preventivní kontrolu prosím

John.Ross · Příspěvekod **John.Ross** » 28 čer 2009 23:49

Ahoj zkušení, zejména Jaro3, deamned a všichni co rozumíte HJT........... Smekám.

Prosím o preventívku noťasu. nějak se mi nezdá, je i pomalejší než před reinstalem PC. Holt tvrdý to postup, už to nikdy neudělám.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:26:41, on 28.6.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
F:\Program Files\SUPERAntiSpyware.exe
F:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O13 - Gopher Prefix:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5357541428
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5357803219
O17 - HKLM\System\CCS\Services\Tcpip\..\{D62CDC86-5A44-4B72-984C-157995497023}: NameServer = 213.155.229.197
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SASWINLO.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - F:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - F:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - F:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 6751 bytes

Děkuji za ochotu.

Reklama

Příspěvekod **jaro3** » 29 čer 2009 08:12

Toto jsi tam dával sám:
F:\Program Files\SUPERAntiSpyware.exe ? --smazat
Měl bys to mít takto:
F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O13 - Gopher Prefix:

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

John.Ross · Příspěvekod **John.Ross** » 29 čer 2009 17:11

Ahoj,
jasně "F:\Program Files\SUPERAntiSpyware.exe ? --smazat" špatně umístěno, odinstaloval jsem ho.
Provedl Fix, atd.

Položky

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
jsem zkoušel fixnout, a na dalším scanu HJT jsou zpět.

Přikládám MBAM a nový HJT.

Malwarebytes' Anti-Malware 1.38
Verze databáze: 2347
Windows 6.0.6001 Service Pack 1

29.6.2009 16:53:12
mbam-log-2009-06-29 (16-53-12).txt

Typ skenu: Rychlý sken
Objektu skenováno: 73190
Uplynulý cas: 2 minute(s), 42 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

a HJT po celém procesu. (asi zbytečně ale iniciativně :lol:

)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:56:01, on 29.6.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5357541428
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5357803219
O17 - HKLM\System\CCS\Services\Tcpip\..\{D62CDC86-5A44-4B72-984C-157995497023}: NameServer = 213.155.229.197
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - F:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - F:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - F:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 5914 bytes

Příspěvekod **jaro3** » 29 čer 2009 20:06

takže zkusíme ještě toto:

Vypni rez. ochranu u NOD32.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

John.Ross · Příspěvekod **John.Ross** » 29 čer 2009 21:02

postupoval jsem přesně, spustil jsem Combofix, zhruba minutu jel a najednou Modrá obrazovka, vyfotil jsem ji, tak přikládám.

tak nevím, co se děje.

asi to spraví Basebaaaaaaaaallka :evil:

http://twio.cz/aaww

Příspěvekod **jaro3** » 29 čer 2009 21:26

Ještě počkej , na to je ještě čas..

Zkus spustit Combofix v nouz. režimu.

John.Ross · Příspěvekod **John.Ross** » 29 čer 2009 22:04

Combo mi to vždy tak rozštípe (z mého pohledu), dokonce i připojení, norm. smázne i bránu. to jen mimochodem.

Jinak v nouzáku to pěkně fičí, maká tak jak byl v kondici, nyní je marod a já budu taky.

Tak log z Combofixu.

ComboFix 09-06-29.01 - Jakub 29.06.2009 21:38.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.3068.2648 [GMT 2:00]
Spuštěný z: c:\users\Jakub\Desktop\ComboFix.exe
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Desktop.ini

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-28 do 2009-06-29 )))))))))))))))))))))))))))))))
.

