Problem s castym zamrznutim PC

[HYPO]

Dobry den, mam problem s castym zamrznutim PC po nemz musim restartovat. Tento jev se projevuje v jakekoliv situaci at je Pc vytizene (hry) nebo je v klidove fazi (rezim spanku). Prosim o radu co by s tim mohlo byt dekuji predem.

[stell]

Zdravim,,

Stiahnes>>RSIT >>logy vloz sem,

[HYPO]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Kuba at 2010-01-01 20:46:23
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 127 GB (42%) free of 305 GB
Total RAM: 2047 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:46:54, on 1.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Kuba\Plocha\RSIT.exe
C:\Program Files\trend micro\Kuba.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 9038 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-03-21 1953792]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-04-23 155648]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-02-13 564496]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-02-13 2196240]
"LifeChat"=C:\Program Files\Microsoft LifeChat\LifeChat.exe [2008-08-21 267296]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"nwiz"=nwiz.exe /installquiet []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-11-20 12669544]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-11-20 110184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-08-29 171464]
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent []
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144]
"Steam"=C:\Program Files\Steam\Steam.exe [2009-12-24 1217808]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Documents and Settings\Kuba\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\DVDFab 5\DVDFab.exe"="C:\Program Files\DVDFab 5\DVDFab.exe:*:Enabled:DVDFab"
"C:\Program Files\Doom 3\Doom3.exe"="C:\Program Files\Doom 3\Doom3.exe:*:Enabled:DOOM 3"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Electronic Arts\Dead Space\Dead Space.exe"="C:\Program Files\Electronic Arts\Dead Space\Dead Space.exe:*:Enabled:Dead Space ™"
"C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe"="C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3"
"C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe"="C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2"
"C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe"="C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2 Update"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\Program Files\Atari\The Chronicles of Riddick - Assault on Dark Athena\System\Win32_x86\DarkAthena.exe"="C:\Program Files\Atari\The Chronicles of Riddick - Assault on Dark Athena\System\Win32_x86\DarkAthena.exe:*:Enabled:The Chronicles of Riddick - Assault on Dark Athena"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
"C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe"="C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2"
"C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe"="C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63cf168a-3a53-11de-95a7-001bfcdb170b}]
shell\AutoRun\command - F:\InstallTomTomHOME.exe


======List of files/folders created in the last 1 months======

2010-01-01 20:46:23 ----D---- C:\rsit
2010-01-01 20:46:23 ----D---- C:\Program Files\trend micro
2009-12-30 16:33:27 ----SHD---- C:\Config.Msi
2009-12-24 19:59:40 ----D---- C:\Program Files\Steam
2009-12-24 19:59:02 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2009-12-24 19:59:02 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2009-12-24 19:59:01 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2009-12-24 19:59:01 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2009-12-24 19:59:01 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2009-12-24 19:59:00 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2009-12-24 19:59:00 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2009-12-24 19:58:59 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-12-24 19:58:59 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-12-24 19:58:59 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-12-24 19:58:58 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-12-24 19:58:58 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-12-24 19:58:58 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-12-24 19:58:58 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-12-24 19:58:57 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-12-24 19:58:57 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-12-24 19:58:57 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-12-24 19:58:56 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-12-24 19:58:56 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-12-24 19:58:56 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-12-24 19:58:55 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-12-24 19:58:55 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-12-24 19:58:55 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-12-24 19:58:54 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-12-24 19:58:54 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-12-24 19:58:54 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-12-24 19:58:54 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-12-11 10:40:10 ----A---- C:\WINDOWS\system32\javaws.exe
2009-12-11 10:40:10 ----A---- C:\WINDOWS\system32\javaw.exe
2009-12-11 10:40:10 ----A---- C:\WINDOWS\system32\java.exe
2009-12-09 16:46:10 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-09 16:46:06 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-09 16:45:44 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-09 16:45:40 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-09 16:45:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-09 14:49:55 ----D---- C:\Documents and Settings\Kuba\Data aplikací\.purple
2009-12-02 18:10:04 ----A---- C:\WINDOWS\system32\OpenCL.dll
2009-12-02 18:10:02 ----A---- C:\WINDOWS\system32\nvcompiler.dll

