explorer.exe

[tereza.red]

ahoj, prosím potřebuji poradit. Po startu windows vista se objeví černá obrazovka + jedno okno dokumenty ve kterém jde normálně spouštět, ale chybí plocha, start atd. Tady na foru jsem našla že se má ručně spusti program explorer.exe. Pak to fungovat začne, ale po restartu znovu ne. co s tím?

[Reklama]

[Paulí]

V registrech můžeš nastavit spouštění automaticky se startem PC. Není to sice řešením - protože se má spouštěť jako služba sám, ale jako nouzovka to stačí.

Jak na to ?
Otevři nástroj regedit (buď příkaz "spustit..." a napíšeš "regedit" a nebo spustíš "C:/Windows/regedit.exe"). Potom otevři postupně větve: "HKEK_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/Current version/Run" poté v pravém okně klikni pravým tlačítkem myši a dej "Nový/Řetězová hodnota", pojmenuj ji (jakkoliv), otevři ji a zadej "explorer". Pak ok a můžeš regedit zavřít. Po příštím spuštění pc, sám program explorer naběhne.

[Damned]

Z mého podpisu si stáhni HijackThis, podle návodu udělej z něho log a vlož ho sem.

[tereza.red]

Jelikož rada 1 nezafungovala, vkládám log z hijakcthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:31, on 8.8.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WerCon.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\WerFault.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=explorer.exe rundll32.exe tapi.nfo beforeglav
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,
O1 - Hosts: ::1 localhost
O1 - Hosts: 195.24.78.186 browser-secure.microsoft.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\TereSka\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [winsvc32] winsvc32.exe
O4 - HKLM\..\Run: [sj] explorer.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [userinit] C:\Users\Pavlínka\AppData\Roaming\sdra64.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Funkčnost aplikací AeLookupSvcAeLookupSvcAESTFilters (AeLookupSvcAeLookupSvcAESTFilters) - Unknown owner - C:\Windows\TEMP\lljcmircqw.exe
O23 - Service: Funkčnost aplikací AeLookupSvcAESTFilters (AeLookupSvcAESTFilters) - Unknown owner - C:\Windows\TEMP\wocidcagbv.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 12148 bytes

[Damned]

Hmmm se ani nedivím. Odinstaluj si Crawler Toolbar.

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

F2 - REG:system.ini: Shell=explorer.exe rundll32.exe tapi.nfo beforeglav
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,
O1 - Hosts: ::1 localhost
O1 - Hosts: 195.24.78.186 browser-secure.microsoft.com
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [winsvc32] winsvc32.exe
O4 - HKLM\..\Run: [sj] explorer.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O13 - Gopher Prefix:
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Funkčnost aplikací AeLookupSvcAeLookupSvcAESTFilters (AeLookupSvcAeLookupSvcAESTFilters) - Unknown owner - C:\Windows\TEMP\lljcmircqw.exe
O23 - Service: Funkčnost aplikací AeLookupSvcAESTFilters (AeLookupSvcAESTFilters) - Unknown owner - C:\Windows\TEMP\wocidcagbv.exe
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[tereza.red]

Uplynulý cas: 4 minute(s), 2 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 1
Infikované klíce registru: 7
Infikované hodnoty registru: 3
Infikované položky dat registru: 4
Infikované složky: 1
Infikované soubory: 9

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
\\?\globalroot\systemroot\System32\SKYNETctlkieph.dll (Trojan.TDSS) -> No action taken.

Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsvc32 (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Userinit (Trojan.Agent) -> No action taken.

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe rundll32.exe tapi.nfo beforeglav) Good: (Explorer.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,) Good: (Userinit.exe) -> No action taken.

Infikované složky:
C:\Windows\System32\lowsec (Stolen.data) -> No action taken.

Infikované soubory:
\\?\globalroot\systemroot\System32\SKYNETctlkieph.dll (Trojan.TDSS) -> No action taken.
C:\Windows\Temp\7216.tmp (Trojan.Agent) -> No action taken.
C:\Windows\System32\lowsec\local.ds (Stolen.data) -> No action taken.
C:\Windows\System32\lowsec\user.ds (Stolen.data) -> No action taken.
C:\Windows\System32\lowsec\user.ds.lll (Stolen.data) -> No action taken.
C:\Windows\winsvc32.exe (Backdoor.Bot) -> No action taken.
C:\Windows\System32\sdra64.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\Pavlínka\AppData\Roaming\sdra64.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\drivers\str.sys (Rootkit.Agent) -> No action taken.

[Damned]

Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[tereza.red]

takže tady je log z malware:

Verze databáze: 2551
Windows 6.0.6001 Service Pack 1

9.8.2009 13:47:20
mbam-log-2009-08-09 (13-47-20).txt

Typ skenu: Rychlý sken
Objektu skenováno: 100990
Uplynulý cas: 3 minute(s), 15 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 1
Infikované klíce registru: 7
Infikované hodnoty registru: 3
Infikované položky dat registru: 4
Infikované složky: 1
Infikované soubory: 9

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
\\?\globalroot\systemroot\System32\SKYNETctlkieph.dll (Trojan.TDSS) -> Delete on reboot.

Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsvc32 (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Userinit (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe rundll32.exe tapi.nfo beforeglav) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Infikované složky:
C:\Windows\System32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Infikované soubory:
\\?\globalroot\systemroot\System32\SKYNETctlkieph.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\7216.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\Windows\System32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\Windows\System32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.
C:\Windows\winsvc32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\sdra64.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Pavlínka\AppData\Roaming\sdra64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

[Damned]

Fajn, ještě ComboFix.

