Prosím o kontrolu HJT.AVAST hlásil malware Vyřešeno

[jaro3]

Co ten Combofix? Pokud nejde , zkus v nouz. režimu.

[Reklama]

[ondoubek]

Jo,rště sem se ktomu nedopracoval,dnes už do asi bude,potřeboval sem na pc udelat neco do skoly

[ondoubek]

ComboFix 12-04-11.01 - doma 12.04.2012 14:01:41.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2345 [GMT 2:00]
Spuštěný z: c:\documents and settings\doma\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\doma\WINDOWS
C:\nsuD17.tmp
c:\program files\ViOrb
c:\program files\ViOrb\Resources\Flag.png
c:\program files\ViOrb\StartHook.dll
c:\program files\ViOrb\ViOrb.exe
c:\windows\IsUn0405.exe
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\tmp7E.tmp
c:\windows\system32\tmp7F.tmp
D:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-12 do 2012-04-12 )))))))))))))))))))))))))))))))
.
.
2012-04-12 11:41 . 2012-04-12 11:41 8646 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-04-12 11:41 . 2012-04-12 11:41 6429 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-04-12 11:41 . 2012-04-12 11:41 63115 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-04-12 11:41 . 2012-04-12 11:41 4599 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-04-12 11:41 . 2012-04-12 11:41 9310 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-04-12 11:41 . 2012-04-12 11:41 8613 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-04-12 11:41 . 2012-04-12 11:41 5927 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-04-12 11:41 . 2012-04-12 11:41 1651 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-04-12 11:41 . 2012-04-12 11:41 8288 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-04-12 11:41 . 2012-04-12 11:41 6910 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-04-12 11:41 . 2012-04-12 11:41 6208 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-04-12 11:41 . 2012-04-12 11:41 18541 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-04-12 11:40 . 2012-04-12 11:40 51852 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-04-12 11:40 . 2012-04-12 11:40 20719 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-04-12 11:40 . 2012-04-12 11:40 8782 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-04-12 11:40 . 2012-04-12 11:40 7271 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-04-12 11:40 . 2012-04-12 11:40 23327 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-04-10 18:43 . 2012-04-10 18:43 -------- d-----w- c:\documents and settings\doma\Data aplikací\Malwarebytes
2012-04-10 18:43 . 2012-04-10 18:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2012-04-10 18:43 . 2012-04-10 18:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-10 18:43 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-10 13:11 . 2012-01-09 15:28 8576 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2012-04-10 13:11 . 2012-01-09 15:28 137600 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2012-04-10 13:11 . 2012-01-09 15:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2012-04-10 13:11 . 2012-01-09 15:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2012-04-10 13:11 . 2012-01-09 15:28 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2012-04-10 13:11 . 2012-01-09 15:28 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2012-04-10 12:09 . 2012-04-10 12:09 -------- d-----w- C:\found.000
2012-04-09 14:27 . 2012-04-09 14:27 -------- d-----w- C:\MineMovies
2012-04-07 09:07 . 2012-04-07 09:18 -------- d-----w- c:\program files\Core Temp
2012-04-05 17:16 . 2012-04-05 17:32 -------- d-----w- c:\documents and settings\doma\WebToolsWorkspace
2012-04-05 07:27 . 2012-04-05 07:27 -------- d-----w- c:\documents and settings\doma\Data aplikací\Need for Speed World
2012-04-05 06:29 . 2012-04-05 06:29 -------- d-----w- c:\documents and settings\doma\Local Settings\Data aplikací\Electronic_Arts_Inc
2012-04-05 06:28 . 2012-04-05 06:28 -------- d-----w- c:\program files\Electronic Arts
2012-04-03 17:39 . 2012-04-10 13:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Plocha
2012-03-30 11:42 . 2012-04-09 09:25 -------- d-----w- c:\documents and settings\UpdatusUser\Data aplikací\VMware
2012-03-29 16:41 . 2012-03-29 16:44 -------- d-----w- c:\documents and settings\doma\Local Settings\Data aplikací\BlueStacksSetup
2012-03-29 15:08 . 2012-03-29 15:28 -------- d-----w- c:\documents and settings\doma\Local Settings\Data aplikací\VMware
2012-03-29 15:08 . 2012-04-09 18:44 -------- d-----w- c:\documents and settings\doma\Data aplikací\VMware
2012-03-29 15:04 . 2012-03-29 15:04 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Data aplikací\VMware
2012-03-29 15:02 . 2012-04-09 18:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\VMware
2012-03-27 16:48 . 2012-03-27 16:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-03-24 17:49 . 2012-03-24 17:49 -------- d-----w- C:\$WINDOWS.~BT
2012-03-20 15:21 . 2012-03-20 15:21 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-20 15:21 . 2012-03-20 15:21 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-17 10:21 . 2012-03-17 10:21 -------- d-----w- c:\documents and settings\doma\Data aplikací\Wireshark
2012-03-16 20:13 . 2012-03-16 20:13 -------- d-----w- c:\program files\Common Files\Skype
2012-03-14 18:48 . 2012-03-14 19:45 -------- d-----w- c:\program files\UltraISO
2012-03-14 17:57 . 2012-03-14 17:57 116016 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-03-14 17:57 . 2012-03-14 17:57 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-03-14 17:57 . 2012-03-14 17:57 135472 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 17:57 . 2012-01-13 15:56 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-03-14 17:57 . 2012-01-13 15:55 91952 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-03-07 00:15 . 2010-11-26 14:28 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2008-09-16 14:12 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2011-03-19 08:11 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2008-09-16 14:12 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2008-09-16 14:12 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2008-09-16 14:12 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2008-09-16 14:12 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-07 00:01 . 2008-09-16 14:12 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-07 00:01 . 2008-09-16 14:12 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 23:58 . 2008-09-16 14:12 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-02-29 23:58 . 2012-02-26 16:28 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:58 . 2012-02-26 16:28 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 23:58 . 2010-06-17 11:17 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-29 23:58 . 2010-06-17 11:17 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-29 23:58 . 2009-07-03 03:11 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-29 23:58 . 2009-07-03 03:11 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-29 23:58 . 2009-07-03 03:11 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-29 23:58 . 2009-07-03 03:11 2291712 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:58 . 2009-07-03 03:11 18624512 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-29 23:58 . 2006-02-13 13:05 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-29 23:58 . 2006-02-13 13:05 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-29 21:15 . 2009-06-10 07:29 335872 ----a-w- c:\windows\system32\nvrshe.dll
2012-02-29 21:15 . 2009-06-10 07:29 274432 ----a-w- c:\windows\system32\nvrsja.dll
2012-02-29 21:15 . 2009-06-10 07:29 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2012-02-29 21:15 . 2009-06-10 07:29 258048 ----a-w- c:\windows\system32\nvrspl.dll
2012-02-29 21:15 . 2009-06-10 07:29 253952 ----a-w- c:\windows\system32\nvrssv.dll
2012-02-29 21:15 . 2009-06-10 07:29 249856 ----a-w- c:\windows\system32\nvrseng.dll
2012-02-29 21:15 . 2009-06-10 07:29 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-02-29 21:15 . 2009-06-10 07:29 282624 ----a-w- c:\windows\system32\nvrsit.dll
2012-02-29 21:15 . 2009-06-10 07:29 278528 ----a-w- c:\windows\system32\nvrsde.dll
2012-02-29 21:15 . 2009-06-10 07:29 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2012-02-29 21:15 . 2009-06-10 07:29 258048 ----a-w- c:\windows\system32\nvrssk.dll
2012-02-29 21:15 . 2009-06-10 07:29 274432 ----a-w- c:\windows\system32\nvrspt.dll
2012-02-29 21:15 . 2009-06-10 07:29 262144 ----a-w- c:\windows\system32\nvrshu.dll
