:\windows\system32\cmd.execf
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\system32\cmd.execf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-21 do 2010-11-21 )))))))))))))))))))))))))))))))
.

2010-11-21 19:39 . 2010-11-21 19:39 -------- d-----w- c:\users\Libor\AppData\Local\temp
2010-11-21 19:39 . 2010-11-21 19:39 -------- d-----w- c:\users\Máca&Martin\AppData\Local\temp
2010-11-21 19:39 . 2010-11-21 19:39 -------- d-----w- c:\users\Honza\AppData\Local\temp
2010-11-21 19:39 . 2010-11-21 19:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-21 19:39 . 2010-11-21 19:39 -------- d-----w- c:\users\Dana\AppData\Local\temp
2010-11-21 16:49 . 2010-11-21 17:42 -------- d-----w- c:\program files\trend micro
2010-11-21 16:49 . 2010-11-21 16:49 -------- d-----w- C:\rsit
2010-11-20 17:47 . 2010-11-20 17:47 -------- d-----w- c:\programdata\IObit
2010-11-20 17:09 . 2010-11-20 17:09 -------- d-----w- c:\program files\Common Files\PC Tools
2010-11-20 16:56 . 2010-11-20 17:47 -------- d-----w- c:\program files\IObit
2010-11-20 16:56 . 2010-11-20 16:56 -------- d-----w- c:\users\Libor\AppData\Roaming\IObit
2010-11-12 17:02 . 2010-11-20 13:00 138904 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-12 17:01 . 2010-11-12 17:01 -------- d-----w- c:\program files\GamePark
2010-11-12 16:59 . 2010-11-20 13:00 234392 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-12 16:59 . 2010-11-20 13:00 234392 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-12 16:59 . 2010-11-20 12:57 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-11-12 16:58 . 2010-11-12 16:58 -------- d-----w- c:\users\Libor\AppData\Local\PunkBuster

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 06:00 . 2010-08-30 06:00 34064 ----a-w- c:\windows\system32\lhacm.acm
.

((((((((((((((((((((((((((((( SnapShot@2010-11-21_18.18.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 18:29 . 2010-11-21 18:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-11-21 16:29 . 2010-11-21 16:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-11-21 16:29 . 2010-11-21 16:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-11-21 18:29 . 2010-11-21 18:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2010-11-21 18:34 606992 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-11-21 16:34 606992 c:\windows\System32\perfh009.dat
+ 2009-07-14 08:37 . 2010-11-21 18:34 622422 c:\windows\System32\perfh005.dat
- 2009-07-14 08:37 . 2010-11-21 16:34 622422 c:\windows\System32\perfh005.dat
- 2009-07-14 02:05 . 2010-11-21 16:34 103370 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2010-11-21 18:34 103370 c:\windows\System32\perfc009.dat
+ 2009-07-14 08:37 . 2010-11-21 18:34 118604 c:\windows\System32\perfc005.dat
- 2009-07-14 08:37 . 2010-11-21 16:34 118604 c:\windows\System32\perfc005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"Google Update"="c:\users\Libor\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-15 136176]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-30 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-04-26 380928]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-12 37888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-09-16 104408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-27 691696]
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 135664]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-26 1343400]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.
Obsah adresáře 'Naplánované úlohy'

2010-11-20 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-11-20 20:33]

2010-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 13:19]

2010-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 13:19]

2010-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3155157807-1783997255-2731335254-1001Core.job
- c:\users\Honza\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-15 17:47]

2010-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3155157807-1783997255-2731335254-1001UA.job
- c:\users\Honza\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-15 17:47]

2010-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3155157807-1783997255-2731335254-1003Core.job
- c:\users\Libor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-15 18:49]

2010-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3155157807-1783997255-2731335254-1003UA.job
- c:\users\Libor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-15 18:49]

2010-09-05 c:\windows\Tasks\Norton Security Scan for Libor.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-08-21 07:48]

2010-11-20 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2010-11-20 08:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-11-21 20:40:50
ComboFix-quarantined-files.txt 2010-11-21 19:40
ComboFix2.txt 2010-11-21 18:20

Před spuštěním: Volných bajtů: 76 159 246 336
Po spuštění: Volných bajtů: 76 081 516 544

- - End Of File - - 48B72EE900892E8AD274E56AF7616810

[insane221]

Po restartu PC problém stále přetrvává.

[Rudy]

Udělejte ještě sken MBR: http://www2.gmer.net/mbr/mbr.exe . Dejte log. CF již vypadá čistý.

[insane221]

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD2502ABYS-01B7A0 rev.02.03B02 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

[Rudy]

MBR je čistý. Vypadá to na poškození instalace Win, příp. na hardwarovou chybu. Zkuste opravu z instal. média.

[insane221]

Okay, moc díky za pomoc

[Rudy]

Nemáte zač!