[tereza.red]

a tady combofix:

ComboFix 09-08-08.04 - Pavlínka 09.08.2009 14:06.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2044.1406 [GMT 2:00]
Spuštěný z: c:\users\Pavlínka\Desktop\ComboFix.exe
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1596429513-3520882811-2705392460-500
c:\$recycle.bin\S-1-5-21-3082142337-2710476820-3580045543-500
c:\program files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\users\TereSka\AppData\Roaming\WeatherDPA
c:\users\TereSka\AppData\Roaming\WeatherDPA\Weather\WeatherStartup.xml
c:\windows\Installer\1638bf.msi
c:\windows\Installer\1e4d9.msi
c:\windows\Installer\1e4dd.msi
c:\windows\Installer\1e4e1.msi
c:\windows\Installer\1e4e5.msi
c:\windows\Installer\1e4e9.msi
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\SKYNETqnqdeqsp.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SKYNETcbqnlwux.dat
c:\windows\System32\SKYNETctlkieph.dll
c:\windows\system32\SKYNETdpjeyfvp.dll
c:\windows\system32\SKYNETevfbytih.dat
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETiqvppnkr
-------\Legacy_NPF
-------\Legacy_SKYNETiqvppnkr
-------\Service_npf


((((((((((((((((((((((((( Soubory vytvořené od 2009-07-09 do 2009-08-09 )))))))))))))))))))))))))))))))
.

2009-08-09 12:13 . 2009-08-09 12:13 -------- d-----w- c:\users\TereSka\AppData\Local\temp
2009-08-09 12:13 . 2009-08-09 12:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-09 12:13 . 2009-08-09 12:13 -------- d-----w- c:\users\Matej\AppData\Local\temp
2009-08-08 06:34 . 2009-08-08 06:34 -------- d-----w- c:\program files\Trend Micro
2009-08-07 07:30 . 2009-08-07 19:53 -------- d-sh--w- c:\users\TereSka\AppData\Roaming\lowsec
2009-07-26 18:32 . 2009-07-26 18:34 -------- d-----w- c:\users\Public\Nová složka
2009-07-19 18:15 . 2009-07-27 18:57 -------- d-----w- c:\users\TereSka\AppData\Roaming\dvdcss
2009-07-19 08:32 . 2009-07-19 08:32 -------- d-----w- c:\program files\EA Sports
2009-07-19 08:23 . 2009-07-19 08:23 -------- d--h--r- c:\users\TereSka\AppData\Roaming\SecuROM
2009-07-16 08:41 . 2009-07-16 13:58 -------- d-----w- c:\program files\EA GAMES
2009-07-16 08:38 . 2009-07-16 08:38 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-07-16 08:38 . 2009-07-16 08:38 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-16 08:38 . 2009-07-16 08:38 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-16 08:35 . 2009-07-16 08:35 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-16 08:35 . 2009-07-16 08:39 -------- d-----w- c:\users\TereSka\AppData\Roaming\DAEMON Tools Lite
2009-07-15 11:54 . 2004-08-18 08:34 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2009-07-15 08:41 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 08:41 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 08:41 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 08:41 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 19:48 . 2009-07-14 19:48 -------- d-----w- c:\program files\RTL