2012-02-29 21:15 . 2009-06-10 07:29 266240 ----a-w- c:\windows\system32\nvrsko.dll
2012-02-29 21:15 . 2009-06-10 07:29 282624 ----a-w- c:\windows\system32\nvrses.dll
2012-02-29 21:15 . 2009-06-10 07:29 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2012-02-29 21:15 . 2009-06-10 07:29 258048 ----a-w- c:\windows\system32\nvrstr.dll
2012-02-29 21:15 . 2009-06-10 07:29 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-02-29 21:15 . 2009-06-10 07:29 253952 ----a-w- c:\windows\system32\nvrsno.dll
2012-02-29 21:15 . 2009-06-10 07:29 335872 ----a-w- c:\windows\system32\nvrsar.dll
2012-02-29 21:15 . 2009-06-10 07:29 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2012-02-29 21:15 . 2009-06-10 07:29 282624 ----a-w- c:\windows\system32\nvrsel.dll
2012-02-29 21:15 . 2009-06-10 07:29 270336 ----a-w- c:\windows\system32\nvrsru.dll
2012-02-29 21:15 . 2009-06-10 07:29 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2012-02-29 21:15 . 2009-06-10 07:29 126976 ----a-w- c:\windows\system32\nvrszht.dll
2012-02-29 21:15 . 2009-06-10 07:29 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2012-02-29 21:15 . 2009-06-10 07:29 253952 ----a-w- c:\windows\system32\nvrsda.dll
2012-02-29 21:15 . 2009-06-10 07:29 258048 ----a-w- c:\windows\system32\nvrssl.dll
2012-02-29 20:30 . 2010-06-07 15:34 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-29 20:30 . 2010-06-07 15:34 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:30 . 2010-06-07 15:34 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-29 20:30 . 2010-06-07 15:34 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:30 . 2010-06-07 15:34 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-12 14:15 . 2012-02-12 14:15 73728 ----a-r- c:\documents and settings\doma\Data aplikací\Microsoft\Installer\{402613C2-6CA5-48E5-8B9C-0BED1D502A19}\NewShortcut1_63DEE96284054F8694636FE381A5574C.exe
2012-01-27 12:03 . 2004-08-17 13:49 219648 ----a-w- c:\windows\system32\uxtheme.dll
2011-10-25 12:03 . 2011-10-25 12:03 1389581103 ----a-w- c:\program files\Combatarms_eu.exe
2012-03-20 15:21 . 2012-03-07 17:24 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Core Temp"="c:\program files\Core Temp\Core Temp.exe" [2012-01-25 758224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"PAC207_Monitor"="c:\windows\PixArt\i-Look110\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\i-Look110\Monitor.exe" [2007-12-10 323584]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2012-02-28 190768]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Sweex Wireless LAN Utility.lnk - c:\program files\Sweex Wireless LAN\LW057V2 Wireless LAN PCI Card 54 Mbps\RtWlan.exe [2011-10-11 782336]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Rainmeter.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Rainmeter.lnk
backup=c:\windows\pss\Rainmeter.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-07-01 06:42 133104 ----atw- c:\documents and settings\doma\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\us downloader\\USDownloader.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Techland\\Call of Juarez\\CoJ.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Mobiola Web Camera for S60\\webcam.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\doma\\Dokumenty\\RemoterServer.exe"=
"c:\\Games\\TrackMania 2\\ManiaPlanet.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft Games\\Microsoft Flight\\Flight.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Data aplikací\\Electronic Arts\\Need For Speed World\\Data\\nfsw.exe"=
"c:\\Program Files\\Core Temp\\Core Temp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [6.1.2012 20:32 2911848]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [19.3.2011 10:11 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16.9.2008 16:12 337880]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [26.8.2011 17:19 232512]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [13.1.2012 17:56 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [13.1.2012 17:55 91952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.9.2008 16:12 20696]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [5.5.2011 16:12 21992]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [11.10.2011 17:39 38144]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [28.2.2012 18:38 1373576]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10.4.2012 20:43 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [26.2.2012 18:29 2348352]
R3 ALSysIO;ALSysIO;\??\c:\docume~1\doma\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\doma\LOCALS~1\Temp\ALSysIO.sys [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10.4.2012 20:43 22344]
R3 PAC207;i-Look 110;c:\windows\system32\drivers\PFC027.SYS [22.7.2009 8:14 618112]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [14.3.2012 19:57 104752]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [14.3.2012 19:57 116016]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys --> c:\windows\system32\DRIVERS\vmci.sys [?]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S2 gupdate1c99e1ca9ef1c24;Google Update Service (gupdate1c99e1ca9ef1c24);c:\program files\Google\Update\GoogleUpdate.exe [6.3.2009 7:30 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 9:50 158856]
S2 tvnserver;TightVNC Server;"c:\program files\TightVNC\tvnserver.exe" -service --> c:\program files\TightVNC\tvnserver.exe [?]
S3 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist --> c:\program files\AMD\OverDrive\AODAssist [?]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [1.8.2011 13:03 1714176]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [10.6.2011 19:26 219264]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [14.1.2011 17:51 36608]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [19.8.2011 14:51 130976]
S3 GPPService;GPPService;"c:\program files\GPPSoft\GPP Remote Server\GPP Remote Service.exe" --> c:\program files\GPPSoft\GPP Remote Server\GPP Remote Service.exe [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6.3.2009 7:30 133104]
S3 iDispService;iDispService;c:\windows\system32\drivers\idisplayminiport.sys [11.3.2012 19:43 15568]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [10.4.2012 15:11 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [10.4.2012 15:11 8576]
S3 NVIDIAHWAccess;NVIDIAHWAccess;\??\c:\documents and settings\doma\Data aplikací\NVIDIA\HWAccess.sys --> c:\documents and settings\doma\Data aplikací\NVIDIA\HWAccess.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ALSYSIO
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-06 05:30]
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-06 05:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
FF - ProfilePath - c:\documents and settings\doma\Data aplikací\Mozilla\Firefox\Profiles\zmv8a9de.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{34AB3C4C-DA1A-4067-96F4-31452C7CFE65} - c:\program files\Seznam.cz\listicka.dll
HKLM-Run-BMISR - c:\program files\KYE\WebMate\BM.exe
HKLM-Run-NPSStartup - (no file)
HKLM-Run-4StoryPrePatch - c:\program files\Gameforge4D\4Story_CZ\PrePatch.exe
HKLM-Run-tvncontrol - c:\program files\TightVNC\tvnserver.exe
SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - c:\program files\Stardock\ObjectDockFree\ODMenu.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-BattlEye - c:\program files\Bohemia Interactive\ArmABattlEye\UnInstallBE.exe
AddRemove-Fraps - d:\program files\prog\uninstall.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe
AddRemove-Rainmeter - c:\program files\Rainmeter\uninst.exe
AddRemove-TightVNC - c:\program files\TightVNC\uninstall.exe
AddRemove-Windows Media Format Runtime - c:\program files\Windows Media Player\wmsetsdk.exe
AddRemove-Wireshark - c:\program files\Wireshark\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-12 14:07
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AODService]
"ImagePath"="c:\program files\AMD\OverDrive\AODAssist"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1957994488-2052111302-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B8F96E02-A3A6-1DB9-0E31-3D04CA91CFE7}*]
"haadbopjmhgpkana"=hex:6a,61,6e,65,6c,6c,70,64,6a,6b,6f,68,6e,64,6f,70,6b,66,
6d,65,00,31
"iacdhcmnggdebbjaeg"=hex:6a,61,6e,65,6c,6c,70,64,6a,6b,6f,68,6e,64,6f,70,6b,66,
6d,65,00,80
.
Celkový čas: 2012-04-12 14:09:04
ComboFix-quarantined-files.txt 2012-04-12 12:09
.
Před spuštěním: Volných bajtů: 20 920 410 112
Po spuštění: Volných bajtů: 21 558 747 136
.
- - End Of File - - 4B0977B254A709637D01081A0D5A4270

