prosím o kontrolu pc se nechce vypnout

[mafian]

ComboFix 09-07-11.02 - 123456 12.07.2009 19:04.5.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2650 [GMT 2:00]
Spuštěný z: c:\documents and settings\123456\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\123456\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090711-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

FILE ::
"c:\windows\system32\GVTunner.ref"
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-06-12 do 2009-07-12 )))))))))))))))))))))))))))))))
.

2009-07-11 17:18 . 2009-07-11 17:18 -------- d-----w- c:\windows\Sun
2009-07-10 09:40 . 2009-07-10 09:40 -------- d-----w- c:\program files\System Search Dispatcher
2009-07-10 09:40 . 2009-07-10 09:40 -------- d-----w- c:\program files\DoubleD
2009-07-08 18:16 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-08 18:16 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-07-08 18:16 . 2009-07-08 18:16 -------- d-----w- c:\program files\iPod
2009-07-08 18:16 . 2009-07-08 18:16 -------- d-----w- c:\program files\iTunes
2009-07-08 18:15 . 2009-07-08 18:15 -------- d-----w- c:\program files\Bonjour
2009-07-08 18:15 . 2009-07-08 18:15 -------- d-----w- c:\program files\QuickTime
2009-07-08 18:14 . 2009-07-08 18:15 -------- d-----w- c:\program files\Apple Software Update
2009-07-08 18:14 . 2009-07-08 18:16 -------- d-----w- c:\program files\Common Files\Apple
2009-07-04 07:03 . 2009-07-04 07:03 -------- d-----w- C:\ProgramData
2009-07-03 21:44 . 2009-07-03 21:44 -------- d-----w- c:\program files\Electronic Arts
2009-07-03 21:44 . 2008-09-04 18:17 447752 ----a-w- c:\windows\system32\vp6vfw.dll
2009-07-03 21:44 . 2009-07-03 21:44 -------- d-----w- c:\program files\Microsoft WSE
2009-07-03 21:28 . 2009-07-04 07:03 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-03 21:26 . 2009-07-03 21:26 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-02 08:21 . 2009-07-02 08:21 -------- d-----w- c:\windows\system32\oodag
2009-07-02 07:32 . 2009-07-02 07:32 -------- d-----w- c:\program files\OO Software
2009-06-30 19:31 . 2009-06-30 19:33 -------- dc-h--w- c:\windows\ie8
2009-06-22 08:48 . 2009-06-22 08:53 -------- d-----w- c:\program files\PDF Editor 2
2009-06-22 08:48 . 2009-06-22 08:48 87552 ----a-w- c:\windows\cadkasdeinst01.exe
2009-06-18 17:47 . 2009-06-18 17:47 -------- d-----w- c:\program files\Haali

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-12 15:55 . 2009-03-21 17:32 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2009-07-12 15:55 . 2009-03-21 16:44 16608 ----a-w- c:\windows\gdrv.sys
2009-07-03 21:39 . 2009-03-21 15:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-17 09:27 . 2009-04-06 15:04 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2009-04-06 15:04 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-12 09:41 . 2009-06-12 09:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-10 11:19 . 2009-06-10 10:54 -------- d-----w- c:\program files\legis
2009-06-09 08:41 . 2009-06-09 08:41 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-01 19:49 . 2009-06-01 19:49 15832 ---ha-w- c:\windows\system32\mlfcache.dat
2009-05-27 16:59 . 2009-05-27 16:59 -------- d-----w- c:\program files\SimBin
2009-05-13 05:05 . 2001-10-25 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:33 . 2001-10-25 12:00 346624 ----a-w- c:\windows\system32\localspl.dll
2009-04-24 10:47 . 2001-10-25 12:00 77984 ----a-w- c:\windows\system32\perfc005.dat
2009-04-24 10:47 . 2001-10-25 12:00 429078 ----a-w- c:\windows\system32\perfh005.dat
2009-04-19 19:52 . 2001-10-25 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 05:50 . 2009-05-08 17:50 545 ----a-w- c:\windows\UC.PIF
2009-04-16 05:50 . 2009-05-08 17:50 545 ----a-w- c:\windows\RAR.PIF
2009-04-16 05:50 . 2009-05-08 17:50 545 ----a-w- c:\windows\PKZIP.PIF
2009-04-16 05:50 . 2009-05-08 17:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-04-16 05:50 . 2009-05-08 17:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-04-16 05:50 . 2009-05-08 17:50 545 ----a-w- c:\windows\LHA.PIF
2009-04-16 05:50 . 2009-05-08 17:50 545 ----a-w- c:\windows\ARJ.PIF
2009-04-15 14:54 . 2001-10-25 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-12_13.32.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 15:54 . 2009-07-12 15:54 16384 c:\windows\Temp\Perflib_Perfdata_94.dat
+ 2009-07-12 15:55 . 2009-07-12 15:55 16384 c:\windows\Temp\Perflib_Perfdata_41c.dat
+ 2009-07-12 15:55 . 2009-07-12 15:55 16384 c:\windows\Temp\Perflib_Perfdata_31c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"SmileyApp"="c:\program files\DoubleD\JuicyAccess Toolbar\4.1.0.17730\stbapp.exe" [2009-06-26 598296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTuneVI"="c:\program files\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"DT Task"="c:\program files\Portrait Displays\forteManager\DTHtml.exe" [2006-04-21 280576]
"WinampAgent"="h:\winamp\winampa.exe" [2009-04-21 37888]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-02-25 2553088]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-01-13 18084864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\123456\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22.3.2009 15:16 114768]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [22.3.2009 15:36 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 5:54 66600]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6.12.2007 22:03 660768]
R2 Aladdin SQL Server;Aladdin SQL Server;c:\program files\Aladdin\Aladdin SQL Server\AladdinSQL.exe [20.4.2009 10:16 135680]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.3.2009 15:16 20560]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [21.3.2009 18:45 68136]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 8:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 8:24 1365288]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [3.4.2009 17:54 93184]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [22.3.2009 15:36 65576]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [22.3.2009 16:40 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [22.3.2009 16:40 3072]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6.4.2009 17:04 38160]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [28.3.2009 14:59 23600]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - CSISCANNER
*NewlyCreated* - GVTDRV
*Deregistered* - CSIScanner