2009-06-29 19:41 . 2009-06-29 19:41 -------- d-----w- c:\users\Jakub\AppData\Local\temp
2009-06-29 14:35 . 2009-06-29 14:35 -------- d-----w- c:\program files\Trend Micro
2009-06-28 20:30 . 2009-06-28 20:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-06-28 20:30 . 2009-06-29 14:27 -------- d-----w- c:\users\Jakub\AppData\Roaming\SUPERAntiSpyware.com
2009-06-28 20:13 . 2009-06-28 20:13 -------- d-----w- c:\users\Jakub\AppData\Roaming\Malwarebytes
2009-06-28 20:12 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-28 20:12 . 2009-06-28 20:12 -------- d-----w- c:\programdata\Malwarebytes
2009-06-28 20:12 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-25 20:30 . 2009-06-25 20:30 -------- d-----w- c:\users\Jakub\AppData\Roaming\mojosoft
2009-06-24 20:27 . 2009-01-09 10:46 39776 ----a-w- c:\windows\system32\DfSdkBt64.exe
2009-06-24 20:27 . 2009-01-09 10:46 33632 ----a-w- c:\windows\system32\DfSdkBt.exe
2009-06-24 20:07 . 2008-06-21 02:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2009-06-24 19:51 . 2006-03-17 12:49 368640 ----a-w- c:\windows\system32\TwnLib4.dll
2009-06-24 19:51 . 2006-03-17 09:45 802816 ----a-w- c:\windows\system32\imagXRA7.dll
2009-06-24 19:51 . 2006-03-17 09:45 497296 ----a-w- c:\windows\system32\imagXpr7.dll
2009-06-24 19:51 . 2006-03-17 09:45 258048 ----a-w- c:\windows\system32\imagXR7.dll
2009-06-24 19:51 . 2006-03-17 09:45 1757184 ----a-w- c:\windows\system32\imagX7.dll
2009-06-24 19:51 . 2009-06-24 19:52 -------- d-----w- c:\program files\Nero8lite
2009-06-24 19:51 . 2009-06-24 19:51 -------- d-----w- c:\programdata\Nero
2009-06-24 16:48 . 2009-06-24 17:06 -------- d-----w- c:\users\Jakub\AppData\Local\The Weather Channel
2009-06-22 05:37 . 2009-06-22 05:37 -------- d-----w- c:\users\Jakub\AppData\Roaming\Nero
2009-06-22 05:37 . 2009-06-22 05:37 -------- d-----w- c:\programdata\LightScribe
2009-06-21 21:34 . 2009-06-21 21:35 -------- d-----w- c:\program files\Adobe(0)
2009-06-20 14:00 . 2009-06-22 16:49 -------- d-----w- c:\program files\The KMPlayer
2009-06-18 20:37 . 2009-06-18 20:37 737280 ----a-w- c:\windows\iun6002.exe
2009-06-18 20:37 . 2009-06-18 20:37 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-06-17 23:48 . 2009-06-18 00:01 -------- d-----w- c:\users\Jakub\AppData\Local\Microsoft Games
2009-06-17 12:44 . 2009-06-24 09:02 -------- d-----w- c:\users\Jakub\AppData\Roaming\CyberLink
2009-06-17 12:44 . 2009-06-17 12:44 -------- d-----w- c:\users\Public\CyberLink
2009-06-14 10:29 . 2009-06-14 10:29 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-11 12:57 . 2009-06-27 22:18 -------- d-----w- c:\users\Jakub\AppData\Roaming\gtk-2.0
2009-06-11 12:56 . 2009-06-11 12:56 -------- d-----w- c:\users\Jakub\.thumbnails
2009-06-11 12:26 . 2009-06-27 22:19 -------- d-----w- c:\users\Jakub\.gimp-2.6
2009-06-11 12:26 . 2009-06-11 12:26 -------- d-----w- c:\users\Jakub\.gegl-0.0
2009-06-11 12:25 . 2009-06-11 12:25 -------- d-----w- c:\program files\GIMP-2.0
2009-06-11 07:03 . 2009-06-22 16:44 -------- d-----w- c:\users\Jakub\AppData\Roaming\Ahead
2009-06-11 06:44 . 2009-06-21 18:49 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-11 06:17 . 2009-06-24 19:51 -------- d-----w- c:\program files\Common Files\Nero
2009-06-11 06:12 . 2009-06-11 06:12 -------- d-----w- c:\program files\ESTsoft
2009-06-11 06:10 . 2009-06-11 06:10 -------- d-----w- c:\users\Jakub\AppData\Local\ESET
2009-06-10 17:02 . 2009-06-24 19:57 -------- d-----w- c:\program files\7-Zip
2009-06-10 13:13 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-10 13:13 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 12:59 . 2008-05-27 05:17 34816 ----a-w- c:\windows\system32\msscb.dll
2009-06-10 12:58 . 2008-10-22 01:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-10 12:34 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-10 12:34 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-06-10 12:34 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-06-10 12:34 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-06-10 12:34 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-06-10 12:34 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-06-10 12:34 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-06-10 12:28 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-06-10 12:28 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-06-10 12:28 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-06-10 12:28 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-06-10 12:28 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-06-10 12:24 . 2009-06-10 12:24 -------- d-----w- c:\program files\MSXML 4.0
2009-06-10 12:16 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-06-10 12:16 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-06-10 12:16 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2009-06-10 12:13 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-10 12:13 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-10 12:05 . 2009-06-10 12:05 -------- d-----w- c:\program files\ESET
2009-06-10 06:44 . 2009-06-10 06:44 1695744 ----a-w- c:\windows\system32\gameux.dll
2009-06-10 06:09 . 2009-05-19 21:27 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090604.001\SymIDSI.dll
2009-06-10 06:02 . 2008-04-29 03:54 181760 ----a-w- c:\windows\system32\fsquirt.exe
2009-06-10 05:51 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-06-10 05:51 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-06-10 05:51 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-06-10 05:51 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-06-10 05:51 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-06-10 05:51 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-06-10 05:51 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-06-10 05:51 . 2008-10-16 12:08 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-06-10 05:51 . 2008-10-16 11:56 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-06-09 22:00 . 2009-06-09 22:00 -------- d-----w- c:\users\Jakub\AppData\Roaming\IObit
2009-06-09 22:00 . 2009-06-09 22:00 -------- d-----w- c:\program files\IObit
2009-06-09 21:38 . 2009-06-09 21:38 44 ----a-w- c:\windows\system\hpsysdrv.dat
2009-06-09 21:30 . 2009-06-09 21:39 -------- d-----w- c:\users\Jakub\AppData\Local\MigWiz
2009-06-09 21:29 . 2009-06-09 21:29 -------- d-----w- c:\users\Jakub\AppData\Roaming\Symantec
2009-06-09 21:29 . 2009-06-24 19:06 -------- d-----w- c:\users\Jakub\AppData\Local\QuickPlay
2009-06-09 21:29 . 2009-06-24 21:28 66688 ----a-w- c:\users\Jakub\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-09 21:29 . 2009-06-09 21:29 -------- d-----w- c:\users\Jakub\AppData\Roaming\DigitalPersona