[memphisto]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AODService]
"ImagePath"=-

Driver::
sptd
cpuz135
ALSysIO
vmci
appdrvrem01
AODService
EagleXNt
GPPService
NVIDIAHWAccess

File::
c:\windows\system32\drivers\cpuz135_x32.sys
c:\docume~1\doma\LOCALS~1\Temp\ALSysIO.sys
c:\windows\system32\DRIVERS\vmci.sys
c:\windows\System32\appdrvrem01.exe
c:\windows\system32\drivers\EagleXNt.sys
c:\program files\GPPSoft\GPP Remote Server\GPP Remote Service.exe
c:\documents and settings\doma\Data aplikací\NVIDIA\HWAccess.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

DDS::
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upus.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[ondoubek]

Tekže další log,ale uz nechci combofix ani vidět,vžy je poněm cely hozhašený komp..

ComboFix 12-04-11.01 - doma 12.04.2012 19:51:29.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2308 [GMT 2:00]
Spuštěný z: c:\documents and settings\doma\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\doma\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
FILE ::
"c:\docume~1\doma\LOCALS~1\Temp\ALSysIO.sys"
"c:\documents and settings\doma\Data aplikací\NVIDIA\HWAccess.sys"
"c:\program files\GPPSoft\GPP Remote Server\GPP Remote Service.exe"
"c:\windows\System32\appdrvrem01.exe"
"c:\windows\system32\drivers\cpuz135_x32.sys"
"c:\windows\system32\drivers\EagleXNt.sys"
"c:\windows\system32\DRIVERS\vmci.sys"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\System32\appdrvrem01.exe
c:\windows\system32\drivers\cpuz135_x32.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ALSYSIO
-------\Legacy_APPDRVREM01
-------\Legacy_CPUZ135
-------\Legacy_EAGLEXNT
-------\Legacy_GPPSERVICE
-------\Legacy_SPTD
-------\Service_ALSysIO
-------\Service_AODService
-------\Service_appdrvrem01
-------\Service_cpuz135
-------\Service_EagleXNt
-------\Service_GPPService
-------\Service_NVIDIAHWAccess
-------\Service_sptd
-------\Service_vmci
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-12 do 2012-04-12 )))))))))))))))))))))))))))))))
.
.
2012-04-10 18:43 . 2012-04-10 18:43 -------- d-----w- c:\documents and settings\doma\Data aplikací\Malwarebytes
2012-04-10 18:43 . 2012-04-10 18:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2012-04-10 18:43 . 2012-04-10 18:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-10 18:43 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-10 13:11 . 2012-01-09 15:28 8576 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2012-04-10 13:11 . 2012-01-09 15:28 137600 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2012-04-10 13:11 . 2012-01-09 15:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2012-04-10 13:11 . 2012-01-09 15:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2012-04-10 13:11 . 2012-01-09 15:28 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2012-04-10 13:11 . 2012-01-09 15:28 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2012-04-10 12:09 . 2012-04-10 12:09 -------- d-----w- C:\found.000
2012-04-09 14:27 . 2012-04-09 14:27 -------- d-----w- C:\MineMovies
2012-04-07 09:07 . 2012-04-07 09:18 -------- d-----w- c:\program files\Core Temp
2012-04-05 17:16 . 2012-04-05 17:32 -------- d-----w- c:\documents and settings\doma\WebToolsWorkspace
2012-04-05 07:27 . 2012-04-05 07:27 -------- d-----w- c:\documents and settings\doma\Data aplikací\Need for Speed World
2012-04-05 06:29 . 2012-04-05 06:29 -------- d-----w- c:\documents and settings\doma\Local Settings\Data aplikací\Electronic_Arts_Inc
2012-04-05 06:28 . 2012-04-05 06:28 -------- d-----w- c:\program files\Electronic Arts
2012-04-03 17:39 . 2012-04-10 13:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Plocha
2012-03-30 11:42 . 2012-04-09 09:25 -------- d-----w- c:\documents and settings\UpdatusUser\Data aplikací\VMware
2012-03-29 16:41 . 2012-03-29 16:44 -------- d-----w- c:\documents and settings\doma\Local Settings\Data aplikací\BlueStacksSetup
2012-03-29 15:08 . 2012-03-29 15:28 -------- d-----w- c:\documents and settings\doma\Local Settings\Data aplikací\VMware
2012-03-29 15:08 . 2012-04-09 18:44 -------- d-----w- c:\documents and settings\doma\Data aplikací\VMware
2012-03-29 15:04 . 2012-03-29 15:04 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Data aplikací\VMware
2012-03-29 15:02 . 2012-04-09 18:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\VMware
2012-03-27 16:48 . 2012-03-27 16:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-03-24 17:49 . 2012-03-24 17:49 -------- d-----w- C:\$WINDOWS.~BT
2012-03-20 15:21 . 2012-03-20 15:21 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-20 15:21 . 2012-03-20 15:21 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-17 10:21 . 2012-03-17 10:21 -------- d-----w- c:\documents and settings\doma\Data aplikací\Wireshark
2012-03-16 20:13 . 2012-03-16 20:13 -------- d-----w- c:\program files\Common Files\Skype
2012-03-14 18:48 . 2012-03-14 19:45 -------- d-----w- c:\program files\UltraISO
2012-03-14 17:57 . 2012-03-14 17:57 116016 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-03-14 17:57 . 2012-03-14 17:57 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-03-14 17:57 . 2012-03-14 17:57 135472 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 17:57 . 2012-01-13 15:56 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-03-14 17:57 . 2012-01-13 15:55 91952 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-03-07 00:15 . 2010-11-26 14:28 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2008-09-16 14:12 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2011-03-19 08:11 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2008-09-16 14:12 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2008-09-16 14:12 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2008-09-16 14:12 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2008-09-16 14:12 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-07 00:01 . 2008-09-16 14:12 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-07 00:01 . 2008-09-16 14:12 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 23:58 . 2008-09-16 14:12 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-02-29 23:58 . 2012-02-26 16:28 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:58 . 2012-02-26 16:28 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 23:58 . 2010-06-17 11:17 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-29 23:58 . 2010-06-17 11:17 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-29 23:58 . 2009-07-03 03:11 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-29 23:58 . 2009-07-03 03:11 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-29 23:58 . 2009-07-03 03:11 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-29 23:58 . 2009-07-03 03:11 2291712 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:58 . 2009-07-03 03:11 18624512 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-29 23:58 . 2006-02-13 13:05 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-29 23:58 . 2006-02-13 13:05 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-29 21:15 . 2009-06-10 07:29 335872 ----a-w- c:\windows\system32\nvrshe.dll
2012-02-29 21:15 . 2009-06-10 07:29 274432 ----a-w- c:\windows\system32\nvrsja.dll
2012-02-29 21:15 . 2009-06-10 07:29 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2012-02-29 21:15 . 2009-06-10 07:29 258048 ----a-w- c:\windows\system32\nvrspl.dll
2012-02-29 21:15 . 2009-06-10 07:29 253952 ----a-w- c:\windows\system32\nvrssv.dll
2012-02-29 21:15 . 2009-06-10 07:29 249856 ----a-w- c:\windows\system32\nvrseng.dll
2012-02-29 21:15 . 2009-06-10 07:29 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-02-29 21:15 . 2009-06-10 07:29 282624 ----a-w- c:\windows\system32\nvrsit.dll