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.lide.cz/" onclick="window.open(this.href);return false;
uInternet Settings,ProxyOverride = *.local
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab" onclick="window.open(this.href);return false;
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2009-07-12 19:09
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ćHőwć*]
"DisplayName"="???\17?\11\09"
"DeviceDesc"="???\17?\11\09"
"ProviderName"="?O?\11???\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"d:\\install pack\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1192)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(5284)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2009-07-12 19:12
ComboFix-quarantined-files.txt 2009-07-12 17:12
ComboFix2.txt 2009-07-12 15:58
ComboFix3.txt 2009-07-12 13:35

Před spuštěním: Volných bajtů: 114 691 497 984
Po spuštění: Volných bajtů: 114 691 452 928

171 --- E O F --- 2009-07-01 05:47


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:32, on 12.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Aladdin\Aladdin SQL Server\AladdinSQL.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
H:\Winamp\winampa.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
I:\disk c\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
H:\ICQ6.5\ICQ.exe
H:\VideoGet\VideoGet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lide.cz/" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157" onclick="window.open(this.href);return false;
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [WinampAgent] H:\Winamp\winampa.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-be ... canner.cab" onclick="window.open(this.href);return false;
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Aladdin SQL Server - Unknown owner - C:\Program Files\Aladdin\Aladdin SQL Server\AladdinSQL.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - I:\disk c\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 8716 bytes

[Damned]

Vypínání a hlášky?????

Logy jsou již v pořádku.

Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš

(pozn.Pokud máš AVG, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, následně T-Cleaner smaž
a zapni si AVG.)


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Pokud se hlášky neopakují tak označ topic za vyřešený (zelená fajfka) a měj se.
Kdyby něco, tak se zastav.

[mafian]

Tak ted se docílilo toho že se nechce vůbec vypnou pořád běží už ani ta hláška při vypínání.

[Damned]

Tak smaž z boot.ini Konzolu pro zotavení (Nástroje--> Možnosti složky-->Zobrazit skryté i systémové soubory a složky.):

V kořenovém adresáři (C:)klepněte pravým tlačítkem myši na soubor Boot.ini a potom klepněte na příkaz Vlastnosti.
Zrušte zaškrtnutí políčka Jen pro čtení a klepněte na tlačítko OK.
Otevřete soubor Boot.ini v programu Poznámkový blok a odstraňte položku konzoly pro zotavení. Položka bude vypadat podobně jako tento řádek:
C:\cmdcons\bootsect.dat="Microsoft Windows Recovery Console" /cmdcons

Uložte a zavřete soubor.
Upozornění

Nesprávné změny souboru Boot.ini mohou zabránit restartování počítače. Přesvědčte se, že jste odstranili pouze položku konzoly pro zotavení.
Poznámky

Složku Tento počítač otevřete klepnutím na tlačítko Start a na příkaz Tento počítač.
Po dokončení tohoto postupu doporučujeme změnit atribut souboru Boot.ini zpět na hodnotu Jen pro čtení. Pravděpodobně budete také chtít znovu skrýt systémové soubory.

Soubor boot.ini bude pak vypadat podobně (já mám XP Home) (obsah) (timeout může být do 30):

[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer