VIRY.CZ

Dobrý den, prosím o pomoc. Zapnul jsem počítač a po přihlášení se objevila pouze tapeta bez ikon a bez dolní lišty (win tlačítko nefunguje). Kurzor je vidět, ale myš nereaguje. Explorer. exe je spuštěný, po ukončení a znovuspuštění procesu stejné bez úspěchu. V nouzovém režimu ikony naskočí normálně. Přikládám log z RSIT a MBAM.
Děkuji za odpověď.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Rodina at 2014-04-28 17:17:42
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (15%) free of 21 GB
Total RAM: 3070 MB (89% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17:48, on 28.4.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
I:\Program Files\CCleaner\CCleaner.exe
C:\Documents and Settings\Rodina\Plocha\RSIT.exe
I:\Program Files\Trend Micro\HijackThis\Rodina.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - I:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Avira SearchFree Toolbar BHO - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Program Files\Java\bin\jp2ssv.dll
O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - I:\Program Files\Acronis\PrivacyExpert\Blokování.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - I:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [COMODO Internet Security] I:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MagicDisc.lnk = I:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: &Download by Orbit - res://I:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://I:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://I:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://I:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://I:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Acronis Blokování pop-up oken - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - I:\Program Files\Acronis\PrivacyExpert\Blokování.dll
O9 - Extra 'Tools' menuitem: Acronis Blokování pop-up oken - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - I:\Program Files\Acronis\PrivacyExpert\Blokování.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - I:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - I:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Installer Service - Unknown owner - C:\Documents and Settings\All Users\Data aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{3FC42713-B6E7-49AA-A553-A224FE9828A8}\Installer\InstallerService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - I:\Program Files\Java\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - I:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7899 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
C:\WINDOWS\tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
C:\WINDOWS\tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1004336348-682003330-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1004336348-682003330-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - I:\Program Files\Orbitdownloader\orbitcth.dll [2012-11-08 241464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
Avira SearchFree Toolbar - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll [2014-02-13 12240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - I:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - I:\Program Files\Java\bin\ssv.dll [2013-09-13 462248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - I:\Program Files\Java\bin\jp2ssv.dll [2013-09-13 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E24AD748-155E-4254-B674-4EDF86E7E1DF}]
CAdBlocker Object - I:\Program Files\Acronis\PrivacyExpert\Blokování.dll [2006-04-18 788312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - I:\Program Files\Orbitdownloader\GrabPro.dll [2012-11-08 696000]
{41564952-412D-5637-00A7-7A786E7484D7} - Avira SearchFree Toolbar - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll [2014-02-13 12240]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"COMODO Internet Security"=I:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-03-25 1225944]
"SoundMax"=C:\Program Files\Analog Devices\SoundMAX\smax4.exe [2006-07-13 729088]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2014-03-13 689744]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\Rodina\Nabídka Start\Programy\Po spuštění
MagicDisc.lnk - I:\Program Files\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd8f8bac-3506-11de-82f2-001bfc8d4324}]
shell\AutoRun\command - T:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2014-04-28 17:16:50 ----A---- C:\WINDOWS\ntbtlog.txt
2014-04-09 20:31:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2922229$
2014-04-07 17:05:42 ----D---- C:\Documents and Settings\Rodina\Data aplikací\Comodo
2014-04-07 17:03:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\Comodo Downloader
2014-04-07 17:03:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Shared Space
2014-04-07 17:03:05 ----A---- C:\WINDOWS\system32\cmdvrt32.dll
2014-04-07 17:03:05 ----A---- C:\WINDOWS\system32\cmdkbd32.dll