======List of files/folders modified in the last 1 months======

2010-01-01 20:46:23 ----RD---- C:\Program Files
2010-01-01 20:46:13 ----D---- C:\WINDOWS\Prefetch
2010-01-01 20:17:06 ----D---- C:\Documents and Settings\Kuba\Data aplikací\Skype
2010-01-01 20:16:09 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-01-01 20:12:48 ----D---- C:\WINDOWS\Temp
2010-01-01 20:11:06 ----D---- C:\Program Files\Mozilla Firefox
2010-01-01 18:47:13 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-01 16:15:23 ----D---- C:\Documents and Settings\Kuba\Data aplikací\skypePM
2010-01-01 16:13:19 ----D---- C:\Documents and Settings\Kuba\Data aplikací\ICQ
2010-01-01 00:44:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-30 16:35:29 ----D---- C:\WINDOWS
2009-12-30 16:33:41 ----SHD---- C:\WINDOWS\Installer
2009-12-30 16:33:31 ----D---- C:\WINDOWS\system32
2009-12-30 16:33:28 ----D---- C:\WINDOWS\Help
2009-12-30 16:32:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-30 16:32:12 ----D---- C:\WINDOWS\system32\drivers
2009-12-30 16:32:07 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-29 17:29:41 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-28 21:57:53 ----D---- C:\Program Files\ICQ6.5
2009-12-27 18:50:07 ----SD---- C:\Documents and Settings\Kuba\Data aplikací\Microsoft
2009-12-24 19:59:04 ----D---- C:\WINDOWS\system32\DirectX
2009-12-24 19:59:02 ----HD---- C:\WINDOWS\inf
2009-12-24 19:58:38 ----RSD---- C:\WINDOWS\assembly
2009-12-11 10:40:08 ----D---- C:\Program Files\Java
2009-12-11 10:39:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-09 16:46:09 ----A---- C:\WINDOWS\imsins.BAK
2009-12-09 16:46:00 ----D---- C:\Program Files\Internet Explorer
2009-12-09 16:45:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-02 18:11:41 ----D---- C:\Program Files\NVIDIA Corporation

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-10-04 279712]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-09 56816]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-10-04 25888]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-26 4395008]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2008-02-05 25624]
R3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-02-06 628760]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2008-02-06 41752]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-11-21 10235968]
R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2008-02-06 13848]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2008-02-06 2570520]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 acolg1lz;acolg1lz; C:\WINDOWS\system32\drivers\acolg1lz.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 k510bus;Sony Ericsson K510 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\k510bus.sys [2009-04-23 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2009-04-23 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2009-04-23 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2009-04-23 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\k510obex.sys [2009-04-23 83344]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2008-02-05 689176]
S3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys [2005-10-21 13396]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-02-05 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-02-05 150040]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-11-20 154216]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-10-02 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-01-01 189184]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2008-02-05 141848]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-04-10 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[stell]

táhni si a spusť program StartUpLite - http://www.malwarebytes.org/StartUpLite.exe
- Program vypíše seznam zbytečných programů spouštějících se při startu Windows
- K vypnutí spouštění těchto programů zaškrtni u příslušných řádků Disable a klikni na Continue

> Vyčisti počítač od nepotřebných souborů, vyčisti a optimalizuj registry:

Stáhni, nainstaluj program CCleaner - http://www.ccleaner.com/download/downloadpage.aspx?f=2
- PravyKlik na kos-spustit ccleaner ->>>Cakas>>na cistenie,,
PravyKlik na kos-otvorit ccleaner-záložka Windows a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na záložku Aplikace a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na Registry, stiskni Hledej problémy, po dokončení skenování klikni na Opravit vybrané problémy,
-zvol Ano pro vytvoření zálohy, ulož nabídnutý soubor a klikni na Opravit všechny problémy,