2012-02-29 21:15 . 2009-06-10 07:29 278528 ----a-w- c:\windows\system32\nvrsde.dll
2012-02-29 21:15 . 2009-06-10 07:29 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2012-02-29 21:15 . 2009-06-10 07:29 258048 ----a-w- c:\windows\system32\nvrssk.dll
2012-02-29 21:15 . 2009-06-10 07:29 274432 ----a-w- c:\windows\system32\nvrspt.dll
2012-02-29 21:15 . 2009-06-10 07:29 262144 ----a-w- c:\windows\system32\nvrshu.dll
2012-02-29 21:15 . 2009-06-10 07:29 266240 ----a-w- c:\windows\system32\nvrsko.dll
2012-02-29 21:15 . 2009-06-10 07:29 282624 ----a-w- c:\windows\system32\nvrses.dll
2012-02-29 21:15 . 2009-06-10 07:29 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2012-02-29 21:15 . 2009-06-10 07:29 258048 ----a-w- c:\windows\system32\nvrstr.dll
2012-02-29 21:15 . 2009-06-10 07:29 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-02-29 21:15 . 2009-06-10 07:29 253952 ----a-w- c:\windows\system32\nvrsno.dll
2012-02-29 21:15 . 2009-06-10 07:29 335872 ----a-w- c:\windows\system32\nvrsar.dll
2012-02-29 21:15 . 2009-06-10 07:29 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2012-02-29 21:15 . 2009-06-10 07:29 282624 ----a-w- c:\windows\system32\nvrsel.dll
2012-02-29 21:15 . 2009-06-10 07:29 270336 ----a-w- c:\windows\system32\nvrsru.dll
2012-02-29 21:15 . 2009-06-10 07:29 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2012-02-29 21:15 . 2009-06-10 07:29 126976 ----a-w- c:\windows\system32\nvrszht.dll
2012-02-29 21:15 . 2009-06-10 07:29 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2012-02-29 21:15 . 2009-06-10 07:29 253952 ----a-w- c:\windows\system32\nvrsda.dll
2012-02-29 21:15 . 2009-06-10 07:29 258048 ----a-w- c:\windows\system32\nvrssl.dll
2012-02-29 20:30 . 2010-06-07 15:34 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-29 20:30 . 2010-06-07 15:34 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:30 . 2010-06-07 15:34 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-29 20:30 . 2010-06-07 15:34 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:30 . 2010-06-07 15:34 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-12 14:15 . 2012-02-12 14:15 73728 ----a-r- c:\documents and settings\doma\Data aplikací\Microsoft\Installer\{402613C2-6CA5-48E5-8B9C-0BED1D502A19}\NewShortcut1_63DEE96284054F8694636FE381A5574C.exe
2012-01-27 12:03 . 2004-08-17 13:49 219648 ----a-w- c:\windows\system32\uxtheme.dll
2011-10-25 12:03 . 2011-10-25 12:03 1389581103 ----a-w- c:\program files\Combatarms_eu.exe
2012-03-20 15:21 . 2012-03-07 17:24 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-12_12.07.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-12 17:58 . 2012-04-12 17:58 16384 c:\windows\temp\Perflib_Perfdata_6e8.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Core Temp"="c:\program files\Core Temp\Core Temp.exe" [2012-01-25 758224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"PAC207_Monitor"="c:\windows\PixArt\i-Look110\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\i-Look110\Monitor.exe" [2007-12-10 323584]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2012-02-28 190768]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Sweex Wireless LAN Utility.lnk - c:\program files\Sweex Wireless LAN\LW057V2 Wireless LAN PCI Card 54 Mbps\RtWlan.exe [2011-10-11 782336]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Rainmeter.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Rainmeter.lnk
backup=c:\windows\pss\Rainmeter.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-07-01 06:42 133104 ----atw- c:\documents and settings\doma\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\us downloader\\USDownloader.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Techland\\Call of Juarez\\CoJ.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Mobiola Web Camera for S60\\webcam.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\doma\\Dokumenty\\RemoterServer.exe"=
"c:\\Games\\TrackMania 2\\ManiaPlanet.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft Games\\Microsoft Flight\\Flight.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Data aplikací\\Electronic Arts\\Need For Speed World\\Data\\nfsw.exe"=
"c:\\Program Files\\Core Temp\\Core Temp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [6.1.2012 20:32 2911848]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [19.3.2011 10:11 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16.9.2008 16:12 337880]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [26.8.2011 17:19 232512]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [13.1.2012 17:56 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [13.1.2012 17:55 91952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.9.2008 16:12 20696]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [11.10.2011 17:39 38144]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [28.2.2012 18:38 1373576]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10.4.2012 20:43 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [26.2.2012 18:29 2348352]
R3 ALSysIO;ALSysIO;\??\c:\docume~1\doma\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\doma\LOCALS~1\Temp\ALSysIO.sys [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10.4.2012 20:43 22344]
R3 PAC207;i-Look 110;c:\windows\system32\drivers\PFC027.SYS [22.7.2009 8:14 618112]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [14.3.2012 19:57 104752]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [14.3.2012 19:57 116016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S2 gupdate1c99e1ca9ef1c24;Google Update Service (gupdate1c99e1ca9ef1c24);c:\program files\Google\Update\GoogleUpdate.exe [6.3.2009 7:30 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 9:50 158856]
S2 tvnserver;TightVNC Server;"c:\program files\TightVNC\tvnserver.exe" -service --> c:\program files\TightVNC\tvnserver.exe [?]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [1.8.2011 13:03 1714176]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [10.6.2011 19:26 219264]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [14.1.2011 17:51 36608]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [19.8.2011 14:51 130976]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6.3.2009 7:30 133104]
S3 iDispService;iDispService;c:\windows\system32\drivers\idisplayminiport.sys [11.3.2012 19:43 15568]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [10.4.2012 15:11 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [10.4.2012 15:11 8576]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ALSYSIO
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
FF - ProfilePath - c:\documents and settings\doma\Data aplikací\Mozilla\Firefox\Profiles\zmv8a9de.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-12 19:59
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1957994488-2052111302-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B8F96E02-A3A6-1DB9-0E31-3D04CA91CFE7}*]
"haadbopjmhgpkana"=hex:6a,61,6e,65,6c,6c,70,64,6a,6b,6f,68,6e,64,6f,70,6b,66,
6d,65,00,31
"iacdhcmnggdebbjaeg"=hex:6a,61,6e,65,6c,6c,70,64,6a,6b,6f,68,6e,64,6f,70,6b,66,
6d,65,00,80
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3880)
c:\program files\NVIDIA Corporation\nview\nview.dll
c:\program files\NVIDIA Corporation\nview\NVWRSCS.DLL
c:\windows\system32\msi.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\system32\RunDLL32.exe
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Celkový čas: 2012-04-12 20:03:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-12 18:02
ComboFix2.txt 2012-04-12 12:09
.
Před spuštěním: Volných bajtů: 21 517 017 088
Po spuštění: Volných bajtů: 21 467 578 368
.
- - End Of File - - 5FEF9A396CE8774C8AD391C5F08E562B

