Problém se samovypínáním- prosím o radu+kontrolu logu Vyřešeno

[DarthM]

Tady jsou oba logy:

Combofix:

ComboFix 10-07-07.02 - DarthMapiik 08.07.2010 19:50:01.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3068.1906 [GMT 2:00]
Spuštěný z: c:\users\DarthMapiik\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\DarthMapiik\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\programdata\nvModes.dat"
"c:\windows\bthservsdp.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\nvModes.dat
c:\windows\bthservsdp.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-08 do 2010-07-08 )))))))))))))))))))))))))))))))
.

2010-07-08 17:56 . 2010-07-08 17:56 -------- d-----w- c:\users\DarthMapiik\AppData\Local\temp
2010-07-08 17:56 . 2010-07-08 17:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-08 17:56 . 2010-07-08 17:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-08 17:38 . 2010-07-08 17:38 -------- d-----w- c:\users\DarthMapiik\AppData\Roaming\Avira
2010-07-08 17:35 . 2010-07-08 17:35 -------- d-----w- c:\programdata\Avira
2010-07-08 17:35 . 2010-07-08 17:35 -------- d-----w- c:\program files\Avira
2010-07-08 17:35 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-08 17:35 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-08 17:35 . 2009-05-11 10:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-08 17:35 . 2009-05-11 10:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-07 20:44 . 2010-07-07 20:44 -------- d-----w- c:\users\DarthMapiik\AppData\Roaming\Ubisoft
2010-07-07 20:38 . 2010-07-07 20:38 -------- d-----w- c:\programdata\Ubisoft
2010-07-07 20:25 . 2010-07-07 20:25 -------- d-----w- c:\program files\Ubisoft
2010-06-25 22:20 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-25 22:20 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-25 22:20 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-25 22:20 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-25 22:20 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-24 14:31 . 2010-06-24 14:31 -------- d-----w- c:\users\DarthMapiik\AppData\Local\Blizzard Entertainment
2010-06-24 01:00 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-24 01:00 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-22 14:15 . 2010-06-22 14:15 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-14 10:40 . 2010-06-14 10:40 -------- d-----w- c:\users\DarthMapiik\AppData\Local\ESET
2010-06-13 15:47 . 2010-06-13 15:47 388096 ----a-r- c:\users\DarthMapiik\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-13 15:47 . 2010-06-13 15:47 -------- d-----w- c:\program files\Trend Micro
2010-06-12 18:53 . 2010-06-12 18:54 -------- d-----w- c:\programdata\Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-08 14:14 . 2009-02-10 16:24 -------- d-----w- c:\users\DarthMapiik\AppData\Roaming\Skype
2010-07-08 14:03 . 2008-12-25 17:06 -------- d-----w- c:\users\DarthMapiik\AppData\Roaming\skypePM
2010-07-07 20:25 . 2008-08-25 07:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-03 09:39 . 2009-10-08 12:50 -------- d-----w- c:\users\DarthMapiik\AppData\Roaming\HpUpdate
2010-06-12 18:59 . 2009-06-06 14:22 -------- d-----w- c:\program files\World of Warcraft
2010-06-10 18:36 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-09 10:34 . 2009-02-07 14:28 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-08 21:00 . 2009-04-12 15:42 -------- d-----w- c:\users\DarthMapiik\AppData\Roaming\BSplayer PRO
2010-05-26 17:06 . 2010-06-09 23:03 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 23:03 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-02 21:33 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-13 01:44 . 2008-08-25 16:52 602086 ----a-w- c:\windows\system32\perfh005.dat
2010-05-13 01:44 . 2008-08-25 16:52 116182 ----a-w- c:\windows\system32\perfc005.dat
2010-05-04 19:15 . 2010-06-09 23:03 834048 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37 . 2010-06-09 23:03 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-01 14:13 . 2010-06-09 23:03 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 14:13 . 2010-05-25 17:50 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 16:43 . 2010-06-24 01:00 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-24 01:00 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-24 01:00 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-24 01:00 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-04-15 16:49 . 2010-05-31 09:03 1335048 ----a-w- c:\windows\Help\OEM\scripts\SamsungHDDFW1HC.exe
2008-12-13 16:26 . 2008-12-13 16:26 22 --sha-w- c:\windows\SMINST\HPCD.sys
2008-08-25 16:57 . 2008-08-25 16:54 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-12 699456]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-25 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-14 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-14 92704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\users\DarthMapiik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Registration Assassin.LNK - c:\program files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe [2010-7-7 967304]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 727592]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f1,5d,29,74,2f,35,ca,01

