mozete mi prosim pozriet toto ide mi strasne pomaly

[eeekubo]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:25:51, on 20.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Hsfpwcfg.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Labtec\WebCam10\WebCam10.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Wireless\Client Manager\CMags.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\OneTouchAccess.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Michal\My Documents\Preberanie\HijackThis.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: (no name) - {1DBB09FF-5697-4E4A-B138-1428E2DB5B20} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O4 - HKLM\..\Run: [Hsfpwcfg.exe] C:\WINDOWS\Hsfpwcfg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [CnxDslTaskBar] "c:\program files\microcom\adsl deskporte usb\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [65409428] C:\DOCUME~1\ALLUSE~1\APPLIC~1\65409428\65409428.exe
O4 - HKLM\..\Run: [Advanced WindowsCare V2 Pro] "C:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Wireless Client Manager.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by108fd.bay108.hotmail.msn.com/a ... Atchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABA2425B-8ED3-43B2-B146-DD5F2289C780}: NameServer = 160.218.43.200 194.228.211.33
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate1c98d208d84acf7) (gupdate1c98d208d84acf7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 8530 bytes

[cernohous13]

Zdravím,

doporučuji odinstalovat C:\Program Files\IObit\Advanced WindowsCare V2 Pro
nemáme ho rádi - je to čínský šmejd s ukradenou databází a dělá v PC víc zmatku než pořádku.

dej mi log RSIT podle návodu http://www.viry.cz/forum/viewtopic.php?f=13&t=105895
(navíc ten HJT je starý Scan saved at 22:25:51, on 20.12.2010)

[eeekubo]

tak som to odinstaloval a tuna je log



Logfile of random's system information tool 1.08 (written by random/random)
Run by Michal at 2011-01-18 20:58:20
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 32 GB (42%) free of 76 GB
Total RAM: 479 MB (20% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-06-13 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE84A6AA-A333-4B92-B276-C11E2212E4FE}]
CPrintEnhancer Object - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll [2006-12-15 599472]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Hsfpwcfg.exe"=C:\WINDOWS\Hsfpwcfg.exe [2004-01-28 167936]
"SiSPower"=SiSPower.dll,ModeAgent []
"CnxDslTaskBar"=c:\program files\microcom\adsl deskporte usb\CnxDslTb.exe [2004-06-16 233472]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-04-15 77824]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-03-06 488984]
"LogitechQuickCamRibbon"=C:\Program Files\Labtec\WebCam10\WebCam10.exe [2007-03-06 1060376]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-09-02 13351304]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe
Wireless Client Manager.lnk - C:\Program Files\Wireless\Client Manager\CMags.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microcom\ADSL DeskPorte USB\setup.exe"="C:\Program Files\Microcom\ADSL DeskPorte USB\setup.exe:*:Enabled:Microcom ADSL DeskPorte USB Wizard"
"C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe"="C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe:*:Enabled:ADSL Taskbar"
"C:\Program Files\ASUS\WLAN Card Utilities\Center.exe"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe:*:Enabled:ASUS WLAN Control Center"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 3 months======