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-09 12:23 . 2008-12-16 09:12 598832 ----a-w- c:\windows\system32\perfh005.dat
2009-08-09 12:23 . 2008-12-16 09:12 114992 ----a-w- c:\windows\system32\perfc005.dat
2009-08-09 12:14 . 2008-12-16 01:39 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-09 11:43 . 2009-06-15 10:30 81180 ----a-w- c:\programdata\nvModes.dat
2009-08-09 09:35 . 2009-06-21 09:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-08 06:50 . 2009-06-15 13:17 -------- d-----w- c:\programdata\Spyware Terminator
2009-08-08 06:50 . 2009-06-15 13:17 -------- d-----w- c:\program files\Spyware Terminator
2009-08-07 19:48 . 2009-06-16 07:15 -------- d-----w- c:\program files\WinClamAVShield
2009-08-03 20:16 . 2009-06-23 12:13 -------- d-----w- c:\users\TereSka\AppData\Roaming\uTorrent
2009-08-03 11:36 . 2009-07-10 06:59 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-07-10 06:59 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 08:12 . 2009-06-15 13:17 -------- d-----w- c:\users\TereSka\AppData\Roaming\Spyware Terminator
2009-07-18 16:06 . 2009-08-01 12:47 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-08-01 12:47 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-08-01 12:47 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-16 08:37 . 2009-07-09 09:02 680 ----a-w- c:\users\TereSka\AppData\Local\d3d9caps.dat
2009-07-16 08:12 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-14 19:49 . 2008-12-16 01:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-10 07:42 . 2009-07-10 07:38 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-10 07:25 . 2009-07-10 07:25 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2009-07-10 07:25 . 2009-07-10 07:25 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2009-07-10 07:25 . 2009-07-10 07:25 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-07-10 07:00 . 2009-07-10 07:00 3561743 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-09 20:08 . 2009-07-09 20:08 -------- d-----w- c:\programdata\19284394
2009-07-09 20:08 . 2009-07-09 20:08 714816 ----a-w- c:\programdata\19284394\19284394.exe
2009-07-09 13:13 . 2009-07-09 13:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-07-07 07:26 . 2009-06-15 20:19 -------- d-----w- c:\program files\Google
2009-06-29 14:30 . 2009-06-29 14:31 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-29 14:20 . 2009-06-24 16:48 -------- d-----w- c:\program files\Webteh
2009-06-29 14:20 . 2009-06-24 16:48 -------- d-----w- c:\users\TereSka\AppData\Roaming\BSplayer
2009-06-29 14:18 . 2009-06-29 14:18 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-06-29 14:18 . 2009-06-29 14:18 737280 ----a-w- c:\windows\iun6002.exe
2009-06-27 17:14 . 2009-06-27 17:14 -------- d-----w- c:\users\TereSka\AppData\Roaming\vlc
2009-06-27 17:14 . 2009-06-27 17:14 -------- d-----w- c:\program files\VideoLAN
2009-06-27 11:37 . 2009-06-27 11:37 514888 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-24 21:04 . 2009-06-24 21:04 -------- d-----w- c:\users\TereSka\AppData\Roaming\CyberLink
2009-06-24 16:53 . 2009-06-24 16:53 -------- d-----w- c:\users\TereSka\AppData\Roaming\RadLight Company
2009-06-24 16:53 . 2009-06-24 16:53 -------- d-----w- c:\program files\RadLight Company
2009-06-24 16:48 . 2009-06-24 16:48 -------- d-----w- c:\users\TereSka\AppData\Roaming\BSplayer Pro
2009-06-24 11:00 . 2009-06-24 11:00 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-06-23 12:13 . 2009-06-23 12:13 -------- d-----w- c:\program files\uTorrent
2009-06-23 07:56 . 2009-06-23 07:40 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-06-22 18:04 . 2009-06-21 18:11 -------- d-----w- c:\program files\QIP
2009-06-22 08:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-22 08:48 . 2008-12-16 01:17 -------- d-----w- c:\program files\Norton Internet Security
2009-06-22 08:48 . 2008-12-16 01:53 -------- d-----w- c:\programdata\CyberLink
2009-06-22 08:48 . 2008-12-16 01:17 -------- d-----w- c:\programdata\Norton
2009-06-22 08:41 . 2008-12-16 01:17 -------- d-----w- c:\program files\NortonInstaller
2009-06-22 07:59 . 2009-06-22 07:59 -------- d-----w- c:\users\TereSka\AppData\Roaming\Macrovision
2009-06-22 07:56 . 2008-12-16 02:57 -------- d-----w- c:\program files\SMINST
2009-06-22 07:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-21 15:39 . 2009-06-21 15:38 -------- d-----w- c:\users\Matej\AppData\Roaming\Spyware Terminator
2009-06-21 15:39 . 2009-06-21 15:39 -------- d-----w- c:\users\Matej\AppData\Roaming\DigitalPersona
2009-06-21 15:38 . 2009-06-21 15:38 71776 ----a-w- c:\users\Matej\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-21 10:00 . 2009-06-15 18:31 -------- d-----r- c:\program files\Skype
2009-06-21 10:00 . 2009-06-15 18:25 -------- d-----w- c:\program files\ICQ6Toolbar
2009-06-21 10:00 . 2009-06-15 18:25 -------- d-----w- c:\programdata\ICQ
2009-06-21 09:40 . 2009-06-16 07:27 -------- d-----w- c:\program files\Eset
2009-06-21 09:25 . 2009-06-21 09:25 -------- d-----w- c:\users\TereSka\AppData\Roaming\Malwarebytes
2009-06-21 09:25 . 2009-06-21 09:25 -------- d-----w- c:\programdata\Malwarebytes
2009-06-21 09:11 . 2009-06-15 09:19 71776 ----a-w- c:\users\TereSka\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-16 08:17 . 2009-06-15 09:15 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-16 08:17 . 2009-06-16 08:17 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-16 07:44 . 2008-12-16 02:25 -------- d-----w- c:\program files\Java
2009-06-15 19:07 . 2009-06-15 19:07 -------- d-----w- c:\users\TereSka\AppData\Roaming\Samsung
2009-06-15 18:59 . 2009-06-15 09:57 -------- d-----w- c:\program files\Samsung
2009-06-15 18:49 . 2009-06-15 18:32 -------- d-----w- c:\users\TereSka\AppData\Roaming\Skype
2009-06-15 18:33 . 2009-06-15 18:33 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-06-15 18:33 . 2009-06-15 18:33 -------- d-----w- c:\users\TereSka\AppData\Roaming\skypePM