2009-06-09 21:29 . 2009-06-09 21:29 -------- d-----w- c:\users\Jakub\AppData\Local\DigitalPersona
2009-06-09 21:26 . 2009-06-09 21:26 -------- d-----w- c:\users\Jakub\AppData\Roaming\Hewlett-Packard
2009-06-09 21:25 . 2009-06-09 21:25 -------- d-----w- c:\program files\Microsoft Works
2009-06-09 21:23 . 2009-06-24 19:06 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-09 21:22 . 2009-06-09 21:22 -------- d-----w- c:\users\Jakub\AppData\Roaming\Macrovision
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\users\Default\Soubory cookie
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\users\Default\Okolní tiskárny
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\users\Default\Okolní síť
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\users\Default\Šablony
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\users\Default\Nabídka Start
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\users\Default\Dokumenty
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\users\Default\Data aplikací
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\programdata\Plocha
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\programdata\Oblíbené položky
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\programdata\Šablony
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\programdata\Nabídka Start
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\programdata\Dokumenty
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\programdata\Data aplikací
2009-06-09 21:17 . 2009-06-29 15:37 836 ----a-w- c:\windows\bthservsdp.dat
2009-06-09 21:11 . 2009-06-09 21:11 -------- d-----w- c:\programdata\NVIDIA
2009-06-09 21:10 . 2009-06-17 12:44 -------- d-----w- c:\programdata\CyberLink
2009-06-09 21:09 . 2009-06-09 21:09 -------- d-----w- c:\windows\system32\tr
2009-06-09 21:09 . 2009-06-09 21:09 -------- d-----w- c:\windows\system32\ru
2009-06-09 21:09 . 2009-06-09 21:09 -------- d-----w- c:\windows\system32\ko
2009-06-09 21:09 . 2009-06-09 21:09 -------- d-----w- c:\windows\system32\ja
2009-06-09 21:09 . 2009-06-09 21:09 -------- d-----w- c:\windows\system32\it
2009-06-09 21:09 . 2009-06-09 21:09 -------- d-----w- c:\windows\system32\fr
2009-06-09 21:09 . 2009-06-09 21:09 -------- d-----w- c:\windows\system32\es
2009-06-09 21:09 . 2009-06-09 21:09 -------- d-----w- c:\windows\system32\de
2009-06-09 21:09 . 2009-06-09 21:09 -------- d-----w- c:\windows\DPDrv
2009-06-09 21:09 . 2009-06-09 21:09 -------- d-----w- c:\program files\DigitalPersona
2009-06-09 21:09 . 2009-06-09 21:09 -------- d-----w- c:\programdata\Macrovision
2009-06-09 21:04 . 2009-06-09 21:04 -------- d-----w- c:\program files\Common Files\LightScribe
2009-06-09 21:00 . 2009-06-09 21:00 -------- d-----w- c:\windows\system32\HPMDP
2009-06-09 21:00 . 2008-03-06 03:39 252 ----a-w- c:\windows\system32\AP6RMJH.BIN
2009-06-09 20:58 . 2008-03-26 11:15 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-06-09 20:57 . 2009-06-09 20:57 87328 ----a-w- c:\windows\system32\bcmwlcoi.dll
2009-06-09 20:57 . 2009-06-09 20:57 3141632 ----a-w- c:\windows\system32\bcmihvui.dll
2009-06-09 20:57 . 2009-06-09 20:57 -------- d-----w- c:\program files\Broadcom
2009-06-09 20:57 . 2009-06-09 20:57 3481600 ----a-w- c:\windows\system32\bcmihvsrv.dll
2009-06-09 20:57 . 2009-06-09 20:57 1207288 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 18:39 . 2008-07-03 08:14 598832 ----a-w- c:\windows\system32\perfh005.dat
2009-06-29 18:39 . 2008-07-03 08:14 114992 ----a-w- c:\windows\system32\perfc005.dat
2009-06-29 18:33 . 2009-06-09 21:04 42559 ----a-w- c:\programdata\nvModes.dat
2009-06-29 18:26 . 2009-06-09 20:45 3218328101 ----a-w- c:\windows\DUMP43d2.tmp
2009-06-24 19:06 . 2008-07-02 22:31 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-24 18:32 . 2009-06-24 18:32 -------- d-----w- c:\windows\Fonts\AdvUninstal
2009-06-22 17:15 . 2008-07-02 22:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-22 17:08 . 2008-07-02 23:41 -------- d-----w- c:\programdata\Hewlett-Packard
2009-06-14 10:29 . 2008-07-02 23:47 -------- d-----w- c:\program files\Java
2009-06-11 07:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-11 07:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-11 07:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-06-11 07:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-11 07:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-06-11 07:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-11 07:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-11 07:23 . 2008-07-02 22:37 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-10 18:22 . 2008-07-02 22:37 -------- d-----w- c:\programdata\Symantec
2009-06-10 13:21 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-09 21:53 . 2009-06-09 21:53 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-06-09 21:22 . 2009-06-09 21:22 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv5 Notebook PC_Y5335KV_0U_QCNF8422NX9_E465478-224_4A_I3603_SQuanta_V02.20_F.0C_T080918_WV3-1_L405_M3069_J320_7Intel_86FD_92.00_#090609_N10EC8168;14E44315_(FV769EA#AKB)_XMOBILE_CN10_Z_2F.0C.MRK
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\programdata\Oblíbené položky
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\programdata\Nabídka Start
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\programdata\Data aplikací
2009-06-09 21:08 . 2008-07-02 23:32 -------- d-----w- c:\program files\CyberLink
2009-06-09 21:00 . 2009-06-09 21:00 -------- d-----w- c:\program files\AVerMedia
2009-06-09 21:00 . 2009-06-09 20:58 -------- d-----w- c:\program files\Intel
2009-06-09 20:56 . 2009-06-09 20:56 -------- d-----w- c:\program files\Realtek
2009-06-09 20:56 . 2009-06-09 20:55 -------- d-----w- c:\program files\IDT
2009-06-09 20:53 . 2009-06-09 20:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-04-23 12:43 . 2009-06-10 06:02 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-10 06:04 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 06:04 2033152 ----a-w- c:\windows\system32\win32k.sys
2008-07-03 08:16 . 2008-07-03 08:16 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-12 699456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CB9C536F-FF52-488B-B5B9-FC0434B0D0DD}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{CDFE03D6-0EF7-4D92-8413-AC65DB8E7229}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{A9F2AFE6-D790-4FC9-8B88-6DFDCD984C3C}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{41598220-F6EE-4844-9A1B-FFE3ECB1FE2E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