2011-01-18 20:51:32 ----D---- C:\Program Files\trend micro
2011-01-18 20:51:22 ----DC---- C:\rsit
2011-01-17 23:23:46 ----AC---- C:\ComboFix.txt
2011-01-17 23:12:49 ----SHDC---- C:\RECYCLER
2011-01-17 22:46:46 ----A---- C:\WINDOWS\zip.exe
2011-01-17 22:46:46 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-01-17 22:46:46 ----A---- C:\WINDOWS\SWSC.exe
2011-01-17 22:46:46 ----A---- C:\WINDOWS\SWREG.exe
2011-01-17 22:46:46 ----A---- C:\WINDOWS\sed.exe
2011-01-17 22:46:46 ----A---- C:\WINDOWS\PEV.exe
2011-01-17 22:46:46 ----A---- C:\WINDOWS\NIRCMD.exe
2011-01-17 22:46:46 ----A---- C:\WINDOWS\MBR.exe
2011-01-17 22:46:46 ----A---- C:\WINDOWS\grep.exe
2010-12-20 21:32:13 ----D---- C:\WINDOWS\ERDNT
2010-12-20 21:31:17 ----DC---- C:\Qoobox
2010-12-20 21:04:52 ----D---- C:\Program Files\IObit
2010-12-20 20:45:13 ----D---- C:\Program Files\Alwil Software
2010-12-20 20:35:02 ----A---- C:\WINDOWS\ModemLog_Nokia 5800 XpressMusic USB Modem.txt
2010-12-20 20:31:04 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2010-12-20 20:30:51 ----HDC---- C:\WINDOWS\$NtUninstallWdf01009$
2010-12-20 20:29:47 ----D---- C:\Documents and Settings\Michal\Application Data\Nokia
2010-12-20 20:29:46 ----D---- C:\Documents and Settings\Michal\Application Data\PC Suite
2010-12-20 20:29:43 ----DC---- C:\Documents and Settings\All Users\Application Data\PC Suite
2010-12-20 20:28:57 ----D---- C:\Program Files\Common Files\PCSuite
2010-12-20 20:28:47 ----D---- C:\Program Files\Common Files\Nokia
2010-12-20 20:28:28 ----D---- C:\Program Files\DIFX
2010-12-20 20:28:27 ----A---- C:\WINDOWS\system32\drivers\pccsmcfd.sys
2010-12-20 20:28:16 ----D---- C:\Program Files\PC Connectivity Solution
2010-12-20 20:28:05 ----A---- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2010-12-20 20:28:04 ----A---- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2010-12-20 20:28:02 ----A---- C:\WINDOWS\system32\drivers\ccdcmbo.sys
2010-12-20 20:27:59 ----A---- C:\WINDOWS\system32\wdfcoinstaller01009.dll
2010-12-20 20:27:59 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2010-12-20 20:27:59 ----A---- C:\WINDOWS\system32\drivers\ccdcmb.sys
2010-12-20 20:27:46 ----D---- C:\Program Files\Nokia
2010-12-20 20:26:32 ----DC---- C:\Documents and Settings\All Users\Application Data\Installations
2010-12-08 15:07:20 ----D---- C:\Documents and Settings\Michal\Application Data\ESET
2010-12-08 14:09:31 ----DC---- C:\Documents and Settings\All Users\Application Data\PC Tools

