prosím o kontrolu logu HJT Vyřešeno

[Damned]

Zapnout IE. Nástroje --> Možnosti Internetu --> Připojení --> Instalace nebo nastavení.

V logu z HJT jsou jen drobnosti, ta se odstraní na závěr.

V Combofixu není nic. Toto C:\found.000 můžeš odstranit ručně.

Nevidím tam žádnou chybu a co jsem to konzultoval i postup byl také správný.

[Reklama]

[John.Ross]

reinstaloval jsem ovladač Realtek ikdyž hlásil že jede ok, tak už jsem rozchodil IE. Ted se snažím rozhýbat nod protože hlásí že .... analýza aplikačních protokolů nebude funkční (pop3, http). Asi taky tipuji reinstal.


Jak odstranit Toto C:\found.000 můžeš odstranit ručně.

[Damned]

Proveď tedy po reinstalaci NODu.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

File::
C:\found.000

Folder::
C:\found.000



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT


V XP je to v cleanmgr. Ve Vistě netuším.

[John.Ross]

Mezi těmito kroky jednou zatuhl, no nicméně log z Comba


ComboFix 09-06-08.03 - Jakub 09.06.2009 18:17.6 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.3068.2048 [GMT 2:00]
Spuštěný z: c:\users\Jakub\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jakub\Desktop\CFScript.txt.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active


FILE ::
"C:\found.000"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\found.000
c:\found.000\dir0000.chk\18522
c:\found.000\dir0000.chk\20622
c:\found.000\dir0000.chk\25209

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-09 do 2009-06-09 )))))))))))))))))))))))))))))))
.