R1 SbFw;SbFw;c:\windows\System32\drivers\SbFw.sys [31.10.2008 7:09 270888]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [24.1.2008 15:23 52736]
S1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
S1 sbhips;Sunbelt HIPS Driver;c:\windows\System32\drivers\sbhips.sys [21.6.2008 4:54 66600]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe [9.6.2009 22:55 73728]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
S2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [6.2.2009 14:24 92800]
S2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [18.3.2008 16:24 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [3.7.2008 1:42 341328]
S2 SbPF.Launcher;SbPF.Launcher;f:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
S2 SPF4;Sunbelt Personal Firewall 4;f:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\System32\vfsFPService.exe [26.3.2008 18:27 595248]
S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\System32\drivers\AVerAF15.sys [9.6.2009 23:00 280192]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [3.7.2008 1:00 193840]
S3 DfSdkS;Defragmentation-Service;f:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [24.6.2009 23:01 410976]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [1.4.2008 13:14 81296]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [23.5.2008 5:29 43552]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\System32\drivers\SbFwIm.sys [24.6.2009 22:07 65576]
S3 vfs101x;vfs101x;c:\windows\System32\drivers\vfs101x.sys [26.3.2008 18:28 40752]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-06-28 c:\windows\Tasks\User_Feed_Synchronization-{C870AC55-3C57-40FE-97C6-B63B1FF75B57}.job
- c:\windows\system32\msfeedssync.exe [2009-06-10 11:31]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-RunOnce-<NO NAME> - (no file)