======List of files/folders modified in the last 3 months======

2011-01-18 20:57:36 ----D---- C:\WINDOWS\Temp
2011-01-18 20:53:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-01-18 20:51:32 ----D---- C:\Program Files
2011-01-18 20:14:44 ----D---- C:\WINDOWS
2011-01-18 20:05:50 ----D---- C:\Documents and Settings\Michal\Application Data\Skype
2011-01-17 23:23:53 ----D---- C:\WINDOWS\system32\drivers
2011-01-17 23:20:02 ----D---- C:\WINDOWS\system32\CatRoot2
2011-01-17 23:17:18 ----AC---- C:\WINDOWS\system.ini
2011-01-17 23:15:12 ----D---- C:\WINDOWS\system32\drivers\etc
2011-01-17 23:12:49 ----D---- C:\WINDOWS\Debug
2011-01-17 23:12:22 ----D---- C:\WINDOWS\system32\config
2011-01-17 23:10:37 ----D---- C:\WINDOWS\system32
2011-01-17 23:06:38 ----D---- C:\WINDOWS\AppPatch
2011-01-17 23:06:34 ----D---- C:\Program Files\Common Files
2011-01-17 22:43:17 ----SD---- C:\WINDOWS\Tasks
2010-12-20 22:01:56 ----A---- C:\WINDOWS\NeroDigital.ini
2010-12-20 20:31:09 ----HD---- C:\WINDOWS\inf
2010-12-20 20:29:59 ----D---- C:\WINDOWS\system32\CatRoot
2010-12-20 20:29:40 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-12-20 20:29:27 ----SHD---- C:\WINDOWS\Installer
2010-12-20 20:27:40 ----D---- C:\WINDOWS\WinSxS
2010-12-20 20:26:47 ----D---- C:\WINDOWS\Prefetch
2010-12-20 19:46:00 ----SHD---- C:\System Volume Information
2010-12-20 19:44:50 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-12-20 19:40:41 ----DC---- C:\Documents and Settings
2010-12-20 17:34:15 ----SD---- C:\WINDOWS\system32\Microsoft
2010-12-08 14:05:52 ----D---- C:\WINDOWS\Minidump
2010-12-08 13:46:25 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-08 13:45:48 ----D---- C:\Program Files\SanDisk
2010-11-30 10:48:52 ----D---- C:\Program Files\Mozilla Firefox
2010-11-21 12:09:09 ----D---- C:\Documents and Settings\Michal\Application Data\skypePM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 antispyware;antispyware; C:\WINDOWS\system32\DRIVERS\antispyware.sys [2008-04-08 22528]
R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2006-06-12 89264]
R0 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-13 46464]
R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\Drivers\PxHelp20.sys [2006-11-02 36624]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-10-07 685816]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-03-17 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2006-03-17 22684]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-02-17 13312]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-06-13 25724]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-06-13 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-06-13 86844]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-06-13 14716]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-06-13 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-06-13 88476]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-06-13 94460]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-03-17 40544]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2006-07-20 15781]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-05-12 1037056]
R3 HSFHWSIS;HSFHWSIS; C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2004-06-17 193280]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2002-01-08 6004]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
R3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
R3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-07-01 9856]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-02-17 240640]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
R3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
R3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-05-12 685312]
R3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
R3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 a5kkquvi;a5kkquvi; C:\WINDOWS\system32\drivers\a5kkquvi.sys []
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []
S3 BCM43XX;ASUS 802.11 ovládač sieťového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-02-11 371712]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver; C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2004-06-16 131072]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver; C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2004-06-16 614272]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver; C:\WINDOWS\system32\DRIVERS\CnxTgNP.sys [2004-06-16 60416]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-12-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-12-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-12-06 21568]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys []
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-03-06 1669664]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-03-06 2261792]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-03-07 41376]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 PAC207;VideoCAM GF112; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 162176]
S3 PavSRK.sys;PavSRK.sys; C:\WINDOWS\system32\drivers\PavSRK.sys.sys []
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2004-05-17 17536]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2007-03-07 491168]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wlags48d;Agere Wireless PCCard Service; C:\WINDOWS\system32\DRIVERS\wlags48d.sys [2003-09-22 154624]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-06-20 53248]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S2 gupdate1c98d208d84acf7;Služba Google Update (gupdate1c98d208d84acf7); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-12 133104]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-03-06 105248]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[cernohous13]

Když už jsi spustil ComboFix, tak mi dej log C:\ComboFix.txt

[eeekubo]

ja uz som zufaly hadam som nic nepokaslal tuna je ten log


ComboFix 11-01-16.04 - Michal 19.01.2011 17:41:40.3.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.479.141 [GMT 1:00]
Running from: c:\documents and settings\Michal\My Documents\Preberanie\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090205-1] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-12-19 to 2011-01-19 )))))))))))))))))))))))))))))))
.

2011-01-18 19:51 . 2011-01-18 19:51 -------- d-----w- c:\program files\trend micro
2011-01-18 19:51 . 2011-01-18 19:52 -------- dc----w- C:\rsit
2010-12-20 20:04 . 2010-12-20 20:04 -------- d-----w- c:\program files\IObit
2010-12-20 19:45 . 2010-12-20 19:45 -------- d-----w- c:\program files\Alwil Software
2010-12-20 19:31 . 2008-11-07 17:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-12-20 19:29 . 2010-12-20 19:34 -------- d-----w- c:\documents and settings\Michal\Application Data\Nokia
2010-12-20 19:29 . 2010-12-20 19:34 -------- d-----w- c:\documents and settings\Michal\Application Data\PC Suite
2010-12-20 19:29 . 2010-12-20 19:29 -------- dc----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-12-20 19:28 . 2010-12-20 19:28 -------- d-----w- c:\program files\Common Files\PCSuite
2010-12-20 19:28 . 2010-12-20 19:28 -------- d-----w- c:\program files\Common Files\Nokia
2010-12-20 19:28 . 2010-12-20 19:29 -------- d-----w- c:\program files\DIFX
2010-12-20 19:28 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-12-20 19:28 . 2010-12-20 19:28 -------- d-----w- c:\program files\PC Connectivity Solution
2010-12-20 19:28 . 2010-02-26 13:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-12-20 19:28 . 2010-02-26 13:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-12-20 19:28 . 2010-02-26 13:32 22528 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-12-20 19:27 . 2010-02-26 13:32 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-12-20 19:27 . 2010-02-26 13:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-12-20 19:27 . 2010-02-26 13:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-12-20 19:27 . 2010-12-20 19:28 -------- d-----w- c:\program files\Nokia
2010-12-20 19:26 . 2010-12-20 19:26 -------- dc----w- c:\documents and settings\All Users\Application Data\Installations
2010-12-20 18:40 . 2010-12-20 18:40 -------- dc----w- c:\documents and settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-02-16 49152]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 488984]
"LogitechQuickCamRibbon"="c:\program files\Labtec\WebCam10\WebCam10.exe" [2007-03-06 1060376]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ASUS\\WLAN Card Utilities\\Center.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22693:TCP"= 22693:TCP:BitComet 22693 TCP
"22693:UDP"= 22693:UDP:BitComet 22693 UDP