======List of files/folders modified in the last 1 months======

2014-04-28 17:16:50 ----D---- C:\WINDOWS
2014-04-28 17:10:48 ----D---- C:\WINDOWS\Prefetch
2014-04-28 17:09:25 ----D---- C:\WINDOWS\temp
2014-04-28 17:09:25 ----D---- C:\WINDOWS\SoftwareDistribution
2014-04-24 22:03:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2014-04-24 22:02:29 ----D---- C:\Documents and Settings\Rodina\Data aplikací\Media Player Classic
2014-04-16 23:38:15 ----D---- C:\WINDOWS\system32\drivers
2014-04-16 23:14:42 ----D---- C:\WINDOWS\system32\CatRoot2
2014-04-16 22:59:23 ----SHD---- C:\WINDOWS\CSC
2014-04-10 10:34:32 ----D---- C:\WINDOWS\Debug
2014-04-10 10:21:44 ----D---- C:\WINDOWS\system32
2014-04-10 10:20:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-09 20:31:18 ----HD---- C:\WINDOWS\inf
2014-04-09 20:31:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-04-09 20:27:26 ----D---- C:\WINDOWS\system32\MRT
2014-04-09 20:19:50 ----A---- C:\WINDOWS\system32\MRT.exe
2014-04-07 17:16:50 ----SD---- C:\WINDOWS\Tasks
2014-04-07 17:03:46 ----D---- C:\WINDOWS\system32\config
2014-04-02 19:41:44 ----SHD---- C:\Config.Msi
2014-04-02 01:20:51 ----D---- C:\Documents and Settings\Rodina\Data aplikací\Orbit
2014-04-01 20:19:25 ----D---- C:\Documents and Settings\Rodina\Data aplikací\vlc
2014-04-01 20:16:19 ----SHD---- C:\WINDOWS\Installer
2014-04-01 20:15:54 ----RSD---- C:\WINDOWS\assembly
2014-04-01 20:15:02 ----RSD---- C:\WINDOWS\Fonts
2014-04-01 20:07:23 ----D---- C:\WINDOWS\WinSxS
2014-03-29 09:52:45 ----RD---- C:\Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\WINDOWS\System32\DRIVERS\cmderd.sys [2014-03-25 15704]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2009-03-18 30336]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2009-09-11 22792]
R3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2009-09-11 35592]
R3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2009-09-11 31752]
R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2009-09-11 66056]
S1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43008]
S1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-18 12664]
S1 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 12416]
S1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
S1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2013-12-17 135648]
S1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2013-11-25 37352]
S1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2014-03-25 607448]
S1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2014-03-25 29912]
S1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2006-09-11 110592]
S1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2013-09-11 28520]
S1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
S1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
S2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2013-12-17 90400]
S2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
S2 psh_drv;Process Activity Acronis Monitor; C:\WINDOWS\system32\DRIVERS\psh_drv.sys [2009-05-05 98880]
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
S3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 cpuz132;cpuz132; \??\C:\DOCUME~1\Rodina\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-07-30 18048]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-07-30 23040]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2013-02-08 12648960]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-09-11 57856]
S3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-09-11 19968]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys []
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-12-26 47360]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-08 21760]
S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 TF1D091000SER;TF1D091000SER USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\TF1D091000SER.sys [2008-01-08 99968]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-07-30 8192]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2013-08-29 26240]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-07-30 8192]
S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2005-09-27 16000]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2009-09-11 14984]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-02-27 717296]
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe []
S2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2014-03-13 440400]
S2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2014-03-13 440400]
S2 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2014-03-13 1017424]
S2 APNMCP;Ask Update Service; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [2014-02-13 166352]
S2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2006-09-04 241664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 cmdAgent;COMODO Internet Security Helper Service; I:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2014-03-25 5302384]
S2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2006-09-11 172032]
S2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-13 20543]
S2 JavaQuickStarterService;Java Quick Starter; I:\Program Files\Java\bin\jqs.exe [2013-09-13 182696]
S2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-09-11 135227]
S2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-09-11 65599]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12 257928]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 cmdvirth;COMODO Virtual Service Manager; I:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-03-25 1663192]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Installer Service;Installer Service; C:\Documents and Settings\All Users\Data aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{3FC42713-B6E7-49AA-A553-A224FE9828A8}\Installer\InstallerService.exe [2011-02-13 119296]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-03-10 119408]
S3 NBService;NBService; I:\Program Files\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Malwarebytes Anti-Malware 1.75.0.1300
http://www.malwarebytes.org

Verze: v2014.04.16.10

Windows XP Service Pack 3 x86 NTFS (Nouzový režim)
Internet Explorer 8.0.6001.18702
Rodina :: HOME-45D1BD29E6 [administrátor]

28.4.2014 17:22:32
mbam-log-2014-04-28 (17-22-32).txt

Typ: Kompletní kontrola (C:\|D:\|I:\|O:\|P:\|Q:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM | P2P
Nastavení kontroly zakázáno:
Kontrolované objekty: 351776
Uplynulý čas: 36 minut, 36 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

Zdravím!
Klikněte pravým myšítkem na plochu>zobrazit ikony.

Jak jsem psal v úvodu, nereaguje. Lze pouze vyvolat Správce úloh, nic jiného.
Jinak píšu zdruhého počítače.

OK. Proveďte z nouz. režimu obnovu systému k datu, kdy korektně fungoval.