2009-06-15 18:31 . 2009-06-15 18:31 -------- d-----w- c:\programdata\Skype
2009-06-15 17:18 . 2009-06-15 17:18 -------- d-----w- c:\program files\MSXML 4.0
2009-06-15 09:51 . 2008-12-16 01:18 -------- d-----w- c:\programdata\Symantec
2009-06-15 09:20 . 2009-06-15 09:20 -------- d-----w- c:\users\TereSka\AppData\Roaming\DigitalPersona
2009-06-15 09:17 . 2009-06-15 09:17 -------- d-----w- c:\users\TereSka\AppData\Roaming\Hewlett-Packard
2009-06-15 09:16 . 2009-06-15 09:16 -------- d-----w- c:\program files\Microsoft Works
2009-06-15 09:14 . 2009-06-15 09:14 -------- d-----w- c:\program files\MSN Messenger
2009-06-15 09:13 . 2009-06-15 09:13 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv6 Notebook PC_Y5335KV_0U_QCNF9022XPT_E506288-223_4A_I3629_SQuanta_V18.0B_F.02_T081114_WV3-1_L405_M2045_J320_7Intel_867A_92.00_#081216_N10EC8168;14E44315_(NG679EA#AKB)_XMOBILE_CN10_Z_2F.02.MRK
2009-06-15 09:12 . 2009-06-15 09:12 -------- d-sh--we c:\programdata\Plocha
2009-06-15 09:12 . 2009-06-15 09:12 -------- d-sh--we c:\programdata\Oblíbené položky
2009-06-15 09:12 . 2009-06-15 09:12 -------- d-sh--we c:\programdata\Šablony
2009-06-15 09:12 . 2009-06-15 09:12 -------- d-sh--we c:\programdata\Nabídka Start
2009-06-15 09:12 . 2009-06-15 09:12 -------- d-sh--we c:\programdata\Dokumenty
2009-06-15 09:12 . 2009-06-15 09:12 -------- d-sh--we c:\programdata\Data aplikací
2009-06-03 18:43 . 2009-06-03 18:43 407040 ----a-w- c:\windows\system32\drivers\stwrt.sys
2009-06-03 18:43 . 2009-06-03 18:43 405504 ----a-w- c:\windows\system32\stcplx.dll
2009-06-03 18:43 . 2008-12-16 01:47 536576 ----a-w- c:\windows\system32\idtmini1.exe
2009-06-03 18:43 . 2008-12-16 01:47 450652 ----a-w- c:\windows\sttray.exe
2009-06-03 18:43 . 2008-12-16 01:47 3567616 ----a-w- c:\windows\system32\stlang.dll
2009-06-03 18:43 . 2008-12-16 01:47 175104 ----a-w- c:\windows\system32\staco.dll
2009-06-03 18:43 . 2008-12-16 01:46 914432 ----a-w- c:\windows\system32\stapo.dll
2009-06-03 18:43 . 2008-12-16 01:46 483840 ----a-w- c:\windows\system32\stapi32.dll
2008-12-16 09:35 . 2008-12-16 09:17 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-07-10 3055616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-19 13593120]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-19 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-24 1348904]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-09-25 1152296]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-09-25 189736]
"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2008-09-24 206120]
"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-09-23 912688]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-09-26 210216]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-07-14 814144]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-29 148888]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-07-10 2173440]
"sj"="explorer.exe" - c:\windows\explorer.exe [2008-10-29 2927104]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0EFAFD4D-3589-42A7-ABB9-BDD989C7F74A}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{22753A40-8723-4D8D-86EE-706869E6E8E6}"= c:\program files\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe:HP TouchSmart Music
"{EE7DF7B4-7052-4069-8E6B-5BF5690BED2D}"= c:\program files\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe:HP TouchSmart Photo
"{CA081895-66C8-4A75-B32D-6D4819C95776}"= c:\program files\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe:HP TouchSmart Video
"{3DD4FA28-327A-4BE4-81DC-8E981945AE4F}"= c:\program files\Hewlett-Packard\Media\DVD\TSMAgent.exe:HP TouchSmart Media Resident Program
"{9B67E725-3767-4C94-A820-0728E1FEEAFB}"= c:\program files\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe:CyberLink Media Service
"{A45CFAA3-881F-4EF9-997D-EFA667BC851F}"= c:\program files\Hewlett-Packard\Media\DVD\HPDVDSmart.exe:HP MediaSmart DVD
"{8C608369-2C57-4F67-99FB-79E5602E44B0}"= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe:HP TouchSmart Music
"{3C179A8F-19F6-4BDD-885E-9A1E5491EE12}"= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe:HP TouchSmart Photo
"{C24E1B14-1A75-4F1C-85D3-EC8A73354ECC}"= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe:HP TouchSmart Video
"{6BFB595A-ABD0-4C8C-969B-944D3DE7F194}"= c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe:HP TouchSmart Media Resident Program
"{C992C585-2380-4C4D-A95C-ACB589FEAEA3}"= c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe:CyberLink Media Service
"{35733EBD-E72F-4BBE-943B-C46246ECBB8E}"= c:\program files\Hewlett-Packard\Media\TV\QP.exe:Quick Play
"{A2A7390D-FA7A-486E-A716-9B1DABAA1F2A}"= c:\program files\Hewlett-Packard\Media\TV\QPService.exe:Quick Play Resident Program
"{37B42DE4-0670-405A-82FD-F56B95DCBB5D}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{F5BFE4AF-7EB7-40B0-98EA-31BF264961F1}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{F88B552A-A5DD-4908-9EB9-CE177FDB1D30}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{E9E7E8F4-79DB-4660-9F4D-1E4E464A3AC1}c:\\program files\\radlight company\\radlight 4.0\\rlkernel.exe"= UDP:c:\program files\radlight company\radlight 4.0\rlkernel.exe:Kernel Executable
"UDP Query User{82974325-E800-4B59-82F1-1330E278190D}c:\\program files\\radlight company\\radlight 4.0\\rlkernel.exe"= TCP:c:\program files\radlight company\radlight 4.0\rlkernel.exe:Kernel Executable
"TCP Query User{75835042-6214-4225-A53C-D03701DE296A}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= UDP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"UDP Query User{026BDE04-200E-4697-998D-71253599F48B}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= TCP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"TCP Query User{B3B9035F-8952-48C9-877A-CBCEB1D79488}c:\\windows\\explorer.exe"= UDP:c:\windows\explorer.exe:Průzkumník Windows
"UDP Query User{7AE608F9-9948-4DC6-B9A8-790B03892B69}c:\\windows\\explorer.exe"= TCP:c:\windows\explorer.exe:Průzkumník Windows