R2 gupdate1c98d208d84acf7;Služba Google Update (gupdate1c98d208d84acf7);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 133104]
R3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys [x]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys [x]
R3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNP.sys [x]
R3 PAC207;VideoCAM GF112;c:\windows\system32\DRIVERS\pfc027.sys [2005-04-08 162176]
R3 PavSRK.sys;PavSRK.sys; [x]
R3 wlags48d;Agere Wireless PCCard Service;c:\windows\system32\DRIVERS\wlags48d.sys [2003-09-22 154624]
S0 antispyware;antispyware;c:\windows\system32\DRIVERS\antispyware.sys [2008-04-08 22528]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2007-10-07 685816]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 14:45]

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 14:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunCasino.exe
FF - ProfilePath - c:\documents and settings\Michal\Application Data\Mozilla\Firefox\Profiles\hhs12llk.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-19 17:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(900)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\PAStiSvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\Rundll32.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\sistray.exe
c:\program files\Wireless\Client Manager\CMags.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2011-01-19 18:21:52 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-19 17:21
ComboFix2.txt 2011-01-17 22:23

Pre-Run: 33 579 343 872 bytes free
Post-Run: 12 adresárov, 33 580 244 992 voľných bajtov

- - End Of File - - EBA4DDACDDA5E1B05E6BB68282BC4AE1

[cernohous13]

Přesuň ComboFix na plochu.
Otevři Poznámkový blok (Notepad) a zkopíruj celý zelený text z "CFscriptu".
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.

ComboFix se spustí - počkej na log a vlož ho sem.

CFscript

Kód: Vybrat vše

KillAll::

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=-
"QuickTime Task"=-
"LogitechCommunicationsManager"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Folder::
C:\Program Files\IObit

Driver::
antispyware
gupdate1c98d208d84acf7
PavSRK.sys

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\system32\DRIVERS\antispyware.sys
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[eeekubo]

ComboFix 11-01-18.04 - Michal 19.01.2011 23:58:25.4.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.479.177 [GMT 1:00]
Running from: c:\documents and settings\Michal\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Michal\Desktop\CFscript.txt
AV: avast! antivirus 4.8.1335 [VPS 090205-1] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\DRIVERS\antispyware.sys"
"c:\windows\tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\IObit
c:\program files\IObit\Advanced WindowsCare V2 Pro\Applog.txt
c:\program files\IObit\Advanced WindowsCare V2 Pro\Backup\IgnoreList.ini
c:\program files\IObit\Advanced WindowsCare V2 Pro\ErrorLog.txt
c:\program files\IObit\Advanced WindowsCare V2 Pro\Main.ini
c:\windows\system32\DRIVERS\antispyware.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ANTISPYWARE
-------\Legacy_GUPDATE1C98D208D84ACF7
-------\Legacy_PAVSRK.SYS
-------\Service_antispyware
-------\Service_gupdate1c98d208d84acf7
-------\Service_PavSRK.sys


((((((((((((((((((((((((( Files Created from 2010-12-19 to 2011-01-19 )))))))))))))))))))))))))))))))
.