.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
TCP: {D62CDC86-5A44-4B72-984C-157995497023} = 213.155.229.197
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-29 21:41
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(564)
c:\windows\system32\DPPWDFLT.dll
.
Celkový čas: 2009-06-29 21:42
ComboFix-quarantined-files.txt 2009-06-29 19:42

Před spuštěním: Volných bajtů: 164 281 544 704
Po spuštění: Volných bajtů: 164 206 395 392

267 --- E O F --- 2009-06-29 18:16

Příspěvekod **jaro3** » 30 čer 2009 08:06

S tím Combofixem se to opravdu někdy stane ( brána ap.)..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\bthservsdp.dat
c:\programdata\nvModes.dat
c:\windows\DUMP43d2.tmp

Folder::
c:\windows\DUMP43d2.tmp

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

John.Ross · Příspěvekod **John.Ross** » 30 čer 2009 19:53

Provedeno, jen v průbehu scriptování sunbelt hlásil "průnik" ale žádnou volbu nenabídl, takže jen "zavřít" jinak nic, jen jsem přemýšlel, jestli scriptování neprovést v nouzovém režimu, ale nějak to dopadlo.

TRady jsou příslušné logy:

ComboFix 09-06-29.01 - Jakub 30.06.2009 19:22.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.3068.2067 [GMT 2:00]
Spuštěný z: c:\users\Jakub\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jakub\Desktop\CFScript.txt
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý

FILE ::
"c:\programdata\nvModes.dat"
"c:\windows\bthservsdp.dat"
"c:\windows\DUMP43d2.tmp"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\nvModes.dat
c:\windows\bthservsdp.dat
c:\windows\DUMP43d2.tmp

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-28 do 2009-06-30 )))))))))))))))))))))))))))))))
.