Start-spustit-napis cleanmgr ok>>dalsie moznosti-obnova systemu-vycistit,,ok,,ok

Start-spustit-napis cleanmgr,,ok,ok,zafajkni
Temporary Internet Files
kos
Temporary Files
vycistit,ok
Click OK,Yes

Stiahnes na plochu TFC
zatvor vsetko co mas otvorene a spust-po skane restart



Stáhni si a rozbal tento program do vlastní složky/adresáře: HostsXpert
http://www.funkytoad.com/download/HostsXpert.zip
- pak klikni na tlačítko Restore MS Hosts File
- vyskočí ti hláška na potvrzení, klikni na OK
- pokud by ti program vyhodil chybovou hlášku: ERROR: Cannot create file C:\WINDOWS\system32\DRIVERS\ETC\hosts
tak klikni tlačítko Make Writeable? a pak teprve klikni na tlačítko Restore MS Hosts File
- po proběhnutí pak klikni na tlačítko Make ReadOnly?
- ukončí program a restartuj Pc

PROSIM CITAJTE POZORNE NAVODY!!!,

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte>>
http://download.bleepingcomputer.com/sUBs/ComboFix.exe



Suhlasit instalacio Konzoly pre zotavenie (Recovery console)


- ComboFix je třeba spustit pod účtem s právy administrátora.
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano;

A este raz >ANO<

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího modreho okna

- Po dokončení skenování, trvajícího maximálně 10-15 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah do svého threadu na forum
- Před použitím ComboFixu je treba vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. NAVOD: http://www.bleepingcomputer.com/forums/topic114351.html
Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
V případě detekce antiviru u ComboFixu se jedná o falešný poplach.

stiahnes specialnu verziu G-Mer
Special
uloz na plochu >>
Odpojiť sa od internetu a zatvor všetky otvorené programy,
Dočasne zakázať akékoľvek real-time aktívnej ochrany,
a spust>.prebehne kratky skan,,,
ak dostanes hlasku rootkit activity and asks if you want to run scan>>kliknes NO<<
a nastavis to takto


>> kliknes scan,<<
na konci skanu >>SAVE<< nazov das mojlog.txt>>uloz na plochu a log vloz sem,,


Ak nedostanes ziadnu hlasku,,,nechas vsetko zafajknute a kliknes SCAN->>>>po skane >>SAVE<<log vloz sem,

[HYPO]

Tak jsem včera dělal co šlo, ale i když scan v GMERu proběhl, tak se ani jednou nepodařil SAVE, pokaždé se program seknul a neodpovídal, musel jsem restartovat. První log z Combofix byl ok. ComboFix 09-12-31.A1 - Kuba 01.01.2010 22:08:45.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1569 [GMT 1:00]
Spuštěný z: c:\documents and settings\Kuba\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6.5\ICQLRun.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-01 do 2010-01-01 )))))))))))))))))))))))))))))))
.