2011-01-18 19:51 . 2011-01-18 19:51 -------- d-----w- c:\program files\trend micro
2011-01-18 19:51 . 2011-01-18 19:52 -------- dc----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-02-16 49152]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"LogitechQuickCamRibbon"="c:\program files\Labtec\WebCam10\WebCam10.exe" [2007-03-06 1060376]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2006-6-19 331776]
Wireless Client Manager.lnk - c:\program files\Wireless\Client Manager\CMags.EXE [2006-6-30 315392]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ASUS\\WLAN Card Utilities\\Center.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22693:TCP"= 22693:TCP:BitComet 22693 TCP
"22693:UDP"= 22693:UDP:BitComet 22693 UDP

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.10.2007 12:06 685816]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25.1.2010 11:32 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.1.2010 11:32 20560]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys --> c:\windows\system32\DRIVERS\CnxEtP.sys [?]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys --> c:\windows\system32\DRIVERS\CnxEtU.sys [?]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNP.sys --> c:\windows\system32\DRIVERS\CnxTgNP.sys [?]
S3 PAC207;VideoCAM GF112;c:\windows\system32\drivers\PFC027.sys [8.4.2005 9:46 162176]
S3 wlags48d;Agere Wireless PCCard Service;c:\windows\system32\drivers\wlags48d.sys [30.6.2006 19:00 154624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunCasino.exe
FF - ProfilePath - c:\documents and settings\Michal\Application Data\Mozilla\Firefox\Profiles\hhs12llk.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-WudfPf
SafeBoot-WudfRd



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-20 00:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HTS541080G9AT00 rev.MB4OA60A -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85B60EC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x85207872; SUB DWORD [EBP-0x4], 0x8520712e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x85D1B040]
3 CLASSPNP[0xF7699FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\0000008c[0x85DCC628]
5 ACPI[0xF740E620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x85DCC8E8]
[0x85BFD2D0] -> IRP_MJ_CREATE -> 0x85B60EC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskHTS541080G9AT00_________________________MB4OA60A#5&15e10985&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x85B60AEA
user & kernel MBR OK
sectors 156301486 (+255): user != kernel
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3932)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\system32\Rundll32.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\System32\wudfhost.exe
c:\windows\system32\rundll32.exe
c:\windows\System32\wudfhost.exe
.
**************************************************************************
.
Completion time: 2011-01-20 00:29:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-19 23:29
ComboFix2.txt 2011-01-19 17:21
ComboFix3.txt 2011-01-17 22:23

Pre-Run: 33 574 301 696 bytes free
Post-Run: 12 adresárov, 33 529 901 056 voľných bajtov

- - End Of File - - FBAA96EF1A3B71374E57A839CE33A9B4

[cernohous13]

Stáhněte zde: TDSSKiller a uložte ho na plochu.
Poté spusťte TDSSKiller.exe a poté klikněte na Start Scan.



Až to najde infikované soubory klikněte na tlačítko Continue.

Nejspíše po Vás aplikace bude chtít povolit restartovat počítač. Klikněte tedy na tlačítko Reboot Now. Log poté najdete zde: C:\TDSSKiller\_log.txt

[eeekubo]