[Žbeky]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Driver::
ALSysIO


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[ondoubek]

Dalšy log

ComboFix 12-04-13.01 - doma 13.04.2012 15:34:21.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2212 [GMT 2:00]
Spuštěný z: c:\documents and settings\doma\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\doma\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-13 do 2012-04-13 )))))))))))))))))))))))))))))))
.
.
2012-04-10 18:43 . 2012-04-10 18:43 -------- d-----w- c:\documents and settings\doma\Data aplikací\Malwarebytes
2012-04-10 18:43 . 2012-04-10 18:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2012-04-10 18:43 . 2012-04-10 18:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-10 18:43 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-10 13:11 . 2012-01-09 15:28 8576 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2012-04-10 13:11 . 2012-01-09 15:28 137600 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2012-04-10 13:11 . 2012-01-09 15:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2012-04-10 13:11 . 2012-01-09 15:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2012-04-10 13:11 . 2012-01-09 15:28 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2012-04-10 13:11 . 2012-01-09 15:28 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2012-04-10 12:09 . 2012-04-10 12:09 -------- d-----w- C:\found.000
2012-04-09 14:27 . 2012-04-09 14:27 -------- d-----w- C:\MineMovies
2012-04-07 09:07 . 2012-04-07 09:18 -------- d-----w- c:\program files\Core Temp
2012-04-05 17:16 . 2012-04-05 17:32 -------- d-----w- c:\documents and settings\doma\WebToolsWorkspace
2012-04-05 07:27 . 2012-04-05 07:27 -------- d-----w- c:\documents and settings\doma\Data aplikací\Need for Speed World
2012-04-05 06:29 . 2012-04-05 06:29 -------- d-----w- c:\documents and settings\doma\Local Settings\Data aplikací\Electronic_Arts_Inc
2012-04-05 06:28 . 2012-04-05 06:28 -------- d-----w- c:\program files\Electronic Arts
2012-04-03 17:39 . 2012-04-10 13:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Plocha
2012-03-30 11:42 . 2012-04-09 09:25 -------- d-----w- c:\documents and settings\UpdatusUser\Data aplikací\VMware
2012-03-29 16:41 . 2012-03-29 16:44 -------- d-----w- c:\documents and settings\doma\Local Settings\Data aplikací\BlueStacksSetup
2012-03-29 15:08 . 2012-03-29 15:28 -------- d-----w- c:\documents and settings\doma\Local Settings\Data aplikací\VMware
2012-03-29 15:08 . 2012-04-09 18:44 -------- d-----w- c:\documents and settings\doma\Data aplikací\VMware
2012-03-29 15:04 . 2012-03-29 15:04 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Data aplikací\VMware
2012-03-29 15:02 . 2012-04-09 18:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\VMware
2012-03-27 16:48 . 2012-03-27 16:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-03-24 17:49 . 2012-03-24 17:49 -------- d-----w- C:\$WINDOWS.~BT
2012-03-20 15:21 . 2012-03-20 15:21 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-20 15:21 . 2012-03-20 15:21 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-17 10:21 . 2012-03-17 10:21 -------- d-----w- c:\documents and settings\doma\Data aplikací\Wireshark
2012-03-16 20:13 . 2012-03-16 20:13 -------- d-----w- c:\program files\Common Files\Skype
2012-03-14 18:48 . 2012-03-14 19:45 -------- d-----w- c:\program files\UltraISO
2012-03-14 17:57 . 2012-03-14 17:57 116016 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-03-14 17:57 . 2012-03-14 17:57 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-03-14 17:57 . 2012-03-14 17:57 135472 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 17:57 . 2012-01-13 15:56 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-03-14 17:57 . 2012-01-13 15:55 91952 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-03-07 00:15 . 2010-11-26 14:28 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2008-09-16 14:12 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2011-03-19 08:11 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2008-09-16 14:12 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2008-09-16 14:12 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2008-09-16 14:12 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2008-09-16 14:12 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-07 00:01 . 2008-09-16 14:12 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-07 00:01 . 2008-09-16 14:12 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 23:58 . 2008-09-16 14:12 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-02-29 23:58 . 2012-02-26 16:28 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:58 . 2012-02-26 16:28 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 23:58 . 2010-06-17 11:17 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-29 23:58 . 2010-06-17 11:17 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-29 23:58 . 2009-07-03 03:11 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-29 23:58 . 2009-07-03 03:11 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-29 23:58 . 2009-07-03 03:11 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-29 23:58 . 2009-07-03 03:11 2291712 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:58 . 2009-07-03 03:11 18624512 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-29 23:58 . 2006-02-13 13:05 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-29 23:58 . 2006-02-13 13:05 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-29 21:15 . 2009-06-10 07:29 335872 ----a-w- c:\windows\system32\nvrshe.dll
2012-02-29 21:15 . 2009-06-10 07:29 274432 ----a-w- c:\windows\system32\nvrsja.dll
2012-02-29 21:15 . 2009-06-10 07:29 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2012-02-29 21:15 . 2009-06-10 07:29 258048 ----a-w- c:\windows\system32\nvrspl.dll
2012-02-29 21:15 . 2009-06-10 07:29 253952 ----a-w- c:\windows\system32\nvrssv.dll
2012-02-29 21:15 . 2009-06-10 07:29 249856 ----a-w- c:\windows\system32\nvrseng.dll
2012-02-29 21:15 . 2009-06-10 07:29 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-02-29 21:15 . 2009-06-10 07:29 282624 ----a-w- c:\windows\system32\nvrsit.dll
2012-02-29 21:15 . 2009-06-10 07:29 278528 ----a-w- c:\windows\system32\nvrsde.dll
2012-02-29 21:15 . 2009-06-10 07:29 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2012-02-29 21:15 . 2009-06-10 07:29 258048 ----a-w- c:\windows\system32\nvrssk.dll
2012-02-29 21:15 . 2009-06-10 07:29 274432 ----a-w- c:\windows\system32\nvrspt.dll
2012-02-29 21:15 . 2009-06-10 07:29 262144 ----a-w- c:\windows\system32\nvrshu.dll
2012-02-29 21:15 . 2009-06-10 07:29 266240 ----a-w- c:\windows\system32\nvrsko.dll
2012-02-29 21:15 . 2009-06-10 07:29 282624 ----a-w- c:\windows\system32\nvrses.dll
2012-02-29 21:15 . 2009-06-10 07:29 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2012-02-29 21:15 . 2009-06-10 07:29 258048 ----a-w- c:\windows\system32\nvrstr.dll