2009-06-30 17:28 . 2009-06-30 17:31 -------- d-----w- c:\users\Jakub\AppData\Local\temp
2009-06-29 22:14 . 2009-06-29 22:14 -------- d-----w- c:\users\Jakub\AppData\Local\Adobe
2009-06-29 21:06 . 2009-06-29 21:06 514888 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-29 14:35 . 2009-06-29 14:35 -------- d-----w- c:\program files\Trend Micro
2009-06-28 20:30 . 2009-06-28 20:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-06-28 20:30 . 2009-06-29 14:27 -------- d-----w- c:\users\Jakub\AppData\Roaming\SUPERAntiSpyware.com
2009-06-28 20:13 . 2009-06-28 20:13 -------- d-----w- c:\users\Jakub\AppData\Roaming\Malwarebytes
2009-06-28 20:12 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-28 20:12 . 2009-06-28 20:12 -------- d-----w- c:\programdata\Malwarebytes
2009-06-28 20:12 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-25 20:30 . 2009-06-25 20:30 -------- d-----w- c:\users\Jakub\AppData\Roaming\mojosoft
2009-06-24 20:27 . 2009-01-09 10:46 39776 ----a-w- c:\windows\system32\DfSdkBt64.exe
2009-06-24 20:27 . 2009-01-09 10:46 33632 ----a-w- c:\windows\system32\DfSdkBt.exe
2009-06-24 20:07 . 2008-06-21 02:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2009-06-24 19:51 . 2006-03-17 12:49 368640 ----a-w- c:\windows\system32\TwnLib4.dll
2009-06-24 19:51 . 2006-03-17 09:45 802816 ----a-w- c:\windows\system32\imagXRA7.dll
2009-06-24 19:51 . 2006-03-17 09:45 497296 ----a-w- c:\windows\system32\imagXpr7.dll
2009-06-24 19:51 . 2006-03-17 09:45 258048 ----a-w- c:\windows\system32\imagXR7.dll
2009-06-24 19:51 . 2006-03-17 09:45 1757184 ----a-w- c:\windows\system32\imagX7.dll
2009-06-24 19:51 . 2009-06-24 19:52 -------- d-----w- c:\program files\Nero8lite
2009-06-24 19:51 . 2009-06-24 19:51 -------- d-----w- c:\programdata\Nero
2009-06-24 16:48 . 2009-06-24 17:06 -------- d-----w- c:\users\Jakub\AppData\Local\The Weather Channel
2009-06-22 05:37 . 2009-06-22 05:37 -------- d-----w- c:\users\Jakub\AppData\Roaming\Nero
2009-06-22 05:37 . 2009-06-22 05:37 -------- d-----w- c:\programdata\LightScribe
2009-06-21 21:34 . 2009-06-21 21:35 -------- d-----w- c:\program files\Adobe(0)
2009-06-20 14:00 . 2009-06-22 16:49 -------- d-----w- c:\program files\The KMPlayer
2009-06-18 20:37 . 2009-06-18 20:37 737280 ----a-w- c:\windows\iun6002.exe
2009-06-18 20:37 . 2009-06-18 20:37 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-06-17 23:48 . 2009-06-18 00:01 -------- d-----w- c:\users\Jakub\AppData\Local\Microsoft Games
2009-06-17 12:44 . 2009-06-24 09:02 -------- d-----w- c:\users\Jakub\AppData\Roaming\CyberLink
2009-06-17 12:44 . 2009-06-17 12:44 -------- d-----w- c:\users\Public\CyberLink
2009-06-14 10:29 . 2009-06-14 10:29 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-11 12:57 . 2009-06-27 22:18 -------- d-----w- c:\users\Jakub\AppData\Roaming\gtk-2.0
2009-06-11 12:56 . 2009-06-11 12:56 -------- d-----w- c:\users\Jakub\.thumbnails
2009-06-11 12:26 . 2009-06-27 22:19 -------- d-----w- c:\users\Jakub\.gimp-2.6
2009-06-11 12:26 . 2009-06-11 12:26 -------- d-----w- c:\users\Jakub\.gegl-0.0
2009-06-11 12:25 . 2009-06-11 12:25 -------- d-----w- c:\program files\GIMP-2.0
2009-06-11 07:03 . 2009-06-22 16:44 -------- d-----w- c:\users\Jakub\AppData\Roaming\Ahead
2009-06-11 06:44 . 2009-06-21 18:49 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-11 06:17 . 2009-06-24 19:51 -------- d-----w- c:\program files\Common Files\Nero
2009-06-11 06:12 . 2009-06-11 06:12 -------- d-----w- c:\program files\ESTsoft
2009-06-11 06:10 . 2009-06-11 06:10 -------- d-----w- c:\users\Jakub\AppData\Local\ESET
2009-06-10 17:02 . 2009-06-24 19:57 -------- d-----w- c:\program files\7-Zip
2009-06-10 13:13 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-10 13:13 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 12:59 . 2008-05-27 05:17 34816 ----a-w- c:\windows\system32\msscb.dll
2009-06-10 12:58 . 2008-10-22 01:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-10 12:34 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-10 12:34 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-06-10 12:34 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-06-10 12:34 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-06-10 12:34 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-06-10 12:34 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-06-10 12:34 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-06-10 12:28 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-06-10 12:28 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-06-10 12:28 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-06-10 12:28 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-06-10 12:28 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-06-10 12:24 . 2009-06-10 12:24 -------- d-----w- c:\program files\MSXML 4.0
2009-06-10 12:16 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-06-10 12:16 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-06-10 12:16 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2009-06-10 12:13 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-10 12:13 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-10 12:05 . 2009-06-10 12:05 -------- d-----w- c:\program files\ESET
2009-06-10 06:44 . 2009-06-10 06:44 1695744 ----a-w- c:\windows\system32\gameux.dll
2009-06-10 06:09 . 2009-05-19 21:27 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090604.001\SymIDSI.dll
2009-06-10 06:02 . 2008-04-29 03:54 181760 ----a-w- c:\windows\system32\fsquirt.exe
2009-06-10 05:51 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-06-10 05:51 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-06-10 05:51 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-06-10 05:51 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-06-10 05:51 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-06-10 05:51 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-06-10 05:51 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-06-10 05:51 . 2008-10-16 12:08 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-06-10 05:51 . 2008-10-16 11:56 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-06-09 22:00 . 2009-06-09 22:00 -------- d-----w- c:\users\Jakub\AppData\Roaming\IObit
2009-06-09 22:00 . 2009-06-09 22:00 -------- d-----w- c:\program files\IObit
2009-06-09 21:38 . 2009-06-09 21:38 44 ----a-w- c:\windows\system\hpsysdrv.dat
2009-06-09 21:30 . 2009-06-09 21:39 -------- d-----w- c:\users\Jakub\AppData\Local\MigWiz
2009-06-09 21:29 . 2009-06-09 21:29 -------- d-----w- c:\users\Jakub\AppData\Roaming\Symantec
2009-06-09 21:29 . 2009-06-24 19:06 -------- d-----w- c:\users\Jakub\AppData\Local\QuickPlay
2009-06-09 21:29 . 2009-06-24 21:28 66688 ----a-w- c:\users\Jakub\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-09 21:29 . 2009-06-09 21:29 -------- d-----w- c:\users\Jakub\AppData\Roaming\DigitalPersona
2009-06-09 21:29 . 2009-06-09 21:29 -------- d-----w- c:\users\Jakub\AppData\Local\DigitalPersona
2009-06-09 21:26 . 2009-06-09 21:26 -------- d-----w- c:\users\Jakub\AppData\Roaming\Hewlett-Packard
2009-06-09 21:25 . 2009-06-09 21:25 -------- d-----w- c:\program files\Microsoft Works
2009-06-09 21:23 . 2009-06-24 19:06 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-09 21:22 . 2009-06-09 21:22 -------- d-----w- c:\users\Jakub\AppData\Roaming\Macrovision
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\users\Default\Soubory cookie
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\users\Default\Okolní tiskárny
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\users\Default\Okolní síť