2011/01/20 18:39:57.0656 TDSS rootkit removing tool 2.4.14.0 Jan 18 2011 09:33:51
2011/01/20 18:39:57.0656 ================================================================================
2011/01/20 18:39:57.0656 SystemInfo:
2011/01/20 18:39:57.0656
2011/01/20 18:39:57.0656 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/20 18:39:57.0656 Product type: Workstation
2011/01/20 18:39:57.0656 ComputerName: MICHAL-C46711AE
2011/01/20 18:39:57.0656 UserName: Michal
2011/01/20 18:39:57.0656 Windows directory: C:\WINDOWS
2011/01/20 18:39:57.0656 System windows directory: C:\WINDOWS
2011/01/20 18:39:57.0656 Processor architecture: Intel x86
2011/01/20 18:39:57.0656 Number of processors: 1
2011/01/20 18:39:57.0656 Page size: 0x1000
2011/01/20 18:39:57.0656 Boot type: Normal boot
2011/01/20 18:39:57.0656 ================================================================================
2011/01/20 18:39:58.0671 Initialize success
2011/01/20 18:40:31.0812 ================================================================================
2011/01/20 18:40:31.0812 Scan started
2011/01/20 18:40:31.0812 Mode: Manual;
2011/01/20 18:40:31.0812 ================================================================================
2011/01/20 18:40:33.0640 Aavmker4 (7e9ac7c353e49ea7e8b53c64c9814c27) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/01/20 18:40:33.0828 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/20 18:40:33.0890 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/01/20 18:40:34.0031 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/20 18:40:34.0109 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/20 18:40:34.0437 ALCXWDM (95aa37bec6c72c277c2caeaee736dd2d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/01/20 18:40:34.0734 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/01/20 18:40:34.0937 ASNDIS5 (05a56c3156e1b6cc7bbd8e1d54d491f2) C:\WINDOWS\system32\ASNDIS5.SYS
2011/01/20 18:40:35.0015 aswFsBlk (b4d09e666cb1d72f2cfab3f8fb395518) C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
2011/01/20 18:40:35.0062 aswMon2 (9c9a6c6e8805c43c372ad9aabea39fd9) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/01/20 18:40:35.0125 aswRdr (4f25bb4a1299006ac04fa02d25a0e62d) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/01/20 18:40:35.0234 aswSP (f8abcec435cb0f918c12fd84b6eaee11) C:\WINDOWS\system32\drivers\aswSP.sys
2011/01/20 18:40:35.0296 aswTdi (95c9ccf994e7c39322aa2ca44a6f8382) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/01/20 18:40:35.0328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/20 18:40:35.0390 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/20 18:40:35.0468 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/20 18:40:35.0531 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/20 18:40:35.0656 BCM43XX (e7debb46b9ef1f28932e533be4a3d1a9) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/01/20 18:40:35.0718 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/20 18:40:35.0859 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/20 18:40:35.0937 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/01/20 18:40:36.0015 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/20 18:40:36.0062 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/20 18:40:36.0125 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/20 18:40:36.0234 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/01/20 18:40:36.0453 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/01/20 18:40:36.0687 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/20 18:40:36.0781 DLABOIOM (a14524d3f130a57163e0b3e057fc85d5) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/01/20 18:40:36.0796 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/01/20 18:40:36.0843 DLADResN (7c4cdf8a684b63d7482e0bf7440dc3b5) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/01/20 18:40:36.0890 DLAIFS_M (97bca2aac06a9fea56615b4b15bdb9b8) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/01/20 18:40:36.0937 DLAOPIOM (be8d558cf749424f0de612813f7c6725) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/01/20 18:40:36.0984 DLAPoolM (7e5277cb45dc5e2a86af8ce093c7ef31) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/01/20 18:40:37.0031 DLARTL_N (693dfd92d41a3d270053cd97834e4960) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/01/20 18:40:37.0078 DLAUDFAM (d886b6d02b51e5bd61b8a571a16d5ca2) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/01/20 18:40:37.0109 DLAUDF_M (2c0ecf7a9d5162d87c64e2ae868b5039) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/01/20 18:40:37.0218 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/20 18:40:37.0406 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/20 18:40:37.0484 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/20 18:40:37.0531 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/20 18:40:37.0625 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/20 18:40:37.0671 DRVMCDB (73623d89faef4d1aa600edee8b490bc5) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/01/20 18:40:37.0734 DRVNDDM (2aeee1600d0f14ba535f90a1f4411b54) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/01/20 18:40:37.0828 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/20 18:40:37.0890 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/01/20 18:40:37.0937 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/20 18:40:37.0984 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/01/20 18:40:38.0046 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/20 18:40:38.0093 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/20 18:40:38.0171 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/20 18:40:38.0218 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2011/01/20 18:40:38.0296 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/01/20 18:40:38.0359 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/20 18:40:38.0515 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/20 18:40:38.0687 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/01/20 18:40:38.0734 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/01/20 18:40:38.0781 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/01/20 18:40:38.0875 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/20 18:40:39.0078 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/20 18:40:39.0171 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/20 18:40:39.0328 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/20 18:40:39.0406 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/20 18:40:39.0437 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/20 18:40:39.0500 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/20 18:40:39.0625 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/20 18:40:39.0671 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/01/20 18:40:39.0781 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/20 18:40:39.0859 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
2011/01/20 18:40:39.0906 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/20 18:40:39.0937 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/20 18:40:40.0000 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/20 18:40:40.0062 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/20 18:40:40.0421 LVcKap (b72e763eb92b8dbe45c455ba6e4babd0) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
2011/01/20 18:40:40.0671 LVMVDrv (e8a376abc340c35318a79b766c2406bb) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
2011/01/20 18:40:40.0843 LVUSBSta (839da24941c0395c69c681f12b721a47) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2011/01/20 18:40:40.0921 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
2011/01/20 18:40:40.0984 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/20 18:40:41.0109 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/20 18:40:41.0171 Mouclass (de11575d72cd5be720f14dfba431109f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/20 18:40:41.0171 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mouclass.sys. Real md5: de11575d72cd5be720f14dfba431109f, Fake md5: 35c9e97194c8cfb8430125f8dbc34d04