2010-01-01 20:09 . 2010-01-01 20:09 -------- d-----w- c:\program files\CCleaner
2010-01-01 19:46 . 2010-01-01 19:46 -------- d-----w- C:\rsit
2010-01-01 19:46 . 2010-01-01 19:46 -------- d-----w- c:\program files\trend micro
2009-12-24 18:59 . 2010-01-01 21:14 -------- d-----w- c:\program files\Steam
2009-12-24 18:59 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-12-24 18:59 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-12-24 18:59 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-12-24 18:59 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-12-24 18:59 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-12-24 18:59 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-12-24 18:59 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-01 21:12 . 2009-04-11 07:59 -------- d-----w- c:\program files\ICQ6.5
2010-01-01 19:16 . 2009-04-18 10:36 189184 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-01 19:12 . 2009-07-16 16:20 138064 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-11 09:40 . 2009-05-18 05:56 -------- d-----w- c:\program files\Java
2009-12-11 09:39 . 2008-04-14 12:00 82642 ----a-w- c:\windows\system32\perfc005.dat
2009-12-11 09:39 . 2008-04-14 12:00 437336 ----a-w- c:\windows\system32\perfh005.dat
2009-12-09 17:34 . 2009-04-10 14:49 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-02 17:11 . 2009-08-05 19:20 -------- d-----w- c:\program files\NVIDIA Corporation
2009-11-23 16:39 . 2009-11-23 16:39 -------- d-----w- c:\program files\MyPlayCity.com
2009-11-20 19:32 . 2009-11-20 19:32 278120 ----a-w- c:\windows\system32\nvmccs.dll
2009-11-20 19:32 . 2009-11-20 19:32 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2009-11-20 19:32 . 2009-11-20 19:32 145000 ----a-w- c:\windows\system32\nvcolor.exe
2009-11-20 19:32 . 2009-11-20 19:32 12669544 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-20 19:32 . 2009-11-20 19:32 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-20 19:32 . 2009-11-20 19:32 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-11-19 20:42 . 2009-04-10 14:23 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-16 19:17 . 2009-04-26 18:31 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2009-11-16 19:13 . 2009-07-04 15:14 -------- d-----w- c:\program files\Ubisoft
2009-11-16 19:13 . 2009-04-10 14:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-13 21:14 . 2009-04-16 17:39 -------- d-----r- c:\program files\Skype
2009-11-13 21:14 . 2009-11-13 21:14 -------- d-----w- c:\program files\Common Files\Skype
2009-10-29 07:43 . 2008-04-14 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2008-04-14 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2008-04-14 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2008-04-14 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2008-04-14 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2008-04-14 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 03:17 . 2009-05-18 05:56 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-04 17:57 . 2009-07-30 19:39 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-10-04 17:57 . 2009-07-30 19:39 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-01-01_20.40.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-01 21:13 . 2010-01-01 21:13 16384 c:\windows\Temp\Perflib_Perfdata_6a0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-29 171464]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"Steam"="c:\program files\Steam\Steam.exe" [2009-12-24 1217808]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-5-19 385024]

c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-5-19 385024]

c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-5-19 385024]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-7-26 66864]

c:\documents and settings\Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-5-19 385024]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\DVDFab 5\\DVDFab.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Electronic Arts\\Dead Space\\Dead Space.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Atari\\The Chronicles of Riddick - Assault on Dark Athena\\System\\Win32_x86\\DarkAthena.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.4.2009 18:55 685816]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [16.10.2009 22:27 108289]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13.11.2009 12:31 92008]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [10.4.2009 15:09 38656]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [23.4.2009 20:35 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [23.4.2009 20:35 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [23.4.2009 20:35 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [23.4.2009 20:35 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [23.4.2009 20:35 83344]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.daemonsearch.com/intl/
mLocal Page =
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Kuba\Data aplikací\Mozilla\Firefox\Profiles\dd4yrdit.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-01 22:14
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x89DFE8AC]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80fcf28
\Driver\ACPI -> ACPI.sys @ 0xb7e7dcb8
\Driver\atapi -> atapi.sys @ 0xb7e12b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller -> SendCompleteHandler -> NDIS.sys @ 0xb7d1bbb0
PacketIndicateHandler -> NDIS.sys @ 0xb7d0aa0d
SendHandler -> NDIS.sys @ 0xb7d1eb40
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-527237240-1801674531-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:78,42,57,1d,4a,e6,dc,09,0b,53,33,31,5c,23,b0,18,86,ca,f5,fd,61,
f1,83,2b,28,1e,5b,57,03,f1,2d,c3,da,42,d4,6f,d9,ac,4b,45,25,2a,c6,05,ba,e1,\
"rkeysecu"=hex:eb,80,f5,68,49,ea,6c,27,e6,c9,f2,70,b9,85,5c,96
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(8424)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Celkový čas: 2010-01-01 22:17:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-01 21:17
ComboFix2.txt 2010-01-01 20:43

Před spuštěním: Volných bajtů: 142 294 818 816
Po spuštění: Volných bajtů: 142 252 347 392

- - End Of File - - 2E63E2ED9305D780CA0BD0DA430C112E

[HYPO]