2012-02-29 21:15 . 2009-06-10 07:29 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-02-29 21:15 . 2009-06-10 07:29 253952 ----a-w- c:\windows\system32\nvrsno.dll
2012-02-29 21:15 . 2009-06-10 07:29 335872 ----a-w- c:\windows\system32\nvrsar.dll
2012-02-29 21:15 . 2009-06-10 07:29 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2012-02-29 21:15 . 2009-06-10 07:29 282624 ----a-w- c:\windows\system32\nvrsel.dll
2012-02-29 21:15 . 2009-06-10 07:29 270336 ----a-w- c:\windows\system32\nvrsru.dll
2012-02-29 21:15 . 2009-06-10 07:29 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2012-02-29 21:15 . 2009-06-10 07:29 126976 ----a-w- c:\windows\system32\nvrszht.dll
2012-02-29 21:15 . 2009-06-10 07:29 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2012-02-29 21:15 . 2009-06-10 07:29 253952 ----a-w- c:\windows\system32\nvrsda.dll
2012-02-29 21:15 . 2009-06-10 07:29 258048 ----a-w- c:\windows\system32\nvrssl.dll
2012-02-29 20:30 . 2010-06-07 15:34 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-29 20:30 . 2010-06-07 15:34 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:30 . 2010-06-07 15:34 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-29 20:30 . 2010-06-07 15:34 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:30 . 2010-06-07 15:34 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-12 14:15 . 2012-02-12 14:15 73728 ----a-r- c:\documents and settings\doma\Data aplikací\Microsoft\Installer\{402613C2-6CA5-48E5-8B9C-0BED1D502A19}\NewShortcut1_63DEE96284054F8694636FE381A5574C.exe
2012-01-27 12:03 . 2004-08-17 13:49 219648 ----a-w- c:\windows\system32\uxtheme.dll
2011-10-25 12:03 . 2011-10-25 12:03 1389581103 ----a-w- c:\program files\Combatarms_eu.exe
2012-03-20 15:21 . 2012-03-07 17:24 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-12_12.07.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-13 10:32 . 2012-04-13 10:32 16384 c:\windows\temp\Perflib_Perfdata_e5c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Core Temp"="c:\program files\Core Temp\Core Temp.exe" [2012-01-25 758224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"PAC207_Monitor"="c:\windows\PixArt\i-Look110\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\i-Look110\Monitor.exe" [2007-12-10 323584]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2012-02-28 190768]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Sweex Wireless LAN Utility.lnk - c:\program files\Sweex Wireless LAN\LW057V2 Wireless LAN PCI Card 54 Mbps\RtWlan.exe [2011-10-11 782336]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Rainmeter.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Rainmeter.lnk
backup=c:\windows\pss\Rainmeter.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-07-01 06:42 133104 ----atw- c:\documents and settings\doma\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\us downloader\\USDownloader.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Techland\\Call of Juarez\\CoJ.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Mobiola Web Camera for S60\\webcam.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\doma\\Dokumenty\\RemoterServer.exe"=
"c:\\Games\\TrackMania 2\\ManiaPlanet.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft Games\\Microsoft Flight\\Flight.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Data aplikací\\Electronic Arts\\Need For Speed World\\Data\\nfsw.exe"=
"c:\\Program Files\\Core Temp\\Core Temp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [6.1.2012 20:32 2911848]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [19.3.2011 10:11 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16.9.2008 16:12 337880]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [26.8.2011 17:19 232512]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [13.1.2012 17:56 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [13.1.2012 17:55 91952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.9.2008 16:12 20696]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [11.10.2011 17:39 38144]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [28.2.2012 18:38 1373576]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10.4.2012 20:43 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [26.2.2012 18:29 2348352]
R3 ALSysIO;ALSysIO;\??\c:\docume~1\doma\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\doma\LOCALS~1\Temp\ALSysIO.sys [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10.4.2012 20:43 22344]
R3 PAC207;i-Look 110;c:\windows\system32\drivers\PFC027.SYS [22.7.2009 8:14 618112]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [14.3.2012 19:57 104752]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [14.3.2012 19:57 116016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S2 gupdate1c99e1ca9ef1c24;Google Update Service (gupdate1c99e1ca9ef1c24);c:\program files\Google\Update\GoogleUpdate.exe [6.3.2009 7:30 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 9:50 158856]
S2 tvnserver;TightVNC Server;"c:\program files\TightVNC\tvnserver.exe" -service --> c:\program files\TightVNC\tvnserver.exe [?]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [1.8.2011 13:03 1714176]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [10.6.2011 19:26 219264]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [14.1.2011 17:51 36608]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [19.8.2011 14:51 130976]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6.3.2009 7:30 133104]
S3 iDispService;iDispService;c:\windows\system32\drivers\idisplayminiport.sys [11.3.2012 19:43 15568]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [10.4.2012 15:11 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [10.4.2012 15:11 8576]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - CPUZ135
*Deregistered* - cpuz135
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
FF - ProfilePath - c:\documents and settings\doma\Data aplikací\Mozilla\Firefox\Profiles\zmv8a9de.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-13 15:41
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1957994488-2052111302-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B8F96E02-A3A6-1DB9-0E31-3D04CA91CFE7}*]
"haadbopjmhgpkana"=hex:6a,61,6e,65,6c,6c,70,64,6a,6b,6f,68,6e,64,6f,70,6b,66,
6d,65,00,31
"iacdhcmnggdebbjaeg"=hex:6a,61,6e,65,6c,6c,70,64,6a,6b,6f,68,6e,64,6f,70,6b,66,
6d,65,00,80
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1140)
c:\program files\NVIDIA Corporation\nview\nview.dll
c:\program files\NVIDIA Corporation\nview\NVWRSCS.DLL
c:\windows\system32\msi.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2012-04-13 15:42:53
ComboFix-quarantined-files.txt 2012-04-13 13:42
ComboFix2.txt 2012-04-12 18:03
ComboFix3.txt 2012-04-12 12:09
.
Před spuštěním: Volných bajtů: 22 324 064 256
Po spuštění: Volných bajtů: 22 297 239 552
.
- - End Of File - - 4C787DEF8BAE2292F3F85DD9871D969C


Je tam něaka nakaza?