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [10.7.2009 9:25 142592]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\Hewlett-Packard\Media\DVD\000.fcl [26.9.2008 3:36 59376]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\AEstSrv.exe [2.3.2009 18:43 81920]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21.1.2008 4:23 21504]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [18.3.2008 17:24 19456]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [16.12.2008 3:18 115560]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [16.12.2008 4:57 365952]
R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [24.9.2008 19:08 296320]
R2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [24.9.2008 19:08 116096]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\System32\vfsFPService.exe [16.9.2008 11:33 599344]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [16.12.2008 3:31 193840]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [4.9.2008 19:47 54784]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [7.8.2008 19:01 97536]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [6.8.2008 5:29 44576]
R3 vfs101x;vfs101x;c:\windows\System32\drivers\vfs101x.sys [16.9.2008 11:33 40752]
S2 AeLookupSvcAeLookupSvcAESTFilters;Funkčnost aplikací AeLookupSvcAeLookupSvcAESTFilters;c:\windows\TEMP\lljcmircqw.exe service --> c:\windows\TEMP\lljcmircqw.exe service [?]
S2 AeLookupSvcAESTFilters;Funkčnost aplikací AeLookupSvcAESTFilters;c:\windows\TEMP\wocidcagbv.exe service --> c:\windows\TEMP\wocidcagbv.exe service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Pavlínka\AppData\Roaming\Mozilla\Firefox\Profiles\euu8zqza.default\
FF - prefs.js: browser.startup.homepage - http://www.seznam.cz
FF - component: c:\program files\DigitalPersona\Bin\firefoxext\components\dpffcli.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(692)
c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(4828)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btmmhook.dll
c:\program files\DigitalPersona\Bin\DpoSet.dll
c:\windows\system32\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\wlanext.exe
c:\windows\System32\rundll32.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Celkový čas: 2009-08-09 14:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-09 12:26