Z toho GMERU se mi podařilo pouze zkopírovat jakousi zprávu. GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-02 01:31:42
Windows 5.1.2600 Service Pack 3
Running: rpprgs5k.exe; Driver: C:\DOCUME~1\Kuba\LOCALS~1\Temp\kxtdypog.sys


---- System - GMER 1.0.15 ----

SSDT B63CD15E ZwCreateKey
SSDT B63CD154 ZwCreateThread
SSDT B63CD163 ZwDeleteKey
SSDT B63CD16D ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey [0xB7EC3FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xB7EC4340]
SSDT B63CD172 ZwLoadKey
SSDT sptd.sys ZwOpenKey [0xB7EBE0B0]
SSDT B63CD140 ZwOpenProcess
SSDT B63CD145 ZwOpenThread
SSDT sptd.sys ZwQueryKey [0xB7EC4418]
SSDT sptd.sys ZwQueryValueKey [0xB7EC4298]
SSDT B63CD17C ZwReplaceKey
SSDT B63CD177 ZwRestoreKey
SSDT B63CD168 ZwSetValueKey
SSDT B63CD14F ZwTerminateProcess

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89E4C1E8
Device \Driver\usbuhci \Device\USBPDO-0 89B531E8
Device \Driver\usbuhci \Device\USBPDO-1 89B531E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89E4E1E8
Device \Driver\dmio \Device\DmControl\DmConfig 89E4E1E8
Device \Driver\dmio \Device\DmControl\DmPnP 89E4E1E8
Device \Driver\dmio \Device\DmControl\DmInfo 89E4E1E8
Device \Driver\usbuhci \Device\USBPDO-2 89B531E8
Device \Driver\PCI_NTPNP7460 \Device\00000047 sptd.sys
Device \Driver\usbehci \Device\USBPDO-3 89BF6410
Device \Driver\usbuhci \Device\USBPDO-4 89B531E8
Device \Driver\usbuhci \Device\USBPDO-5 89B531E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D8BCAA60-0A10-40AD-9FC5-77964D4F3408} 897F5790
Device \Driver\usbuhci \Device\USBPDO-6 89B531E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 89DDE1E8
Device \Driver\usbehci \Device\USBPDO-7 89BF6410
Device \Driver\Cdrom \Device\CdRom0 89B3E790
Device \Driver\Cdrom \Device\CdRom1 89B3E790
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7E12B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B7E12B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E12B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B7E12B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B7E12B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B7E12B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 897F5790
Device \Driver\NetBT \Device\NetbiosSmb 897F5790
Device \Driver\usbuhci \Device\USBFDO-0 89B531E8
Device \Driver\usbuhci \Device\USBFDO-1 89B531E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89A561E8
Device \Driver\usbuhci \Device\USBFDO-2 89B531E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89A561E8
Device \Driver\usbehci \Device\USBFDO-3 89BF6410
Device \Driver\Ftdisk \Device\FtControl 89DDE1E8
Device \Driver\usbuhci \Device\USBFDO-4 89B531E8
Device \Driver\usbuhci \Device\USBFDO-5 89B531E8
Device \Driver\usbuhci \Device\USBFDO-6 89B531E8
Device \Driver\usbehci \Device\USBFDO-7 89BF6410
Device \Driver\ax9hui1t \Device\Scsi\ax9hui1t1 89B01790
Device \Driver\JRAID \Device\Scsi\JRAID1 89E4D1E8
Device \Driver\ax9hui1t \Device\Scsi\ax9hui1t1Port5Path0Target0Lun0 89B01790
Device \FileSystem\Cdfs \Cdfs 896CA790

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6F 0x00 0xC3 0x5C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD4 0x6C 0x9E 0xD9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x33 0x7E 0x3A 0x4E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6F 0x00 0xC3 0x5C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD4 0x6C 0x9E 0xD9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x33 0x7E 0x3A 0x4E ...