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\drivers\appdrv01.sys
c:\program files\Google\Update\GoogleUpdate.exe

Folder::
C:\found.000

Driver::
appdrv01
ALSysIO
tvnserver
gupdatem
gupdate1c99e1ca9ef1c24

RegNull::
[HKEY_USERS\S-1-5-21-1957994488-2052111302-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B8F96E02-A3A6-1DB9-0E31-3D04CA91CFE7}*]
"haadbopjmhgpkana"=hex:6a,61,6e,65,6c,6c,70,64,6a,6b,6f,68,6e,64,6f,70,6b,66,
 6d,65,00,31
"iacdhcmnggdebbjaeg"=hex:6a,61,6e,65,6c,6c,70,64,6a,6b,6f,68,6e,64,6f,70,6b,66,
 6d,65,00,80

RegLock::
[HKEY_USERS\S-1-5-21-1957994488-2052111302-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B8F96E02-A3A6-1DB9-0E31-3D04CA91CFE7}*]
"haadbopjmhgpkana"=hex:6a,61,6e,65,6c,6c,70,64,6a,6b,6f,68,6e,64,6f,70,6b,66,
 6d,65,00,31
"iacdhcmnggdebbjaeg"=hex:6a,61,6e,65,6c,6c,70,64,6a,6b,6f,68,6e,64,6f,70,6b,66,
 6d,65,00,80

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[ondoubek]

Comboxix log..Po spusteni pc se mi od pouziti CF nespousti avast,musim ho spustit rucne,alespon ho nevidim v trayi