2009-06-09 16:20 . 2009-06-09 16:20 -------- d-----w- C:\temp
2009-06-09 16:20 . 2009-06-09 16:20 -------- d-----w- \temp
2009-06-09 16:15 . 2009-06-09 16:21 -------- d-s---w- \ComboFix
2009-06-09 14:40 . 2009-06-09 16:17 -------- d---a-w- \Qoobox
2009-06-04 14:41 . 2009-06-04 14:41 -------- d-----w- c:\users\Jakub\AppData\Roaming\IObit
2009-05-30 13:26 . 2009-05-30 13:26 -------- d-----w- c:\programdata\TuneUp Software
2009-05-29 19:00 . 2009-06-09 16:12 3218296832 --sha-w- \hiberfil.sys
2009-05-29 18:37 . 2009-05-29 18:37 -------- d-----w- c:\users\Jakub\AppData\Local\Abelssoft
2009-05-29 18:36 . 2009-05-30 13:05 -------- d-----w- c:\program files\CheckDrive
2009-05-29 18:24 . 2009-06-09 14:13 -------- d-----w- c:\program files\HD Tune Pro
2009-05-27 19:47 . 2009-05-27 19:47 -------- d-----w- c:\windows\system32\EventProviders
2009-05-25 16:19 . 2009-05-25 16:19 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-21 19:12 . 2009-05-21 19:12 -------- d-----w- c:\users\Jakub\Bluetooth Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 16:14 . 2009-03-29 15:39 117760 ----a-w- c:\users\Jakub\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-09 16:12 . 2009-05-29 19:00 3218296832 --sha-w- \hiberfil.sys
2009-06-09 16:12 . 2008-09-26 23:08 3532079104 --sha-w- \pagefile.sys
2009-06-09 15:56 . 2008-07-03 08:14 45226 ----a-w- c:\windows\system32\perfh005.dat
2009-06-09 15:56 . 2008-07-03 08:14 11232 ----a-w- c:\windows\system32\perfc005.dat
2009-06-09 14:16 . 2009-03-11 15:41 -------- d-----w- c:\program files\ESET
2009-06-08 22:58 . 2009-06-08 22:58 154715 ----a-w- c:\programdata\nvModes.dat
2009-06-08 10:54 . 2009-03-29 21:00 -------- d-----w- c:\users\Jakub\AppData\Roaming\gtk-2.0
2009-06-04 15:16 . 2008-12-11 09:31 -------- d-----w- c:\program files\Microsoft Works
2009-06-04 15:16 . 2008-12-31 16:50 -------- d-----w- c:\users\Jakub\AppData\Roaming\Vso
2009-06-04 15:15 . 2008-09-26 23:18 -------- d-----w- c:\program files\IDT
2009-05-30 13:12 . 2008-07-02 22:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-30 13:05 . 2009-05-29 18:36 -------- d-----w- c:\program files\CheckDrive
2009-05-29 18:16 . 2009-03-29 17:55 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-28 06:29 . 2009-03-28 20:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-25 16:19 . 2008-07-02 23:47 -------- d-----w- c:\program files\Java
2009-05-17 15:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-03 20:28 . 2009-04-11 09:21 -------- d-----w- c:\program files\Windows Live Safety Center
2009-05-02 07:57 . 2009-05-02 07:51 -------- d-----w- c:\users\Jakub\AppData\Roaming\DAEMON Tools Lite
2009-05-02 07:51 . 2009-05-02 07:51 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-04-23 12:38 . 2008-12-11 09:40 104240 ----a-w- c:\users\Jakub\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-20 17:14 . 2008-07-02 22:31 -------- d-----w- c:\program files\Hewlett-Packard
2009-03-31 13:35 . 2009-04-27 16:13 17160 ----a-w- c:\windows\Help\OEM\scripts\HC_TotalCareAdvisorUpdate.exe
2009-03-30 20:51 . 2009-03-30 20:51 131072 ----a-w- c:\users\Jakub\AppData\Roaming\Netscape\Plugins\npPxPlay.dll
2009-03-30 20:51 . 2009-03-30 20:51 131072 ----a-w- c:\users\Jakub\AppData\Roaming\Mozilla\Plugins\npPxPlay.dll
2009-03-30 15:30 . 2009-04-27 16:13 17160 ----a-w- c:\windows\Help\OEM\scripts\HC_DanzkaDubraBIOSUpdate.exe
2009-03-29 12:10 . 2008-12-31 16:50 47360 ----a-w- c:\users\Jakub\AppData\Roaming\pcouffin.sys
2009-03-29 12:10 . 2008-12-31 16:50 47360 ----a-w- c:\users\Jakub\AppData\Roaming\pcouffin.sys
2009-03-26 14:49 . 2009-03-29 16:04 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 14:49 . 2009-03-29 16:04 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-03-17 03:38 . 2009-04-14 20:36 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-14 20:36 24064 ----a-w- c:\windows\system32\amxread.dll
2008-12-11 14:23 . 2008-12-11 14:23 22 --sha-w- c:\windows\SMINST\HPCD.sys
2008-07-03 08:16 . 2008-07-03 08:16 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-06-09_14.44.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-06-09 15:53 55530 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-11 11:27 . 2009-06-09 16:15 12438 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4233112114-2908975901-500652448-1000_UserData.bin
+ 2009-06-09 15:54 . 2009-06-09 15:54 10134 c:\windows\Installer\{BBC8862B-BFC8-475D-9BB8-93289703BD33}\callmsi.exe
- 2009-04-13 07:31 . 2009-04-13 07:31 10134 c:\windows\Installer\{BBC8862B-BFC8-475D-9BB8-93289703BD33}\callmsi.exe
+ 2006-11-02 10:33 . 2009-06-09 15:56 4696 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-09 14:24 4696 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-09 14:24 4504 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-06-09 15:56 4504 c:\windows\System32\perfc009.dat
- 2009-06-09 14:32 . 2009-06-09 14:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-09 15:50 . 2009-06-09 16:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-06-09 14:32 . 2009-06-09 14:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-06-09 15:50 . 2009-06-09 16:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2009-06-09 16:15 127776 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-06-09 15:54 . 2009-06-09 15:54 101480 c:\windows\Installer\{BBC8862B-BFC8-475D-9BB8-93289703BD33}\egui.exe
- 2009-04-13 07:31 . 2009-04-13 07:31 101480 c:\windows\Installer\{BBC8862B-BFC8-475D-9BB8-93289703BD33}\egui.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-02-25 2387968]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-28 1830128]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-12 699456]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-23 468264]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-25 148888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-16 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" /background
"ehTray.exe"=c:\windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"QuickTime Task"="F:\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CB9C536F-FF52-488B-B5B9-FC0434B0D0DD}"= Profile=Private|c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{CDFE03D6-0EF7-4D92-8413-AC65DB8E7229}"= Profile=Private|c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{A9F2AFE6-D790-4FC9-8B88-6DFDCD984C3C}"= Profile=Private|c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{B8596434-9F63-495E-83CA-B0DE49A76E14}"= Profile=Private|c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{1C5617A2-7F95-4690-92FA-5AA2C7B73777}"= Disabled:c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{97F84479-F4B7-4F99-AC82-4DAE792F47D1}"= Disabled:c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{FDE18A1E-BDB6-4FC1-BC9D-099EF9F4820E}"= Disabled:c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{2018C3C1-E123-47AA-8E53-7561E0ABDE9C}"= Disabled:c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{BDF7A2A5-C25B-4608-80E1-14075376D38F}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{1E23EE0E-A502-4F7C-A5CF-43B23FA0F636}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DBDC052F-A5A4-4128-8808-9E63982E30E9}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{4295A689-8A9B-4583-B62B-E2322E78B5BF}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DD2B442F-4410-47E0-A380-BA9FF5136E77}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8601FCAD-AFBF-4472-A816-157C9B734B63}"= UDP:c:\program files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{356F7D1F-7BB1-49CB-B681-99D3B41519BD}"= TCP:c:\program files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{77ED968A-06D5-43F4-83C1-ECE5963A5C24}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{28E2F840-1FE0-4B31-BCD0-E87C87C2135C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23.3.2009 14:07 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23.3.2009 14:07 72944]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe [27.9.2008 1:18 73728]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [6.2.2009 14:24 92800]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [18.3.2008 16:24 24880]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [22.8.2008 16:32 361808]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\System32\vfsFPService.exe [26.3.2008 18:27 595248]
R3 AVerAF15;HP DVB-T TV Tuner;c:\windows\System32\drivers\AVerAF15.sys [27.9.2008 1:23 280192]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [3.7.2008 1:00 193840]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [24.1.2008 15:23 52736]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [1.4.2008 13:14 81296]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [23.5.2008 5:29 43552]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23.3.2009 14:07 7408]
R3 vfs101x;vfs101x;c:\windows\System32\drivers\vfs101x.sys [26.3.2008 18:28 40752]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\System32\regedt32.exe [2.11.2006 10:32 9216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-06-09 c:\windows\Tasks\AWC Startup.job
- f:\programy\Advanced SystemCare 3\AWC.exe [2009-06-04 19:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Hledání panelu &AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\cs-CZ\local\search.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 18:20
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(688)
c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(4636)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btmmhook.dll
.
Celkový čas: 2009-06-09 18:22
ComboFix-quarantined-files.txt 2009-06-09 16:22