2011/01/20 18:40:41.0203 Mouclass - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/01/20 18:40:41.0250 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/20 18:40:41.0312 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/20 18:40:41.0375 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/20 18:40:41.0468 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/20 18:40:41.0562 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/20 18:40:41.0625 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/20 18:40:41.0671 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/20 18:40:41.0718 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/20 18:40:41.0843 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/20 18:40:41.0890 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/01/20 18:40:41.0968 MTsensor (2fb9c6f49e346fd768d69150a8806354) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
2011/01/20 18:40:42.0015 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/20 18:40:42.0046 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/01/20 18:40:42.0140 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/20 18:40:42.0203 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/01/20 18:40:42.0265 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/20 18:40:42.0312 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/20 18:40:42.0359 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/20 18:40:42.0421 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/20 18:40:42.0453 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/20 18:40:42.0515 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/20 18:40:42.0609 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/01/20 18:40:42.0656 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/01/20 18:40:42.0781 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/01/20 18:40:42.0859 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/01/20 18:40:42.0906 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/20 18:40:43.0000 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/20 18:40:43.0109 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/20 18:40:43.0187 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/20 18:40:43.0281 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/20 18:40:43.0343 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/01/20 18:40:43.0453 PAC207 (5489b567cdd6ae216519caca7cc700e9) C:\WINDOWS\system32\DRIVERS\pfc027.sys
2011/01/20 18:40:43.0531 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/20 18:40:43.0593 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/20 18:40:43.0625 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/20 18:40:43.0687 PCASp50 (71cb7616cb36d43ea787c41ab55fe458) C:\WINDOWS\system32\Drivers\PCASp50.sys
2011/01/20 18:40:43.0765 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/01/20 18:40:43.0812 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/20 18:40:43.0890 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/20 18:40:44.0000 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/01/20 18:40:44.0343 pfc (2c1eb94c24a6a1d3434481b0a5fa9c08) C:\WINDOWS\system32\drivers\pfc.sys
2011/01/20 18:40:44.0406 PID_0928 (d395b2dc1705454aa36a34099e066df0) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
2011/01/20 18:40:44.0531 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/20 18:40:44.0578 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/01/20 18:40:44.0625 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/20 18:40:44.0687 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/20 18:40:44.0765 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/20 18:40:45.0078 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/20 18:40:45.0125 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/01/20 18:40:45.0187 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/20 18:40:45.0218 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/20 18:40:45.0281 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/20 18:40:45.0343 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/20 18:40:45.0390 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/20 18:40:45.0468 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/20 18:40:45.0515 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/20 18:40:45.0625 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/01/20 18:40:45.0750 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/20 18:40:45.0875 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/01/20 18:40:45.0984 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/20 18:40:46.0156 SiS315 (8365751f9407ea612ea1e022292ffc9c) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2011/01/20 18:40:46.0250 SiSkp (5de3c5e923eaa435ab4b48ea87c99f71) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2011/01/20 18:40:46.0328 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/01/20 18:40:46.0406 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/20 18:40:46.0593 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
2011/01/20 18:40:46.0593 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
2011/01/20 18:40:46.0609 sptd - detected Locked file (1)
2011/01/20 18:40:46.0687 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/20 18:40:46.0781 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/20 18:40:46.0906 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/01/20 18:40:46.0937 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/20 18:40:47.0031 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/20 18:40:47.0234 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/20 18:40:47.0390 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/20 18:40:47.0468 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/01/20 18:40:47.0562 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/20 18:40:47.0609 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/20 18:40:47.0671 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/20 18:40:47.0843 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/01/20 18:40:47.0890 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/20 18:40:48.0031 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/20 18:40:48.0156 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/01/20 18:40:48.0234 USBAAPL (f340199e8cb097e1acd58a967c665919) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/01/20 18:40:48.0296 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/20 18:40:48.0343 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/20 18:40:48.0390 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/20 18:40:48.0484 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/01/20 18:40:48.0546 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/20 18:40:48.0578 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/20 18:40:48.0671 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2011/01/20 18:40:48.0734 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2011/01/20 18:40:48.0781 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/20 18:40:48.0875 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/20 18:40:48.0968 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/20 18:40:49.0062 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/20 18:40:49.0156 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/01/20 18:40:49.0281 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/20 18:40:49.0437 wlags48d (fd42bba8fe2572100fac2cf765e06086) C:\WINDOWS\system32\DRIVERS\wlags48d.sys
2011/01/20 18:40:49.0593 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/01/20 18:40:49.0671 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/01/20 18:40:49.0750 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/01/20 18:40:49.0875 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/20 18:40:49.0953 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/20 18:40:50.0250 ================================================================================
2011/01/20 18:40:50.0250 Scan finished
2011/01/20 18:40:50.0250 ================================================================================
2011/01/20 18:40:50.0312 Detected object count: 2
2011/01/20 18:41:24.0968 Mouclass (de11575d72cd5be720f14dfba431109f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/20 18:41:24.0968 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mouclass.sys. Real md5: de11575d72cd5be720f14dfba431109f, Fake md5: 35c9e97194c8cfb8430125f8dbc34d04
2011/01/20 18:41:27.0328 Backup copy found, using it..
2011/01/20 18:41:27.0359 C:\WINDOWS\system32\DRIVERS\mouclass.sys - will be cured after reboot
2011/01/20 18:41:27.0359 Rootkit.Win32.TDSS.tdl3(Mouclass) - User select action: Cure
2011/01/20 18:41:27.0375 Locked file(sptd) - User select action: Skip
2011/01/20 18:41:54.0953 Deinitialize success