Před spuštěním: Volných bajtů: 234 768 306 176
Po spuštění: Volných bajtů: 236 363 845 632

326 --- E O F --- 2009-08-07 15:27

[Damned]

Na co tam máš WinClamAVShield-odinstaluj? Máš tam Nortona

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\users\TereSka\AppData\Local\d3d9caps.dat
c:\programdata\ezsidmv.dat
c:\windows\TEMP\lljcmircqw.exe
c:\windows\TEMP\wocidcagbv.exe

Folder::
c:\users\TereSka\AppData\Roaming\lowsec
c:\program files\DAEMON Tools Toolbar
c:\programdata\19284394
c:\program files\Webteh
c:\users\TereSka\AppData\Roaming\BSplayer
c:\users\TereSka\AppData\Roaming\BSplayer Pro
c:\program files\ICQ6Toolbar

DirLook::
c:\users\TereSka\AppData\Roaming\dvdcss

Driver::
AeLookupSvcAeLookupSvcAESTFilters;Funkčnost aplikací AeLookupSvcAeLookupSvcAESTFilters
AeLookupSvcAeLookupSvcAESTFilters
AeLookupSvcAESTFilters;Funkčnost aplikací AeLookupSvcAESTFilters
AeLookupSvcAESTFilters
ezSharedSvc

NetSvcs::
ezSharedSvc




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

[tereza.red]

takže log z combofixu:

ComboFix 09-08-08.04 - TereSka 09.08.2009 21:15.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2044.867 [GMT 2:00]
Spuštěný z: K:\ComboFix.exe
Použité ovládací přepínače :: c:\users\TereSka\Desktop\CFScript.txt
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\programdata\ezsidmv.dat"
"c:\users\TereSka\AppData\Local\d3d9caps.dat"
"c:\windows\TEMP\lljcmircqw.exe"
"c:\windows\TEMP\wocidcagbv.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DAEMON Tools Toolbar
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\Webteh
c:\programdata\19284394
c:\programdata\19284394\19284394
c:\programdata\19284394\19284394.exe
c:\programdata\ezsidmv.dat
c:\users\TereSka\AppData\Local\d3d9caps.dat
c:\users\TereSka\AppData\Roaming\BSplayer Pro
c:\users\TereSka\AppData\Roaming\BSplayer Pro\BSplayer.xml
c:\users\TereSka\AppData\Roaming\BSplayer Pro\EQ.xml
c:\users\TereSka\AppData\Roaming\BSplayer
c:\users\TereSka\AppData\Roaming\lowsec
c:\users\TereSka\AppData\Roaming\lowsec\local.ds
c:\users\TereSka\AppData\Roaming\lowsec\user.ds

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_AeLookupSvcAeLookupSvcAESTFilters
-------\Service_AeLookupSvcAESTFilters
-------\Service_ezSharedSvc


((((((((((((((((((((((((( Soubory vytvořené od 2009-07-09 do 2009-08-09 )))))))))))))))))))))))))))))))
.

2009-08-09 19:19 . 2009-08-09 19:19 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-09 19:19 . 2009-08-09 19:19 -------- d-----w- c:\users\Matej\AppData\Local\temp
2009-08-09 19:19 . 2009-08-09 19:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-09 12:26 . 2009-08-09 19:22 -------- d-----w- c:\users\TereSka\AppData\Local\temp
2009-08-08 06:34 . 2009-08-08 06:34 -------- d-----w- c:\program files\Trend Micro
2009-07-26 18:32 . 2009-07-26 18:34 -------- d-----w- c:\users\Public\Nová složka
2009-07-19 18:15 . 2009-07-27 18:57 -------- d-----w- c:\users\TereSka\AppData\Roaming\dvdcss
2009-07-19 08:32 . 2009-07-19 08:32 -------- d-----w- c:\program files\EA Sports
2009-07-19 08:23 . 2009-07-19 08:23 -------- d--h--r- c:\users\TereSka\AppData\Roaming\SecuROM
2009-07-16 08:41 . 2009-07-16 13:58 -------- d-----w- c:\program files\EA GAMES
2009-07-16 08:38 . 2009-07-16 08:38 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-07-16 08:38 . 2009-07-16 08:38 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-16 08:35 . 2009-07-16 08:35 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-16 08:35 . 2009-07-16 08:39 -------- d-----w- c:\users\TereSka\AppData\Roaming\DAEMON Tools Lite
2009-07-15 11:54 . 2004-08-18 08:34 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2009-07-15 08:41 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 08:41 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 08:41 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 08:41 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 19:48 . 2009-07-14 19:48 -------- d-----w- c:\program files\RTL