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\users\Default\Šablony
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\users\Default\Nabídka Start
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\users\Default\Dokumenty
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\users\Default\Data aplikací
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\programdata\Plocha
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\programdata\Oblíbené položky
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\programdata\Šablony
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\programdata\Nabídka Start
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\programdata\Dokumenty
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\programdata\Data aplikací
2009-06-09 21:11 . 2009-06-09 21:11 -------- d-----w- c:\programdata\NVIDIA
2009-06-09 21:10 . 2009-06-17 12:44 -------- d-----w- c:\programdata\CyberLink
2009-06-09 21:09 . 2009-06-09 21:09 -------- d-----w- c:\windows\system32\tr
2009-06-09 21:09 . 2009-06-09 21:09 -------- d-----w- c:\windows\system32\ru
2009-06-09 21:09 . 2009-06-09 21:09 -------- d-----w- c:\windows\system32\ko
2009-06-09 21:09 . 2009-06-09 21:09 -------- d-----w- c:\windows\system32\ja
2009-06-09 21:09 . 2009-06-09 21:09 -------- d-----w- c:\windows\system32\it
2009-06-09 21:09 . 2009-06-09 21:09 -------- d-----w- c:\windows\system32\fr
2009-06-09 21:09 . 2009-06-09 21:09 -------- d-----w- c:\windows\system32\es
2009-06-09 21:09 . 2009-06-09 21:09 -------- d-----w- c:\windows\system32\de
2009-06-09 21:09 . 2009-06-09 21:09 -------- d-----w- c:\windows\DPDrv
2009-06-09 21:09 . 2009-06-09 21:09 -------- d-----w- c:\program files\DigitalPersona
2009-06-09 21:09 . 2009-06-09 21:09 -------- d-----w- c:\programdata\Macrovision
2009-06-09 21:04 . 2009-06-09 21:04 -------- d-----w- c:\program files\Common Files\LightScribe
2009-06-09 21:00 . 2009-06-09 21:00 -------- d-----w- c:\windows\system32\HPMDP
2009-06-09 21:00 . 2008-03-06 03:39 252 ----a-w- c:\windows\system32\AP6RMJH.BIN
2009-06-09 20:58 . 2008-03-26 11:15 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-06-09 20:57 . 2009-06-09 20:57 87328 ----a-w- c:\windows\system32\bcmwlcoi.dll
2009-06-09 20:57 . 2009-06-09 20:57 3141632 ----a-w- c:\windows\system32\bcmihvui.dll
2009-06-09 20:57 . 2009-06-09 20:57 -------- d-----w- c:\program files\Broadcom
2009-06-09 20:57 . 2009-06-09 20:57 3481600 ----a-w- c:\windows\system32\bcmihvsrv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-30 17:14 . 2008-07-03 08:14 598832 ----a-w- c:\windows\system32\perfh005.dat
2009-06-30 17:14 . 2008-07-03 08:14 114992 ----a-w- c:\windows\system32\perfc005.dat
2009-06-24 19:06 . 2008-07-02 22:31 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-24 18:32 . 2009-06-24 18:32 -------- d-----w- c:\windows\Fonts\AdvUninstal
2009-06-22 17:15 . 2008-07-02 22:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-22 17:08 . 2008-07-02 23:41 -------- d-----w- c:\programdata\Hewlett-Packard
2009-06-14 10:29 . 2008-07-02 23:47 -------- d-----w- c:\program files\Java
2009-06-11 07:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-11 07:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-11 07:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-06-11 07:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-11 07:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-06-11 07:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-11 07:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-11 07:23 . 2008-07-02 22:37 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-10 18:22 . 2008-07-02 22:37 -------- d-----w- c:\programdata\Symantec
2009-06-10 13:21 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-09 21:53 . 2009-06-09 21:53 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-06-09 21:22 . 2009-06-09 21:22 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv5 Notebook PC_Y5335KV_0U_QCNF8422NX9_E465478-224_4A_I3603_SQuanta_V02.20_F.0C_T080918_WV3-1_L405_M3069_J320_7Intel_86FD_92.00_#090609_N10EC8168;14E44315_(FV769EA#AKB)_XMOBILE_CN10_Z_2F.0C.MRK
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\programdata\Oblíbené položky
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\programdata\Nabídka Start
2009-06-09 21:18 . 2009-06-09 21:18 -------- d-sh--we c:\programdata\Data aplikací
2009-06-09 21:08 . 2008-07-02 23:32 -------- d-----w- c:\program files\CyberLink
2009-06-09 21:00 . 2009-06-09 21:00 -------- d-----w- c:\program files\AVerMedia
2009-06-09 21:00 . 2009-06-09 20:58 -------- d-----w- c:\program files\Intel
2009-06-09 20:56 . 2009-06-09 20:56 -------- d-----w- c:\program files\Realtek
2009-06-09 20:56 . 2009-06-09 20:55 -------- d-----w- c:\program files\IDT
2009-06-09 20:53 . 2009-06-09 20:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-04-23 12:43 . 2009-06-10 06:02 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-10 06:04 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 06:04 2033152 ----a-w- c:\windows\system32\win32k.sys
2008-07-03 08:16 . 2008-07-03 08:16 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-12 699456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CB9C536F-FF52-488B-B5B9-FC0434B0D0DD}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{CDFE03D6-0EF7-4D92-8413-AC65DB8E7229}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{A9F2AFE6-D790-4FC9-8B88-6DFDCD984C3C}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{41598220-F6EE-4844-9A1B-FFE3ECB1FE2E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 SbFw;SbFw;c:\windows\System32\drivers\SbFw.sys [31.10.2008 7:09 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\System32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe [9.6.2009 22:55 73728]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [6.2.2009 14:24 92800]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [18.3.2008 16:24 19456]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [3.7.2008 1:42 341328]
R2 SbPF.Launcher;SbPF.Launcher;f:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;f:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\System32\vfsFPService.exe [26.3.2008 18:27 595248]
R3 AVerAF15;HP DVB-T TV Tuner;c:\windows\System32\drivers\AVerAF15.sys [9.6.2009 23:00 280192]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [24.1.2008 15:23 52736]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [1.4.2008 13:14 81296]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [23.5.2008 5:29 43552]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\System32\drivers\SbFwIm.sys [24.6.2009 22:07 65576]
R3 vfs101x;vfs101x;c:\windows\System32\drivers\vfs101x.sys [26.3.2008 18:28 40752]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [3.7.2008 1:00 193840]
S3 DfSdkS;Defragmentation-Service;f:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [24.6.2009 23:01 410976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
TCP: {D62CDC86-5A44-4B72-984C-157995497023} = 213.155.229.197
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-30 19:31
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(3928)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wlanext.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
f:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\conime.exe
c:\windows\ehome\ehmsas.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Celkový čas: 2009-06-30 19:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-06-30 17:36
ComboFix2.txt 2009-06-29 19:42