ComboFix 12-04-13.01 - doma 13.04.2012 16:10:56.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2202 [GMT 2:00]
Spuštěný z: c:\documents and settings\doma\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\doma\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
FILE ::
"c:\program files\Google\Update\GoogleUpdate.exe"
"c:\windows\system32\drivers\appdrv01.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\found.000
c:\found.000\file0000.chk
c:\found.000\file0001.chk
c:\found.000\file0002.chk
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\drivers\appdrv01.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ALSYSIO
-------\Legacy_APPDRV01
-------\Legacy_GUPDATE1C99E1CA9EF1C24
-------\Legacy_TVNSERVER
-------\Service_ALSysIO
-------\Service_appdrv01
-------\Service_gupdate1c99e1ca9ef1c24
-------\Service_gupdatem
-------\Service_tvnserver
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-13 do 2012-04-13 )))))))))))))))))))))))))))))))
.
.
2012-04-10 18:43 . 2012-04-10 18:43 -------- d-----w- c:\documents and settings\doma\Data aplikací\Malwarebytes
2012-04-10 18:43 . 2012-04-10 18:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2012-04-10 18:43 . 2012-04-10 18:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-10 18:43 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-10 13:11 . 2012-01-09 15:28 8576 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2012-04-10 13:11 . 2012-01-09 15:28 137600 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2012-04-10 13:11 . 2012-01-09 15:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2012-04-10 13:11 . 2012-01-09 15:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2012-04-10 13:11 . 2012-01-09 15:28 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2012-04-10 13:11 . 2012-01-09 15:28 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2012-04-09 14:27 . 2012-04-09 14:27 -------- d-----w- C:\MineMovies
2012-04-07 09:07 . 2012-04-07 09:18 -------- d-----w- c:\program files\Core Temp
2012-04-05 17:16 . 2012-04-05 17:32 -------- d-----w- c:\documents and settings\doma\WebToolsWorkspace
2012-04-05 07:27 . 2012-04-05 07:27 -------- d-----w- c:\documents and settings\doma\Data aplikací\Need for Speed World
2012-04-05 06:29 . 2012-04-05 06:29 -------- d-----w- c:\documents and settings\doma\Local Settings\Data aplikací\Electronic_Arts_Inc
2012-04-05 06:28 . 2012-04-05 06:28 -------- d-----w- c:\program files\Electronic Arts
2012-04-03 17:39 . 2012-04-10 13:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Plocha
2012-03-30 11:42 . 2012-04-09 09:25 -------- d-----w- c:\documents and settings\UpdatusUser\Data aplikací\VMware
2012-03-29 16:41 . 2012-03-29 16:44 -------- d-----w- c:\documents and settings\doma\Local Settings\Data aplikací\BlueStacksSetup
2012-03-29 15:08 . 2012-03-29 15:28 -------- d-----w- c:\documents and settings\doma\Local Settings\Data aplikací\VMware
2012-03-29 15:08 . 2012-04-09 18:44 -------- d-----w- c:\documents and settings\doma\Data aplikací\VMware
2012-03-29 15:04 . 2012-03-29 15:04 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Data aplikací\VMware
2012-03-29 15:02 . 2012-04-09 18:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\VMware
2012-03-27 16:48 . 2012-03-27 16:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-03-24 17:49 . 2012-03-24 17:49 -------- d-----w- C:\$WINDOWS.~BT
2012-03-20 15:21 . 2012-03-20 15:21 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-20 15:21 . 2012-03-20 15:21 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-17 10:21 . 2012-03-17 10:21 -------- d-----w- c:\documents and settings\doma\Data aplikací\Wireshark
2012-03-16 20:13 . 2012-03-16 20:13 -------- d-----w- c:\program files\Common Files\Skype
2012-03-14 18:48 . 2012-03-14 19:45 -------- d-----w- c:\program files\UltraISO
2012-03-14 17:57 . 2012-03-14 17:57 116016 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-03-14 17:57 . 2012-03-14 17:57 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-03-14 17:57 . 2012-03-14 17:57 135472 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 17:57 . 2012-01-13 15:56 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-03-14 17:57 . 2012-01-13 15:55 91952 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-03-07 00:15 . 2010-11-26 14:28 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2008-09-16 14:12 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2011-03-19 08:11 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2008-09-16 14:12 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2008-09-16 14:12 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2008-09-16 14:12 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2008-09-16 14:12 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-07 00:01 . 2008-09-16 14:12 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-07 00:01 . 2008-09-16 14:12 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 23:58 . 2008-09-16 14:12 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-02-29 23:58 . 2012-02-26 16:28 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:58 . 2012-02-26 16:28 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 23:58 . 2010-06-17 11:17 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-29 23:58 . 2010-06-17 11:17 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-29 23:58 . 2009-07-03 03:11 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-29 23:58 . 2009-07-03 03:11 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-29 23:58 . 2009-07-03 03:11 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-29 23:58 . 2009-07-03 03:11 2291712 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:58 . 2009-07-03 03:11 18624512 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-29 23:58 . 2006-02-13 13:05 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-29 23:58 . 2006-02-13 13:05 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-29 21:15 . 2009-06-10 07:29 335872 ----a-w- c:\windows\system32\nvrshe.dll
2012-02-29 21:15 . 2009-06-10 07:29 274432 ----a-w- c:\windows\system32\nvrsja.dll
2012-02-29 21:15 . 2009-06-10 07:29 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2012-02-29 21:15 . 2009-06-10 07:29 258048 ----a-w- c:\windows\system32\nvrspl.dll
2012-02-29 21:15 . 2009-06-10 07:29 253952 ----a-w- c:\windows\system32\nvrssv.dll
2012-02-29 21:15 . 2009-06-10 07:29 249856 ----a-w- c:\windows\system32\nvrseng.dll
2012-02-29 21:15 . 2009-06-10 07:29 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-02-29 21:15 . 2009-06-10 07:29 282624 ----a-w- c:\windows\system32\nvrsit.dll
2012-02-29 21:15 . 2009-06-10 07:29 278528 ----a-w- c:\windows\system32\nvrsde.dll
2012-02-29 21:15 . 2009-06-10 07:29 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2012-02-29 21:15 . 2009-06-10 07:29 258048 ----a-w- c:\windows\system32\nvrssk.dll
2012-02-29 21:15 . 2009-06-10 07:29 274432 ----a-w- c:\windows\system32\nvrspt.dll
2012-02-29 21:15 . 2009-06-10 07:29 262144 ----a-w- c:\windows\system32\nvrshu.dll
2012-02-29 21:15 . 2009-06-10 07:29 266240 ----a-w- c:\windows\system32\nvrsko.dll
2012-02-29 21:15 . 2009-06-10 07:29 282624 ----a-w- c:\windows\system32\nvrses.dll
2012-02-29 21:15 . 2009-06-10 07:29 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2012-02-29 21:15 . 2009-06-10 07:29 258048 ----a-w- c:\windows\system32\nvrstr.dll
2012-02-29 21:15 . 2009-06-10 07:29 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-02-29 21:15 . 2009-06-10 07:29 253952 ----a-w- c:\windows\system32\nvrsno.dll
2012-02-29 21:15 . 2009-06-10 07:29 335872 ----a-w- c:\windows\system32\nvrsar.dll
2012-02-29 21:15 . 2009-06-10 07:29 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2012-02-29 21:15 . 2009-06-10 07:29 282624 ----a-w- c:\windows\system32\nvrsel.dll
2012-02-29 21:15 . 2009-06-10 07:29 270336 ----a-w- c:\windows\system32\nvrsru.dll
2012-02-29 21:15 . 2009-06-10 07:29 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2012-02-29 21:15 . 2009-06-10 07:29 126976 ----a-w- c:\windows\system32\nvrszht.dll
2012-02-29 21:15 . 2009-06-10 07:29 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2012-02-29 21:15 . 2009-06-10 07:29 253952 ----a-w- c:\windows\system32\nvrsda.dll
2012-02-29 21:15 . 2009-06-10 07:29 258048 ----a-w- c:\windows\system32\nvrssl.dll
2012-02-29 20:30 . 2010-06-07 15:34 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-29 20:30 . 2010-06-07 15:34 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:30 . 2010-06-07 15:34 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-29 20:30 . 2010-06-07 15:34 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:30 . 2010-06-07 15:34 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-12 14:15 . 2012-02-12 14:15 73728 ----a-r- c:\documents and settings\doma\Data aplikací\Microsoft\Installer\{402613C2-6CA5-48E5-8B9C-0BED1D502A19}\NewShortcut1_63DEE96284054F8694636FE381A5574C.exe
2012-01-27 12:03 . 2004-08-17 13:49 219648 ----a-w- c:\windows\system32\uxtheme.dll
2011-10-25 12:03 . 2011-10-25 12:03 1389581103 ----a-w- c:\program files\Combatarms_eu.exe
2012-03-20 15:21 . 2012-03-07 17:24 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-12_12.07.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-13 14:16 . 2012-04-13 14:16 16384 c:\windows\temp\Perflib_Perfdata_784.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Core Temp"="c:\program files\Core Temp\Core Temp.exe" [2012-01-25 758224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 16841216]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"PAC207_Monitor"="c:\windows\PixArt\i-Look110\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\i-Look110\Monitor.exe" [2007-12-10 323584]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2012-02-28 190768]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Sweex Wireless LAN Utility.lnk - c:\program files\Sweex Wireless LAN\LW057V2 Wireless LAN PCI Card 54 Mbps\RtWlan.exe [2011-10-11 782336]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Rainmeter.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Rainmeter.lnk
backup=c:\windows\pss\Rainmeter.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-07-01 06:42 133104 ----atw- c:\documents and settings\doma\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\us downloader\\USDownloader.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Techland\\Call of Juarez\\CoJ.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Mobiola Web Camera for S60\\webcam.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\doma\\Dokumenty\\RemoterServer.exe"=
"c:\\Games\\TrackMania 2\\ManiaPlanet.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft Games\\Microsoft Flight\\Flight.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Data aplikací\\Electronic Arts\\Need For Speed World\\Data\\nfsw.exe"=
"c:\\Program Files\\Core Temp\\Core Temp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [19.3.2011 10:11 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16.9.2008 16:12 337880]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [26.8.2011 17:19 232512]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [13.1.2012 17:56 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [13.1.2012 17:55 91952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.9.2008 16:12 20696]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [11.10.2011 17:39 38144]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [28.2.2012 18:38 1373576]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10.4.2012 20:43 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [26.2.2012 18:29 2348352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10.4.2012 20:43 22344]
R3 PAC207;i-Look 110;c:\windows\system32\drivers\PFC027.SYS [22.7.2009 8:14 618112]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [14.3.2012 19:57 104752]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [14.3.2012 19:57 116016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 9:50 158856]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [1.8.2011 13:03 1714176]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [10.6.2011 19:26 219264]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [14.1.2011 17:51 36608]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [19.8.2011 14:51 130976]
S3 iDispService;iDispService;c:\windows\system32\drivers\idisplayminiport.sys [11.3.2012 19:43 15568]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [10.4.2012 15:11 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [10.4.2012 15:11 8576]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ALSYSIO
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
FF - ProfilePath - c:\documents and settings\doma\Data aplikací\Mozilla\Firefox\Profiles\zmv8a9de.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-13 16:18
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3780)
c:\program files\NVIDIA Corporation\nview\nview.dll
c:\program files\NVIDIA Corporation\nview\NVWRSCS.DLL
c:\windows\system32\msi.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\RunDLL32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Celkový čas: 2012-04-13 16:20:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-13 14:20
ComboFix2.txt 2012-04-13 13:42
ComboFix3.txt 2012-04-12 18:03
ComboFix4.txt 2012-04-12 12:09
.
Před spuštěním: Volných bajtů: 22 306 459 648
Po spuštění: Volných bajtů: 22 365 007 872
.
- - End Of File - - A962BA3463FA4878364D0DEE8560BD84

[memphisto]

Konečně je to všechno pryč...

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

+ Nový log z HJT

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Jak se chová PC?

[ondoubek]

Jo díky,ste borci...ten avast bude asi později,pc se chová asi trochu líp,spouští se rychleji pc i Firefox.takže mám vyčistit kompa a dát log sem a potom avastMBR anebo vyčistit,použít avastMBR a pak dát log?Takže MBAM mám odinstalovat?byl tam něaký virus?

[memphisto]

Na pořadí nezáleží. Mbam můžeš odinstalovat. Vir nebyl. Spíše pozůstatky služeb, apod.