To jsem taky zkoušel, ale nelze - obnova systému je vypnutá, čili nejsou ani žádné body. To bylo na základě rady z minula.

Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

Tady je log z Combofixu:

ComboFix 14-04-26.01 - Rodina 28.04.2014 21:18:46.11.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2638 [GMT 2:00]
Spuštěný z: c:\documents and settings\Rodina\Plocha\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Rodina\System
c:\documents and settings\Rodina\System\win_qs8.jqx
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\tmp7D.tmp
c:\windows\system32\tmp7E.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-28 do 2014-04-28 )))))))))))))))))))))))))))))))
.
.
2014-04-07 19:43 . 2014-04-07 22:35 1732 ----a-w- c:\windows\system32\drivers\fvstore.dat
2014-04-07 15:05 . 2014-04-07 15:05 -------- d-----w- c:\documents and settings\Rodina\Data aplikací\Comodo
2014-04-07 15:03 . 2014-04-07 15:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Comodo Downloader
2014-04-07 15:03 . 2014-04-07 15:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Shared Space
2014-04-07 15:03 . 2014-03-25 19:22 284888 ----a-w- c:\windows\system32\cmdvrt32.dll
2014-04-07 15:03 . 2014-03-25 19:22 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-25 19:22 . 2010-03-23 16:40 607448 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2014-03-25 19:22 . 2010-03-03 15:54 104792 ----a-w- c:\windows\system32\drivers\inspect.sys
2014-03-25 19:22 . 2010-03-03 15:54 29912 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2014-03-25 19:22 . 2010-03-03 15:54 15704 ----a-w- c:\windows\system32\drivers\cmderd.sys
2014-03-25 19:22 . 2013-07-04 10:10 36000 ----a-w- c:\windows\system32\cmdcsr.dll
2014-03-25 19:22 . 2010-03-03 15:54 363504 ----a-w- c:\windows\system32\guard32.dll
2014-03-12 12:16 . 2012-04-14 06:19 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-12 12:16 . 2011-05-17 17:20 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-26 23:28 . 2014-03-27 17:19 13312 ------w- c:\windows\system32\xp_eos.exe
2014-02-07 06:36 . 2004-08-17 13:44 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2004-08-17 13:49 563712 ----a-w- c:\windows\system32\qedit.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2014-02-13 05:22 12240 ----a-w- c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2014-02-13 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="i:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"COMODO Internet Security"="i:\program files\COMODO\COMODO Internet Security\cistray.exe" [2014-03-25 1225944]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-03-13 689744]
.
c:\documents and settings\Rodina\Nabídka Start\Programy\Po spuštění\
MagicDisc.lnk - i:\program files\MagicDisc\MagicDisc.exe [2010-12-14 576000]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ASUS SmartDoctor"=c:\program files\ASUS\SmartDoctor\SmartDoctor.exe /start
"Shield"=i:\program files\Acronis\PrivacyExpert\Shield.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Google Update"="c:\documents and settings\Rodina\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
"Zoner Photo Studio Autoupdate"=i:\program files\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Ai Gear Help"="i:\program files\ASUS\AI Gear\GearHelp.exe"
"AsusStartupHelp"=c:\program files\ASUS\AASP\1.00.15\AsRunHelp.exe
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"GameFace Messenger"=c:\program files\GameFace Messenger\GameFace.exe
"Launch Ai Booster"="i:\program files\ASUS\AI Booster\OverClk.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"COMODO Internet Security"="i:\program files\Comodo\COMODO Internet Security\cfp.exe" -h
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ApnTBMon"="c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u
"CanonQuickMenu"=c:\program files\Canon\Quick Menu\CNQMMAIN.EXE /logon
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [3.3.2010 17:54 15704]
S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11.9.2013 20:08 37352]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [23.3.2010 18:40 607448]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [3.3.2010 17:54 29912]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11.9.2013 20:08 440400]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [11.9.2013 20:08 1017424]
S2 APNMCP;Ask Update Service;c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe [13.2.2014 7:22 166352]
S2 psh_drv;Process Activity Acronis Monitor;c:\windows\system32\drivers\psh_drv.sys [5.5.2009 22:10 98880]
S3 cmdvirth;COMODO Virtual Service Manager;i:\program files\Comodo\COMODO Internet Security\cmdvirth.exe [7.4.2014 17:03 1663192]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 Installer Service;Installer Service;c:\documents and settings\All Users\Data aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{3FC42713-B6E7-49AA-A553-A224FE9828A8}\Installer\InstallerService.exe [13.2.2011 20:25 119296]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [26.12.2009 0:37 47360]
S3 TF1D091000SER;TF1D091000SER USB Device for Legacy Serial Communication;c:\windows\system32\drivers\TF1D091000SER.sys [14.10.2009 20:03 99968]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5.4.2009 21:31 717296]
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 12:16]
.
2014-04-24 c:\windows\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
- i:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2010-03-23 13:19]
.
2014-04-10 c:\windows\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
- i:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2010-03-23 13:19]
.
2014-04-15 c:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
- i:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2010-03-23 13:19]
.
2014-04-15 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- i:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2010-03-23 13:19]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: &Download by Orbit - i:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - i:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - i:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - i:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xportovat do aplikace Microsoft Office Excel - i:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Rodina\Data aplikací\Mozilla\Firefox\Profiles\1p45988m.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - ExtSQL: !HIDDEN! 2010-04-19 20:08; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-GameFace_Messenger - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-28 21:22
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
"ImagePath"="\"i:\program files\COMODO\COMODO Internet Security\cmdagent.exe\""
"Filename"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"ImagePath"="\"i:\program files\COMODO\COMODO Internet Security\cmdagent.exe\""
"Filename"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"DeviceName"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"ImagePath"="\"i:\program files\COMODO\COMODO Internet Security\cmdagent.exe\""
"Filename"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"DeviceName"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"Filename"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"ImagePath"="\"i:\program files\COMODO\COMODO Internet Security\cmdagent.exe\""
"Filename"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"DeviceName"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"Filename"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"DeviceName"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"ImagePath"="\"i:\program files\COMODO\COMODO Internet Security\cmdagent.exe\""
"Filename"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"DeviceName"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"Filename"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"DeviceName"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"Filename"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"ImagePath"="\"i:\program files\COMODO\COMODO Internet Security\cmdagent.exe\""
"Filename"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"DeviceName"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"Filename"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"DeviceName"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"Filename"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"DeviceName"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-839522115-1004336348-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:d5,ea,9a,bb,36,c6,6a,c6,95,8c,e1,21,99,12,ca,6e,28,3f,f6,c6,88,
ab,52,7c,35,53,00,29,5f,bf,2b,42,14,df,e9,5c,cc,b3,4d,84,fd,87,f8,e3,b7,42,\
"rkeysecu"=hex:e7,25,45,89,43,35,f4,27,ac,70,20,47,98,06,8c,b8
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\System\Software\Comodo\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\System\Software\Comodo\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(544)
c:\windows\system32\relog_ap.dll
.
Celkový čas: 2014-04-28 21:24:07
ComboFix-quarantined-files.txt 2014-04-28 19:24
.
Před spuštěním: 3 252 183 040
Po spuštění: 3 252 211 712
.
- - End Of File - - DAC98589AD137AE50CCF033F6B40B1A2
413FC2A0C716421B3158746D63736515

Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\program files\AskPartnerNetwork

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"=-
[-HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UserFaultCheck"=-

Regnull::
[HKEY_USERS\S-1-5-21-839522115-1004336348-682003330-1003\Software\SecuROM\License information*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\COMODO\CIS\Installer\Sym_Cam\CIS]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cmdAgent\Mode\Configurations]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cmdAgent\Mode\Data]
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cmdAgent\Mode\Options]
[HKEY_LOCAL_MACHINE\System\Software\Comodo\Cam]
[HKEY_LOCAL_MACHINE\System\Software\Comodo\Firewall Pro]

Reboot::

Uložte na plochu jako CFScript.txt, Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.



V PC jsou 2 antiviry. Avira a antivir z balíku Comodo. Jeden z nich vypněte, nebo odinstaujte.

Log z Combofix zde:

ComboFix 14-04-26.01 - Rodina 28.04.2014 21:50:38.12.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2629 [GMT 2:00]
Spuštěný z: c:\documents and settings\Rodina\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Rodina\Plocha\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AskPartnerNetwork
c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe
c:\program files\AskPartnerNetwork\Toolbar\APNSetup.exe
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\1031.mst
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\1033.mst
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\1034.mst
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\1036.mst
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\1040.mst
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\1041.mst
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\1043.mst
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\1045.mst
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\1049.mst
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\2070.mst
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\AskToolbarInstaller-12.10.0_AVIRA-V7.msi
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\AskToolbarInstaller-12.10.3_AVIRA-V7.msi
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\AskToolbarInstaller-12.2.2_AVIRA-V7.msi
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\AskToolbarInstaller-12.6.0_AVIRA-V7.msi
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\{Crx_Version}\Toolbar.crx
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\ToolbarCR.crx
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\Update.xml
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\SO.dll
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\Updater\{PartnerID}\config.xml
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\Updater\ask-search.xml
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\VNT\content.zip
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\VNT\vntldr.exe
c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7\Source\program files\VNT\vntsrv.dll
c:\program files\AskPartnerNetwork\Toolbar\searchhook.dll
c:\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe
c:\program files\AskPartnerNetwork\Toolbar\SO.dll
c:\program files\AskPartnerNetwork\Toolbar\toolbar.dll
c:\program files\AskPartnerNetwork\Toolbar\Toolbar.exe
c:\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll
c:\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe
c:\program files\AskPartnerNetwork\Toolbar\Updater\ask-search.xml
c:\program files\AskPartnerNetwork\Toolbar\Updater\AVIRA-V7\config.xml
c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_APNMCP
-------\Legacy_APNMCP
-------\Service_APNMCP
-------\Service_APNMCP
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-28 do 2014-04-28 )))))))))))))))))))))))))))))))
.
.
2014-04-07 19:43 . 2014-04-07 22:35 1732 ----a-w- c:\windows\system32\drivers\fvstore.dat
2014-04-07 15:05 . 2014-04-07 15:05 -------- d-----w- c:\documents and settings\Rodina\Data aplikací\Comodo
2014-04-07 15:03 . 2014-04-07 15:04 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Comodo Downloader
2014-04-07 15:03 . 2014-04-07 15:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Shared Space
2014-04-07 15:03 . 2014-03-25 19:22 284888 ----a-w- c:\windows\system32\cmdvrt32.dll
2014-04-07 15:03 . 2014-03-25 19:22 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-25 19:22 . 2010-03-23 16:40 607448 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2014-03-25 19:22 . 2010-03-03 15:54 104792 ----a-w- c:\windows\system32\drivers\inspect.sys
2014-03-25 19:22 . 2010-03-03 15:54 29912 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2014-03-25 19:22 . 2010-03-03 15:54 15704 ----a-w- c:\windows\system32\drivers\cmderd.sys
2014-03-25 19:22 . 2013-07-04 10:10 36000 ----a-w- c:\windows\system32\cmdcsr.dll
2014-03-25 19:22 . 2010-03-03 15:54 363504 ----a-w- c:\windows\system32\guard32.dll
2014-03-12 12:16 . 2012-04-14 06:19 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-12 12:16 . 2011-05-17 17:20 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-26 23:28 . 2014-03-27 17:19 13312 ------w- c:\windows\system32\xp_eos.exe
2014-02-07 06:36 . 2004-08-17 13:44 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2004-08-17 13:49 563712 ----a-w- c:\windows\system32\qedit.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="i:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"COMODO Internet Security"="i:\program files\COMODO\COMODO Internet Security\cistray.exe" [2014-03-25 1225944]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-03-13 689744]
.
c:\documents and settings\Rodina\Nabídka Start\Programy\Po spuštění\
MagicDisc.lnk - i:\program files\MagicDisc\MagicDisc.exe [2010-12-14 576000]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ASUS SmartDoctor"=c:\program files\ASUS\SmartDoctor\SmartDoctor.exe /start
"Shield"=i:\program files\Acronis\PrivacyExpert\Shield.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Google Update"="c:\documents and settings\Rodina\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