[cernohous13]

stáhni MBR
http://www2.gmer.net/mbr/mbr.exe
-ulož ho na plochu
---------------------------------------------------------
Start -> Spustit - vlož příkaz
"%userprofile%\Desktop\mbr" -f ->ok

restart a spustíš nový příkaz
"%userprofile%\Desktop\mbr" -t ->ok a mbr.log vlož sem,

[eeekubo]

aStealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HTS541080G9AT00 rev.MB4OA60A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x85D8C8AC]<<
C:\WINDOWS\system32\drivers\sptd.sys
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x85D285D0]
3 CLASSPNP[0xF7682FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000089[0x85D29650]
5 ACPI[0xF73F7620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Ide\IdeDeviceP0T0L0-3[0x85D29040]
kernel: MBR read successfully
user & kernel MBR OK

[cernohous13]

zdá se, že máš čisto, tak po sobě uklidím

ComboFix odinstalujeme
jdi Start -> Spustit... a zkopíruj ComboFix /Uninstall (pozor, za x je mezera) -> OK

Stáhni TempFolderCleaner http://oldtimer.geekstogo.com/TFC.exe
Zavři všechny programy a spusť. Po ukončení akce bude PC restartován.
Pokud ne, restartuj sám.
(čistí Temp složky , nečistí URL, historii, prefetch ani cookies)

stáhni program OTC tady: http://oldtimer.geekstogo.com/OTC.exe - spusť ho -> "CleanUp" (smaže dříve použité čističe)

Mohu doporučit kontrolu a vyčištění Ccleanerem

Stáhni Ccleaner - http://www.slunecnice.cz/sw/ccleaner/
Při instalaci vyhodit fajfku u "Instalovat Yahoo! Toolbar"

zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.

Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx

Ten si můžeš nechat i na budoucí občasné čištění.

Po vyčištění by se hodila defragmentace
doporučuji http://www.slunecnice.cz/sw/defraggler/ + čeština

Jak se chová PC, ještě nějaké problémy?

[eeekubo]

o.k. dakujem welmi si mi pomohol

[cernohous13]

Nemáš zač - rádo se stalo a jsme tady i příště