Před spuštěním: Volných bajtů: 124 838 477 824
Po spuštění: Volných bajtů: 124 745 625 600

240 --- E O F --- 2009-06-08 18:02



a log z HJT


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:33:48, on 9.6.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
F:\programy\Advanced SystemCare 3\AWC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Hledání panelu &AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\cs-CZ\local\search.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 9384 bytes

[Damned]

V logách nevidím už nic špatného.

Spusť si HJT a fixni:

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - Global Startup: Bluetooth.lnk = ?

[Damned]

Ještě se mrkni do této složky: c:\windows\system32\EventProviders znáš jí?

[John.Ross]

provedeno.


Zmiňovanou složku neznám.....

[Damned]

Tak se do ní podíváme.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

DirLook::
c:\windows\system32\EventProviders



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[John.Ross]

takže vlákno odfajfku, jako ok, protože včera se mi nasral na noťasa brácha a provedl reinstal konplet systému bez mého vědomí ( dvěma DVD - obnova systému, co se dělá záloha hned po koupi notasa) a je not. v továrním nastavení a ten jouda mi ale smázl vše co bylo v kompu od fotek až po ... porno.

Asi blbá otázka, jde to nějak získat zpět, veškerá data(fotky a dokumenty atd.) co byla v notasu před provedením tohoto drsného kroku?????????

[Damned]

Pokud provedl formát, tak asi už ne.

Zkusit hledat software s názvy: Restor, Restoration, Undelete, (File,Disk, NTFS,FAT) Recovery. Ale po formátu bych moc nevěřil.