Před spuštěním: Volných bajtů: 160 903 802 880
Po spuštění: Volných bajtů: 160 878 219 264

293 --- E O F --- 2009-06-29 18:16

a hjt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:37:36, on 30.6.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
F:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Windows\system32\conime.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5357541428
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5357803219
O17 - HKLM\System\CCS\Services\Tcpip\..\{D62CDC86-5A44-4B72-984C-157995497023}: NameServer = 213.155.229.197
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - F:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - F:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - F:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 5371 bytes

Příspěvekod **jaro3** » 30 čer 2009 20:08

Logy O.K.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Pokud nejsou problémy , je to vše.

John.Ross · Příspěvekod **John.Ross** » 30 čer 2009 20:21

Notas se zrychlil, jen takový dotázek přepínání mezi okny v internetu je zdlouhavé (není to třeba tím IE 8??, připadá mi IE7 lepší), a třeba okna průzkumníku se také dlouho načítají.
Mám nechat sunbelt personal firewall?? nebo odinstalovat??

Jinak jdu tedy do čištění a odinstalování.

Příspěvekod **jaro3** » 30 čer 2009 20:25

Sunbelt-Kerio bych si nechal.
S tím IE8 nemám zkušenosti , ne všem vyhovuje a dost velká část se vrací k IE7...
Já osobně jedu na Operu a zdá se mi nejrychlejší, mám i Mozzilu FF , oba prohlížeče jsou rychlejší než IE.
Pokud si dlouho nedefragmentoval , můžeš zkusit.
Dej vyřešeno , fajfku.

preventivní kontrolu prosím Vyřešeno

preventivní kontrolu prosím Vyřešeno

Re: preventivní kontrolu prosím

Re: preventivní kontrolu prosím

Re: preventivní kontrolu prosím

Re: preventivní kontrolu prosím

Re: preventivní kontrolu prosím

Re: preventivní kontrolu prosím

Re: preventivní kontrolu prosím

Re: preventivní kontrolu prosím

Re: preventivní kontrolu prosím

Re: preventivní kontrolu prosím

Re: preventivní kontrolu prosím

Kdo je online