Infostealer.Gampass aneb jak se te infekce zbavit?!

[jaro3]

Jedná se mi hlavně o toto:
c:\windows\System32\drivers\mchInjDrv.sys
V logu z CF je, zkus to znovu na VirusTotal, kouknu se zítra , dnes už ne..

[Reklama]

[Jerryan]

jo jinak ten SpywareHunter se cirou náhodou už odinstalovala, se Spybotem udělám tedy taky krátký proces (jen tak mimochodem, znamená to že ten ResetTeaTimer.bat soubor už nebude třeba?!) a budu spoléhat jen na Nortona, ačkoli..no doufejme že má pořádný brnění..jak se mi sem ale dostal ten Infostealer

[Jerryan]

kdepak, ani tam ani onde, proste nic "0 bytes size received"

nic, zkusím to zase přes ty logy..

[Jerryan]

ComboFix 09-02-10.01 - Jerryan 2009-02-10 22:14:50.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1029.18.3070.1941 [GMT 1:00]
Spuštěný z: c:\users\Jerryan\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jerryan\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *enabled*
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\acovcnt.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-10 do 2009-02-10 )))))))))))))))))))))))))))))))
.

2009-02-10 10:36 . 2009-02-10 10:36 <DIR> d-------- c:\program files\Enigma Software Group
2009-02-10 02:01 . 2009-02-10 02:01 <DIR> d-------- c:\programdata\Symantec Temporary Files
2009-02-09 23:07 . 2009-02-09 23:07 <DIR> d-------- c:\users\Jerryan\AppData\Roaming\Malwarebytes
2009-02-09 23:07 . 2009-02-09 23:07 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-09 23:07 . 2009-02-10 00:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-09 23:07 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-09 23:07 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-09 21:34 . 2009-02-09 21:34 <DIR> d-------- c:\program files\Trend Micro
2009-02-09 04:04 . 2009-02-09 04:04 <DIR> d-------- c:\users\Jerryan\AppData\Roaming\DivX
2009-02-09 00:29 . 2009-02-09 00:29 <DIR> d-------- c:\program files\Common Files\PX Storage Engine
2009-02-09 00:28 . 2009-02-09 00:29 <DIR> d-------- c:\program files\DivX
2009-02-07 21:36 . 2009-02-10 16:00 <DIR> d-------- c:\users\Jerryan\AppData\Roaming\skypePM
2009-02-07 21:36 . 2009-02-07 21:36 56 --ah----- c:\programdata\ezsidmv.dat
2009-02-07 21:32 . 2009-02-10 17:42 <DIR> d-------- c:\users\Jerryan\AppData\Roaming\Skype
2009-02-07 21:31 . 2009-02-07 21:31 <DIR> d-------- c:\programdata\Skype
2009-02-07 21:31 . 2009-02-07 21:31 <DIR> dr------- c:\program files\Skype
2009-02-07 21:31 . 2009-02-07 21:31 <DIR> d-------- c:\program files\Common Files\Skype
2009-01-31 12:28 . 2009-01-31 12:28 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-01-24 08:06 . 2009-01-24 08:07 <DIR> d-------- c:\program files\The KMPlayer
2009-01-15 12:22 . 2009-01-15 12:24 <DIR> d-------- c:\users\Jerryan\AppData\Roaming\Vso
2009-01-15 12:22 . 2009-01-15 12:22 47,360 --a------ c:\windows\System32\drivers\pcouffin.sys
2009-01-15 12:22 . 2009-01-15 12:22 47,360 --a------ c:\users\Jerryan\AppData\Roaming\pcouffin.sys
2009-01-15 12:21 . 2009-01-15 12:22 <DIR> d-------- c:\program files\DVDFab 5
2009-01-14 19:41 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-13 10:02 . 2009-01-13 10:02 <DIR> d-------- c:\programdata\LightScribe
2009-01-13 00:20 . 2009-02-09 00:28 28,029 --a------ c:\programdata\nvModes.dat
2009-01-10 09:55 . 2009-01-10 09:55 <DIR> d-------- c:\program files\Perry Rhodan