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-06-06 721904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-27 77824]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-04-27 599344]
S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [2008-06-10 280320]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-08 96856]
S3 NETw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-14 43552]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-04-27 40752]
S4 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S4 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]


--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-07-04 c:\windows\Tasks\HPCeeScheduleForDarthMapiik.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-25 13:14]

2010-07-08 c:\windows\Tasks\User_Feed_Synchronization-{714C6C7C-6E08-4D31-A69A-0A12806FECDD}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Hledání panelu &AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\cs-CZ\local\search.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\DarthMapiik\AppData\Roaming\Mozilla\Firefox\Profiles\qfixrn77.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-08 19:56
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3318421249-2765219606-1610843266-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:08,31,54,20,cd,50,63,43,10,ce,ae,8f,dd,36,c7,36,dd,80,1c,63,e7,
d9,6b,f3,20,68,82,1f,bd,de,9b,c4,43,e5,9d,66,6f,b6,6b,b3,64,44,45,cb,42,5f,\
"rkeysecu"=hex:ad,d5,33,c8,6c,09,84,4e,ab,12,58,4a,94,03,c2,8e
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(716)
c:\windows\system32\DPPWDFLT.dll
.
Celkový čas: 2010-07-08 19:59:18
ComboFix-quarantined-files.txt 2010-07-08 17:59
ComboFix2.txt 2010-07-08 16:09
ComboFix3.txt 2010-06-14 11:11

Před spuštěním: Volných bajtů: 119 736 012 800
Po spuštění: Volných bajtů: 119 671 910 400

- - End Of File - - E1AFAE7A209A55ABE09EB32DC22A3889



HiJackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:00:37, on 8.7.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Registration Assassin.LNK = C:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Hledání panelu &AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\cs-CZ\local\search.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 9584 bytes

[Reklama]

[jaro3]

Odinstaluj:
ICQToolBar
AOL Toolbar

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab


Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Folder::
c:\users\DarthMapiik\AppData\Local\ESET

Driver::
ehdrv
epfwwfp

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[DarthM]

ComboFix:

ComboFix 10-07-07.02 - DarthMapiik 08.07.2010 20:43:08.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3068.1815 [GMT 2:00]
Spuštěný z: c:\users\DarthMapiik\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\DarthMapiik\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\DarthMapiik\AppData\Local\ESET

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EHDRV
-------\Legacy_EPFWWFP
-------\Service_ehdrv
-------\Service_epfwwfp


((((((((((((((((((((((((( Soubory vytvořené od 2010-06-08 do 2010-07-08 )))))))))))))))))))))))))))))))
.