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-09 19:28 . 2008-12-16 09:12 598832 ----a-w- c:\windows\system32\perfh005.dat
2009-08-09 19:28 . 2008-12-16 09:12 114992 ----a-w- c:\windows\system32\perfc005.dat
2009-08-09 19:20 . 2008-12-16 01:39 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-09 19:13 . 2009-06-15 10:30 81149 ----a-w- c:\programdata\nvModes.dat
2009-08-09 09:35 . 2009-06-21 09:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-08 06:50 . 2009-06-15 13:17 -------- d-----w- c:\programdata\Spyware Terminator
2009-08-08 06:50 . 2009-06-15 13:17 -------- d-----w- c:\program files\Spyware Terminator
2009-08-07 19:48 . 2009-06-16 07:15 -------- d-----w- c:\program files\WinClamAVShield
2009-08-03 20:16 . 2009-06-23 12:13 -------- d-----w- c:\users\TereSka\AppData\Roaming\uTorrent
2009-08-03 11:36 . 2009-07-10 06:59 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-07-10 06:59 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 08:12 . 2009-06-15 13:17 -------- d-----w- c:\users\TereSka\AppData\Roaming\Spyware Terminator
2009-07-18 16:06 . 2009-08-01 12:47 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-08-01 12:47 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-08-01 12:47 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-16 08:12 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-14 19:49 . 2008-12-16 01:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-10 07:42 . 2009-07-10 07:38 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-10 07:25 . 2009-07-10 07:25 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2009-07-10 07:25 . 2009-07-10 07:25 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2009-07-10 07:25 . 2009-07-10 07:25 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-07-10 07:00 . 2009-07-10 07:00 3561743 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-09 13:13 . 2009-07-09 13:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-07-07 07:26 . 2009-06-15 20:19 -------- d-----w- c:\program files\Google
2009-06-29 14:30 . 2009-06-29 14:31 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-29 14:18 . 2009-06-29 14:18 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-06-29 14:18 . 2009-06-29 14:18 737280 ----a-w- c:\windows\iun6002.exe
2009-06-27 17:14 . 2009-06-27 17:14 -------- d-----w- c:\users\TereSka\AppData\Roaming\vlc
2009-06-27 17:14 . 2009-06-27 17:14 -------- d-----w- c:\program files\VideoLAN
2009-06-27 11:37 . 2009-06-27 11:37 514888 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-24 21:04 . 2009-06-24 21:04 -------- d-----w- c:\users\TereSka\AppData\Roaming\CyberLink
2009-06-24 16:53 . 2009-06-24 16:53 -------- d-----w- c:\users\TereSka\AppData\Roaming\RadLight Company
2009-06-24 16:53 . 2009-06-24 16:53 -------- d-----w- c:\program files\RadLight Company
2009-06-24 11:00 . 2009-06-24 11:00 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-06-23 12:13 . 2009-06-23 12:13 -------- d-----w- c:\program files\uTorrent
2009-06-23 07:56 . 2009-06-23 07:40 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-06-22 18:04 . 2009-06-21 18:11 -------- d-----w- c:\program files\QIP
2009-06-22 08:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-22 08:48 . 2008-12-16 01:17 -------- d-----w- c:\program files\Norton Internet Security
2009-06-22 08:48 . 2008-12-16 01:53 -------- d-----w- c:\programdata\CyberLink
2009-06-22 08:48 . 2008-12-16 01:17 -------- d-----w- c:\programdata\Norton
2009-06-22 08:41 . 2008-12-16 01:17 -------- d-----w- c:\program files\NortonInstaller
2009-06-22 07:59 . 2009-06-22 07:59 -------- d-----w- c:\users\TereSka\AppData\Roaming\Macrovision
2009-06-22 07:56 . 2008-12-16 02:57 -------- d-----w- c:\program files\SMINST
2009-06-22 07:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-21 15:39 . 2009-06-21 15:38 -------- d-----w- c:\users\Matej\AppData\Roaming\Spyware Terminator
2009-06-21 15:39 . 2009-06-21 15:39 -------- d-----w- c:\users\Matej\AppData\Roaming\DigitalPersona
2009-06-21 15:38 . 2009-06-21 15:38 71776 ----a-w- c:\users\Matej\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-21 10:00 . 2009-06-15 18:31 -------- d-----r- c:\program files\Skype
2009-06-21 10:00 . 2009-06-15 18:25 -------- d-----w- c:\programdata\ICQ
2009-06-21 09:40 . 2009-06-16 07:27 -------- d-----w- c:\program files\Eset
2009-06-21 09:25 . 2009-06-21 09:25 -------- d-----w- c:\users\TereSka\AppData\Roaming\Malwarebytes
2009-06-21 09:25 . 2009-06-21 09:25 -------- d-----w- c:\programdata\Malwarebytes
2009-06-21 09:11 . 2009-06-15 09:19 71776 ----a-w- c:\users\TereSka\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-16 08:17 . 2009-06-15 09:15 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-16 08:17 . 2009-06-16 08:17 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-16 07:44 . 2008-12-16 02:25 -------- d-----w- c:\program files\Java
2009-06-15 19:07 . 2009-06-15 19:07 -------- d-----w- c:\users\TereSka\AppData\Roaming\Samsung
2009-06-15 18:59 . 2009-06-15 09:57 -------- d-----w- c:\program files\Samsung
2009-06-15 18:49 . 2009-06-15 18:32 -------- d-----w- c:\users\TereSka\AppData\Roaming\Skype
2009-06-15 18:33 . 2009-06-15 18:33 -------- d-----w- c:\users\TereSka\AppData\Roaming\skypePM
2009-06-15 18:31 . 2009-06-15 18:31 -------- d-----w- c:\programdata\Skype
2009-06-15 17:18 . 2009-06-15 17:18 -------- d-----w- c:\program files\MSXML 4.0
2009-06-15 09:51 . 2008-12-16 01:18 -------- d-----w- c:\programdata\Symantec
2009-06-15 09:20 . 2009-06-15 09:20 -------- d-----w- c:\users\TereSka\AppData\Roaming\DigitalPersona
2009-06-15 09:17 . 2009-06-15 09:17 -------- d-----w- c:\users\TereSka\AppData\Roaming\Hewlett-Packard
2009-06-15 09:16 . 2009-06-15 09:16 -------- d-----w- c:\program files\Microsoft Works
2009-06-15 09:14 . 2009-06-15 09:14 -------- d-----w- c:\program files\MSN Messenger
2009-06-15 09:13 . 2009-06-15 09:13 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv6 Notebook PC_Y5335KV_0U_QCNF9022XPT_E506288-223_4A_I3629_SQuanta_V18.0B_F.02_T081114_WV3-1_L405_M2045_J320_7Intel_867A_92.00_#081216_N10EC8168;14E44315_(NG679EA#AKB)_XMOBILE_CN10_Z_2F.02.MRK
2009-06-15 09:12 . 2009-06-15 09:12 -------- d-sh--we c:\programdata\Plocha
2009-06-15 09:12 . 2009-06-15 09:12 -------- d-sh--we c:\programdata\Oblíbené položky
2009-06-15 09:12 . 2009-06-15 09:12 -------- d-sh--we c:\programdata\Šablony
2009-06-15 09:12 . 2009-06-15 09:12 -------- d-sh--we c:\programdata\Nabídka Start
2009-06-15 09:12 . 2009-06-15 09:12 -------- d-sh--we c:\programdata\Dokumenty
2009-06-15 09:12 . 2009-06-15 09:12 -------- d-sh--we c:\programdata\Data aplikací
2009-06-03 18:43 . 2009-06-03 18:43 407040 ----a-w- c:\windows\system32\drivers\stwrt.sys
2009-06-03 18:43 . 2009-06-03 18:43 405504 ----a-w- c:\windows\system32\stcplx.dll
2009-06-03 18:43 . 2008-12-16 01:47 536576 ----a-w- c:\windows\system32\idtmini1.exe
2009-06-03 18:43 . 2008-12-16 01:47 450652 ----a-w- c:\windows\sttray.exe
2009-06-03 18:43 . 2008-12-16 01:47 3567616 ----a-w- c:\windows\system32\stlang.dll
2009-06-03 18:43 . 2008-12-16 01:47 175104 ----a-w- c:\windows\system32\staco.dll
2009-06-03 18:43 . 2008-12-16 01:46 914432 ----a-w- c:\windows\system32\stapo.dll
2009-06-03 18:43 . 2008-12-16 01:46 483840 ----a-w- c:\windows\system32\stapi32.dll
2008-12-16 09:35 . 2008-12-16 09:17 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\TereSka\AppData\Roaming\dvdcss ----