"Zoner Photo Studio Autoupdate"=i:\program files\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Ai Gear Help"="i:\program files\ASUS\AI Gear\GearHelp.exe"
"AsusStartupHelp"=c:\program files\ASUS\AASP\1.00.15\AsRunHelp.exe
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"GameFace Messenger"=c:\program files\GameFace Messenger\GameFace.exe
"Launch Ai Booster"="i:\program files\ASUS\AI Booster\OverClk.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"COMODO Internet Security"="i:\program files\Comodo\COMODO Internet Security\cfp.exe" -h
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ApnTBMon"="c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
"CanonQuickMenu"=c:\program files\Canon\Quick Menu\CNQMMAIN.EXE /logon
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11.9.2013 20:08 37352]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [3.3.2010 17:54 15704]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [23.3.2010 18:40 607448]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [3.3.2010 17:54 29912]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11.9.2013 20:08 440400]
R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [11.9.2013 20:08 1017424]
R2 psh_drv;Process Activity Acronis Monitor;c:\windows\system32\drivers\psh_drv.sys [5.5.2009 22:10 98880]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [26.12.2009 0:37 47360]
S3 cmdvirth;COMODO Virtual Service Manager;i:\program files\Comodo\COMODO Internet Security\cmdvirth.exe [7.4.2014 17:03 1663192]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 Installer Service;Installer Service;c:\documents and settings\All Users\Data aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{3FC42713-B6E7-49AA-A553-A224FE9828A8}\Installer\InstallerService.exe [13.2.2011 20:25 119296]
S3 TF1D091000SER;TF1D091000SER USB Device for Legacy Serial Communication;c:\windows\system32\drivers\TF1D091000SER.sys [14.10.2009 20:03 99968]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5.4.2009 21:31 717296]
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 12:16]
.
2014-04-24 c:\windows\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
- i:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2010-03-23 13:19]
.
2014-04-10 c:\windows\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
- i:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2010-03-23 13:19]
.
2014-04-15 c:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
- i:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2010-03-23 13:19]
.
2014-04-15 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- i:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2010-03-23 13:19]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: &Download by Orbit - i:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - i:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - i:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - i:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xportovat do aplikace Microsoft Office Excel - i:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Rodina\Data aplikací\Mozilla\Firefox\Profiles\1p45988m.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - ExtSQL: !HIDDEN! 2010-04-19 20:08; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-28 21:57
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
"ImagePath"="\"i:\program files\COMODO\COMODO Internet Security\cmdagent.exe\""
"Filename"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"ImagePath"="\"i:\program files\COMODO\COMODO Internet Security\cmdagent.exe\""
"Filename"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"DeviceName"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"ImagePath"="\"i:\program files\COMODO\COMODO Internet Security\cmdagent.exe\""
"Filename"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"DeviceName"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"Filename"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"ImagePath"="\"i:\program files\COMODO\COMODO Internet Security\cmdagent.exe\""
"Filename"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"DeviceName"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"Filename"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"DeviceName"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"ImagePath"="\"i:\program files\COMODO\COMODO Internet Security\cmdagent.exe\""
"Filename"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"DeviceName"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"Filename"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"DeviceName"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"Filename"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"ImagePath"="\"i:\program files\COMODO\COMODO Internet Security\cmdagent.exe\""
"Filename"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"DeviceName"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"Filename"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"DeviceName"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"Filename"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
"DeviceName"="HKLM\SYSTEM\ControlSet???\Control\BootVerificationProgram\ImagePath"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\System\Software\Comodo\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\System\Software\Comodo\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(1068)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
c:\windows\system32\relog_ap.dll
c:\windows\system32\nvappfilter.dll
c:\program files\Avira\AntiVir Desktop\avsda.dll
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
.
- - - - - - - > 'csrss.exe'(980)
c:\windows\system32\cmdcsr.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\ATKKBService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
i:\program files\Java\bin\jqs.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
.
**************************************************************************
.
Celkový čas: 2014-04-28 22:00:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-04-28 20:00
ComboFix2.txt 2014-04-28 19:24
.
Před spuštěním: 3 155 374 080
Po spuštění: 2 898 026 496
.
- - End Of File - - 7DF6FD27398EE49D97C768714052D6C0
413FC2A0C716421B3158746D63736515