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 01:24 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-10 01:23 --------- d-----w c:\programdata\Symantec
2009-02-06 17:36 --------- d-----w c:\program files\QIP
2009-01-28 12:56 --------- d-----w c:\users\Jerryan\AppData\Roaming\COWON
2009-01-24 09:20 --------- d-----w c:\program files\JetAudio
2009-01-15 05:53 --------- d-----w c:\program files\Windows Mail
2009-01-12 23:24 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-12 23:24 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-12 23:24 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-12 23:24 --------- d-----w c:\program files\Symantec
2009-01-08 06:39 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-08 06:39 --------- d-----w c:\program files\Common Files\COWON
2009-01-08 06:38 --------- d-----w c:\users\Jerryan\AppData\Roaming\InstallShield
2009-01-07 14:36 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-01-07 13:10 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-07 10:51 --------- d-----w c:\programdata\InstallShield
2009-01-07 10:50 --------- d-----w c:\users\Jerryan\AppData\Roaming\Games
2009-01-07 10:50 --------- d-----w c:\program files\AGEIA Technologies
2009-01-07 10:49 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-07 10:48 278,984 ----a-w c:\windows\system32\drivers\atksgt.sys
2009-01-07 10:48 25,416 ----a-w c:\windows\system32\drivers\lirsgt.sys
2009-01-07 10:38 --------- d-----w c:\program files\Hypermax
2009-01-07 10:38 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-04 22:59 0 ----a-w c:\windows\system32\drivers\1043_ASUSTeK_M50Vc.alu
2009-01-04 22:49 --------- d-----w c:\users\Jerryan\AppData\Roaming\Symantec
2009-01-04 22:47 --------- d-----w c:\program files\Common Files\Adobe
2008-12-11 00:33 86,016 ----a-w c:\windows\System32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\System32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\System32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\System32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\System32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\System32\dpu11.dll
2008-07-02 02:28 61,440 ----a-w c:\program files\Common Files\CPInstallAction.dll
2008-05-22 16:35 51,962 ----a-w c:\program files\Common Files\banner.jpg
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2007-06-12 17:34 35,822 ----a-w c:\program files\Common Files\ASPG_icon.ico
2008-06-30 12:44 324,976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-10-25 20:14 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-02-10_18.38.53.86 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-10 17:37:14 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-10 21:17:57 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-10 21:17:57 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-02-10 17:37:14 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-10 21:17:57 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-10 21:17:57 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-02-10 17:31:27 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-10 20:43:43 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-10 17:31:27 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-10 20:43:43 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-10 17:31:27 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-10 20:43:43 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-10 17:33:35 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-02-10 21:14:21 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2009-02-10 17:15:59 5,508 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3140138334-4014820688-2106943853-1000_UserData.bin
+ 2009-02-10 19:46:27 6,048 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3140138334-4014820688-2106943853-1000_UserData.bin
- 2009-02-10 17:15:59 90,790 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-10 19:46:26 91,028 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-10 17:15:58 36,942 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-10 19:46:25 37,210 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-25 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-25 30192]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-25 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-25 92704]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-08-19 159744]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2008-10-25 3054136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-16 1029416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALuNotify.exe" [2008-02-09 152952]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-07-30 752168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1374298C-0AF8-4CFB-B299-7C016418CE75}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7B6CD2D2-B257-40A7-BE29-924A1731216A}"= c:\program files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [2008-10-25 15416]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090129.001\IDSvix86.sys [2009-01-30 270384]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2008-10-25 72192]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2008-01-21 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2008-01-21 21504]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-06 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-05 99376]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [2008-10-25 54784]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-06-25 3662848]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-06-25 44064]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2008-06-13 41008]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2008-10-25 29736]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [2008-01-12 23888]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-25 30192]
S3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [2008-10-25 110576]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-02-10 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Jerryan.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 08:04]

2009-02-10 c:\windows\Tasks\User_Feed_Synchronization-{C87680E1-311A-485B-9285-6EA553FA4531}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 03:24]
.
.
------- Doplňkový sken -------
.
uStart Page = www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=ASUS
FF - ProfilePath - c:\users\Jerryan\AppData\Roaming\Mozilla\Firefox\Profiles\lwfu7pxk.default\
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 22:18:00
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(676)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll

- - - - - - - > 'Explorer.exe'(6100)
c:\windows\system32\APSHook.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll
c:\windows\system32\btmmhook.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\program files\ASUS\ATK Hotkey\AsLdrSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\windows\System32\rundll32.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\ASUS CopyProtect\ASPG.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\conime.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
c:\windows\System32\rundll32.exe
c:\program files\Synaptics\SynTP\SynAsus.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Celkový čas: 2009-02-10 22:20:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-02-10 21:20:45
ComboFix2.txt 2009-02-10 19:00:22
ComboFix3.txt 2009-02-10 17:40:29

Před spuštěním: Volných bajtů: 116 177 969 152
Po spuštění: Volných bajtů: 116,134,567,936

258 --- E O F --- 2009-01-15 05:53:14

[Jerryan]

(zase mi na začátku vyskočilo to okno s upozorněním)



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:34:57, on 9.2.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynAsus.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL APSHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\partner.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 9463 bytes

[jaro3]

Máš starý HJT, odinstaluj a smaž všechny HJT , co máš v compu a stáhni nový.
Ještě jeden script v CF(deaktivuj antivir i firewall.):

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=-
"InternetSettingsDisableNotify"=-
-"AutoUpdateDisableNotify"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000


Vlož sem zase log z CF a HJT.
Pokud odinstaluješ Spybot, můžeš smazat ResetTeaTimer.bat

[Jerryan]

HJT mám "Trend Micro HijackThis v2.0.2" a novější verzi nikde ke stáhnutí nevidím..

Než odinstaluju Spybota, mám vrátit některé změny, které jsem s ním udělala..?!

..jdu na ten script, antivir deaktivuju, ale firewall jsem žádný neinstalovala, když by měl ten NIS údajně zvládat i jeho funkci

[jaro3]

Nemyslel jsem novější verzi , ale máš staré datum skenu...musí tam být aktuální datum a čas, odinstaluj Spybota i se zálohama , vše smaž i to Recovery.
NIS má tuším vlastní firewall.

[Jerryan]

chtěla jsem poslat ten log z Combofixu ale.."Vaše zpráva obsahuje 496991 znaků. Maximální povolený počet znaků je 60000."...tak to přiložím..aha tak to nechce vzít ani příponu z notepadu ani z wordu..co teď?!

[jaro3]

Pošli to sem :
http://www.edisk.cz/
a vlož sem jen odkaz na stažení.

[Jerryan]

tady je alespoň jeden z Hijacku..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:46:11, on 13.2.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\conime.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynAsus.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\partner.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 7935 bytes

[jaro3]

Chtělo by to poslat ještě ten log z CF, třeba na ten EDISK.