2010-07-08 18:48 . 2010-07-08 18:52 -------- d-----w- c:\users\DarthMapiik\AppData\Local\temp
2010-07-08 18:48 . 2010-07-08 18:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-08 18:48 . 2010-07-08 18:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-08 17:38 . 2010-07-08 17:38 -------- d-----w- c:\users\DarthMapiik\AppData\Roaming\Avira
2010-07-08 17:35 . 2010-07-08 17:35 -------- d-----w- c:\programdata\Avira
2010-07-08 17:35 . 2010-07-08 17:35 -------- d-----w- c:\program files\Avira
2010-07-08 17:35 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-08 17:35 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-08 17:35 . 2009-05-11 10:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-08 17:35 . 2009-05-11 10:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-07 20:44 . 2010-07-07 20:44 -------- d-----w- c:\users\DarthMapiik\AppData\Roaming\Ubisoft
2010-07-07 20:38 . 2010-07-07 20:38 -------- d-----w- c:\programdata\Ubisoft
2010-07-07 20:25 . 2010-07-07 20:25 -------- d-----w- c:\program files\Ubisoft
2010-06-25 22:20 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-25 22:20 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-25 22:20 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-25 22:20 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-25 22:20 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-24 14:31 . 2010-06-24 14:31 -------- d-----w- c:\users\DarthMapiik\AppData\Local\Blizzard Entertainment
2010-06-24 01:00 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-24 01:00 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-22 14:15 . 2010-06-22 14:15 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-13 15:47 . 2010-06-13 15:47 -------- d-----w- c:\program files\Trend Micro
2010-06-12 18:53 . 2010-06-12 18:54 -------- d-----w- c:\programdata\Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-08 18:51 . 2010-07-08 18:19 93035 ----a-w- c:\programdata\nvModes.dat
2010-07-08 14:14 . 2009-02-10 16:24 -------- d-----w- c:\users\DarthMapiik\AppData\Roaming\Skype
2010-07-08 14:03 . 2008-12-25 17:06 -------- d-----w- c:\users\DarthMapiik\AppData\Roaming\skypePM
2010-07-07 20:25 . 2008-08-25 07:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-03 09:39 . 2009-10-08 12:50 -------- d-----w- c:\users\DarthMapiik\AppData\Roaming\HpUpdate
2010-06-13 15:47 . 2010-06-13 15:47 388096 ----a-r- c:\users\DarthMapiik\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-12 18:59 . 2009-06-06 14:22 -------- d-----w- c:\program files\World of Warcraft
2010-06-10 18:36 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-09 10:34 . 2009-02-07 14:28 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-08 21:00 . 2009-04-12 15:42 -------- d-----w- c:\users\DarthMapiik\AppData\Roaming\BSplayer PRO
2010-05-26 17:06 . 2010-06-09 23:03 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 23:03 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-02 21:33 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-13 01:44 . 2008-08-25 16:52 602086 ----a-w- c:\windows\system32\perfh005.dat
2010-05-13 01:44 . 2008-08-25 16:52 116182 ----a-w- c:\windows\system32\perfc005.dat
2010-05-04 19:15 . 2010-06-09 23:03 834048 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37 . 2010-06-09 23:03 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-01 14:13 . 2010-06-09 23:03 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 14:13 . 2010-05-25 17:50 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 16:43 . 2010-06-24 01:00 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-24 01:00 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-24 01:00 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-24 01:00 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-04-15 16:49 . 2010-05-31 09:03 1335048 ----a-w- c:\windows\Help\OEM\scripts\SamsungHDDFW1HC.exe
2008-12-13 16:26 . 2008-12-13 16:26 22 --sha-w- c:\windows\SMINST\HPCD.sys
2008-08-25 16:57 . 2008-08-25 16:54 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-12 699456]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-25 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-14 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-14 92704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\users\DarthMapiik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Registration Assassin.LNK - c:\program files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe [2010-7-7 967304]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 727592]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f1,5d,29,74,2f,35,ca,01

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-06-06 721904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-27 77824]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-04-27 599344]
S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [2008-06-10 280320]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-08 96856]
S3 NETw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-14 43552]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-04-27 40752]


--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - SSMDRV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-07-04 c:\windows\Tasks\HPCeeScheduleForDarthMapiik.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-25 13:14]

2010-07-08 c:\windows\Tasks\User_Feed_Synchronization-{714C6C7C-6E08-4D31-A69A-0A12806FECDD}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Hledání panelu &AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\cs-CZ\local\search.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\DarthMapiik\AppData\Roaming\Mozilla\Firefox\Profiles\qfixrn77.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-08 20:52
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3318421249-2765219606-1610843266-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:08,31,54,20,cd,50,63,43,10,ce,ae,8f,dd,36,c7,36,dd,80,1c,63,e7,
d9,6b,f3,20,68,82,1f,bd,de,9b,c4,43,e5,9d,66,6f,b6,6b,b3,64,44,45,cb,42,5f,\
"rkeysecu"=hex:ad,d5,33,c8,6c,09,84,4e,ab,12,58,4a,94,03,c2,8e
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(692)
c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(3304)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
c:\windows\system32\rundll32.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Celkový čas: 2010-07-08 20:59:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-08 18:59
ComboFix2.txt 2010-07-08 17:59
ComboFix3.txt 2010-07-08 16:09
ComboFix4.txt 2010-06-14 11:11

Před spuštěním: Volných bajtů: 127 073 927 168
Po spuštění: Volných bajtů: 127 103 528 960

- - End Of File - - B0A3501984FC46E32A3B99D0F9BC1276


HiJackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:00:05, on 8.7.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Registration Assassin.LNK = C:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Hledání panelu &AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\cs-CZ\local\search.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 7835 bytes

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Stáhni si ToolsCleaner2( by de A.Rothstein & Dj Quiou )

na plochu a spusť ho.
Klikni na Pt. Restauration (obnova) a poté na OK.
Klikni na Corbeille (koš) a poté na OK.
Klikni na Fichiers temp (temp složky) a poté na OK.
Klikni na Recherche (hledání) a nech Cleaner pracovat. Může se během čištění zastavit , ale nech ho pokračovat.
Když program skončí , klikni na Suppression (odstranění)a odstraň nalezené.
Zavři program.
Program maže i všechny nástroje na odvirování a vytváření logů , které se zde používají (HJT, Combofix, OTM, OTL, OTS atd.)

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.