Aviru používám jako antivir a Comodo jako firewall.

ComboFix si to nemyslí:

ComboFix 14-04-26.01 - Rodina 28.04.2014 21:18:46.11.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2638 [GMT 2:00]
Spuštěný z: c:\documents and settings\Rodina\Plocha\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

Jinak vše smazáno. CF odinstalujte pomocí T-Cleaneru: http://vyosek.tym.cz/pro_usery/T-Cleaner.exe .

No tak už zase píšu z "nefunkčního" PC. Odinstalování CF pomohlo. Nicméně jako FW si jej chci ponechat, neb jsem někde zaslechl, že je lepší než WinFire. Ale určitě si nechám poradit...

Tak ano, jako FW si ho ponechte, ale je-li možno antivir vypněte. Je ale možné, že AV CF považuje za zapnutý a při tom není. Používání 2 a více AV (FW, AS) s rezidentím štítem na jednom systému není účelné, neboť může způsobit sw kolizi.

Tuto konfiguraci jsem měl poměrně dlouhou dobu. Antivir se zapnul po některé z aktualizací. Nyní Comodo opět nainstalován, ale pouze FW. Před tím byl nainstalován jako internet security. Méně je někdy více.

V tomhle případě určitě.

Jinak děkuji za vyřešení problému a za pomoc. Pěkný večer.