2009-07-21 18:20 . 2009-08-03 10:27 199 ----a-w- c:\users\TereSka\AppData\Roaming\dvdcss\CACHEDIR.TAG


((((((((((((((((((((((((((((( SnapShot@2009-08-09_12.17.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-15 09:12 . 2009-08-09 12:27 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-15 09:12 . 2009-08-09 12:16 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-15 09:12 . 2009-08-09 12:16 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-15 09:12 . 2009-08-09 12:27 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-15 09:12 . 2009-08-09 12:16 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-15 09:12 . 2009-08-09 12:27 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-15 09:14 . 2009-08-09 19:23 7622 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1596429513-3520882811-2705392460-1000_UserData.bin
+ 2009-06-15 10:30 . 2009-08-09 19:12 383534 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 13:05 . 2009-08-09 19:23 110862 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2009-08-09 18:44 587178 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-08-09 12:11 587178 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-08-09 18:44 101250 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-08-09 12:11 101250 c:\windows\System32\perfc009.dat
+ 2008-12-16 02:36 . 2009-08-09 19:20 145520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-08-09 19:20 . 2009-08-09 19:20 462848 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
- 2009-08-09 12:14 . 2009-08-09 12:14 462848 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-09 19:20 . 2009-08-09 19:20 700416 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
- 2009-08-09 12:14 . 2009-08-09 12:14 700416 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
- 2009-08-09 12:14 . 2009-08-09 12:14 155648 c:\windows\ERDNT\subs\Users\00000002\ntuser.dat
+ 2009-08-09 19:20 . 2009-08-09 19:20 155648 c:\windows\ERDNT\subs\Users\00000002\ntuser.dat
- 2009-08-09 12:14 . 2009-08-09 12:14 155648 c:\windows\ERDNT\subs\Users\00000001\ntuser.dat
+ 2009-08-09 19:20 . 2009-08-09 19:20 155648 c:\windows\ERDNT\subs\Users\00000001\ntuser.dat
+ 2009-08-09 19:20 . 2009-08-09 19:20 2420736 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-09 19:20 . 2009-08-09 19:20 1572864 c:\windows\ERDNT\subs\Users\00000005\ntuser.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-07-10 3055616]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-19 13593120]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-19 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-24 1348904]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-09-25 1152296]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-09-25 189736]
"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2008-09-24 206120]
"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-09-23 912688]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-09-26 210216]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-07-14 814144]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-29 148888]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-07-10 2173440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0EFAFD4D-3589-42A7-ABB9-BDD989C7F74A}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{22753A40-8723-4D8D-86EE-706869E6E8E6}"= c:\program files\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe:HP TouchSmart Music
"{EE7DF7B4-7052-4069-8E6B-5BF5690BED2D}"= c:\program files\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe:HP TouchSmart Photo
"{CA081895-66C8-4A75-B32D-6D4819C95776}"= c:\program files\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe:HP TouchSmart Video
"{3DD4FA28-327A-4BE4-81DC-8E981945AE4F}"= c:\program files\Hewlett-Packard\Media\DVD\TSMAgent.exe:HP TouchSmart Media Resident Program
"{9B67E725-3767-4C94-A820-0728E1FEEAFB}"= c:\program files\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe:CyberLink Media Service
"{A45CFAA3-881F-4EF9-997D-EFA667BC851F}"= c:\program files\Hewlett-Packard\Media\DVD\HPDVDSmart.exe:HP MediaSmart DVD
"{8C608369-2C57-4F67-99FB-79E5602E44B0}"= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe:HP TouchSmart Music
"{3C179A8F-19F6-4BDD-885E-9A1E5491EE12}"= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe:HP TouchSmart Photo
"{C24E1B14-1A75-4F1C-85D3-EC8A73354ECC}"= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe:HP TouchSmart Video
"{6BFB595A-ABD0-4C8C-969B-944D3DE7F194}"= c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe:HP TouchSmart Media Resident Program
"{C992C585-2380-4C4D-A95C-ACB589FEAEA3}"= c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe:CyberLink Media Service
"{35733EBD-E72F-4BBE-943B-C46246ECBB8E}"= c:\program files\Hewlett-Packard\Media\TV\QP.exe:Quick Play
"{A2A7390D-FA7A-486E-A716-9B1DABAA1F2A}"= c:\program files\Hewlett-Packard\Media\TV\QPService.exe:Quick Play Resident Program
"{37B42DE4-0670-405A-82FD-F56B95DCBB5D}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{F5BFE4AF-7EB7-40B0-98EA-31BF264961F1}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{F88B552A-A5DD-4908-9EB9-CE177FDB1D30}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{E9E7E8F4-79DB-4660-9F4D-1E4E464A3AC1}c:\\program files\\radlight company\\radlight 4.0\\rlkernel.exe"= UDP:c:\program files\radlight company\radlight 4.0\rlkernel.exe:Kernel Executable
"UDP Query User{82974325-E800-4B59-82F1-1330E278190D}c:\\program files\\radlight company\\radlight 4.0\\rlkernel.exe"= TCP:c:\program files\radlight company\radlight 4.0\rlkernel.exe:Kernel Executable
"TCP Query User{75835042-6214-4225-A53C-D03701DE296A}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= UDP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"UDP Query User{026BDE04-200E-4697-998D-71253599F48B}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= TCP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"TCP Query User{B3B9035F-8952-48C9-877A-CBCEB1D79488}c:\\windows\\explorer.exe"= UDP:c:\windows\explorer.exe:Průzkumník Windows
"UDP Query User{7AE608F9-9948-4DC6-B9A8-790B03892B69}c:\\windows\\explorer.exe"= TCP:c:\windows\explorer.exe:Průzkumník Windows

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [10.7.2009 9:25 142592]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\Hewlett-Packard\Media\DVD\000.fcl [26.9.2008 3:36 59376]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\AEstSrv.exe [2.3.2009 18:43 81920]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [18.3.2008 17:24 19456]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [16.12.2008 3:18 115560]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [16.12.2008 4:57 365952]
R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [24.9.2008 19:08 296320]
R2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [24.9.2008 19:08 116096]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\System32\vfsFPService.exe [16.9.2008 11:33 599344]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [16.12.2008 3:31 193840]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [4.9.2008 19:47 54784]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [6.8.2008 5:29 44576]
R3 vfs101x;vfs101x;c:\windows\System32\drivers\vfs101x.sys [16.9.2008 11:33 40752]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [7.8.2008 19:01 97536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Doplňkový sken -------
.
uStart Page = start.qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: Hledání panelu &AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\cs-CZ\local\search.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\TereSka\AppData\Roaming\Mozilla\Firefox\Profiles\vkp05isg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatche ... 60341&qkw=
FF - component: c:\program files\DigitalPersona\Bin\firefoxext\components\dpffcli.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(692)
c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(2680)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btmmhook.dll
c:\program files\DigitalPersona\Bin\DpoSet.dll
c:\windows\system32\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\wlanext.exe
c:\windows\System32\rundll32.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\System32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Celkový čas: 2009-08-09 21:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-09 19:30
ComboFix2.txt 2009-08-09 12:26

Před spuštěním: Volných bajtů: 234 054 651 904
Po spuštění: Volných bajtů: 233 946 021 888

354 --- E O F --- 2009-08-07 15:27







a tady HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:31, on 8.8.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WerCon.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\WerFault.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=explorer.exe rundll32.exe tapi.nfo beforeglav
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,
O1 - Hosts: ::1 localhost
O1 - Hosts: 195.24.78.186 browser-secure.microsoft.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\TereSka\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [winsvc32] winsvc32.exe
O4 - HKLM\..\Run: [sj] explorer.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [userinit] C:\Users\Pavlínka\AppData\Roaming\sdra64.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Funkčnost aplikací AeLookupSvcAeLookupSvcAESTFilters (AeLookupSvcAeLookupSvcAESTFilters) - Unknown owner - C:\Windows\TEMP\lljcmircqw.exe
O23 - Service: Funkčnost aplikací AeLookupSvcAESTFilters (AeLookupSvcAESTFilters) - Unknown owner - C:\Windows\TEMP\wocidcagbv.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 12148 bytes


Počítač už se spouští v pohodě, zdá se, že všecko pracuje taky správně, jen ten WinClamAVShield se mi nepodařilo odinstalovat..když dám odebrat programy tak se mi tam nic takového nenabízí..
jinak díky moc za rady