---- EOF - GMER 1.0.15 ----

[stell]

stiahnes na plochu>Download>spustis>>vloz zeleny text a klik >look,,log vloz sem

Kód: Vybrat vše

:filefind
atapi.sys

[HYPO]

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 11:48 on 02/01/2010 by Kuba (Administrator - Elevation successful)

========== filefind ==========

Searching for "atapi.sys"
C:\WINDOWS\ERDNT\cache\atapi.sys --a--- 96512 bytes [20:43 01/01/2010] [22:10 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\dllcache\atapi.sys --a--c 96512 bytes [12:00 14/04/2008] [22:10 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys ------ 96512 bytes [12:00 14/04/2008] [22:10 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys --a--- 96512 bytes [14:00 10/04/2009] [12:00 14/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys --a--- 96512 bytes [14:00 10/04/2009] [12:00 14/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys --a--- 96512 bytes [14:00 10/04/2009] [22:10 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674

-=End Of File=-

[stell]

.problem zamrznutie OS je stale aktualny,??

[HYPO]

No tak dneska se to jestě neseklo, ale nemám to jak vyzkoušet, myslíte, že už je to ok?

[stell]

ci,ok,tak to na 100% nemozem potvrdit,
ale nieco sme zmazali,opravili a zamrznutie moze mat aj ine dovody,,takze spravime to tak to,

Odinstaluj ComboFix - Start -> Spustit - ComboFix /Uninstall -> OK

stiahni>>OTC
2x-kliknite OTC.exe.
Kliknite na tlačidlo CleanUp!
zobrazí upozornenie.
Vyberte Áno,
Otvorenie procesu čistenia?
Vyberte Áno
Ak sa zobrazí výzva na reštartovanie počas čistenia, vyberte Áno.
Nástroj sám zmaže, keď to skončí, ak nie odstrániť .

este preskanuj PC CUREIT,tak ako je v navode a uvidime
DrWeb-CureIt
stiahni ho na plochu a zatial nespustaj,,
Restart do nudzoveho rezimu>>2x>klik a spustis>klik >NO>ok>
ak vyskoci >>zelene okno>zatvoris>>v pravo hore krizikom,,
>.>>Tlacitkom Start spustis skener,[prebehne expres scan(Toto je krátke skenovanie súborov v súčasnosti bežíaci v pamäti, boot sektory, a cielené zložiek).]
Ak sa zobrazí výzva na prevzatie plnej verzii Free Trial, jednoducho ignorovať a kliknite na tlačidlo X zatvoríte okno.
Ak sa pri tomto kratkom scane najdu infikovane subory, klikni na
"Vyber vsetky" -> "Liecit" -> " Cure> Presunúť nevyliečiteľné. ".
budu v zlozke C: \ Documents and Settings \ userprofile \ DoctorWeb \ Quarantine v prípade, že sa nedá liečiť)
[*] Vo vrchnom menu klikni na "Volby" -> "Zmenit Nastavenia" a vyfajkni [zrus]>>Heuristicka analyza a Vyzva na akciu -> "OK">Pouzit<<. Vrat sa naspat do hlavneho menu, v nom zvol komplet scan a klikni na zelenu sipku naprvo pod logom Dr. Web.
[*] Ked bude scan hotovy, vo vrchnom menu klik na "File" a zvol "Uloz...". Uloz log na plochu a vloz ho sem. Nezabudni restartovat PC.[/list]
Reštartovať počítač, pretože je mozne že súbory bude presunutý / odstránený az pri reštarte.
Po reštarte, obsah protokolu z Dr.Web.cvs -otvor v poznamkovom bloku a vloz sem,
toto skenovanie môže trvať dlhší čas

[HYPO]

Problém: nejde mi odinstalovat ten combofix, porad se spousti

[stell]

,ono sa spusti a potom sa to odinstaluje,

[HYPO]

Tak po 4 hodinách bylo skenování úspěšně dokončeno, nenalezen žádný vir, ale nedalo se nic uložit, nabídka "ulož výsledek" byla šedá. tak jsem restartoval.

[stell]

ok
podla mna to mas ok,ak nezamrzlo pocas skanu tak uz ani nezamrzne,