Prosím o kontrolu- samovoľné vypínanie. Vyřešeno

[Brumteles68]

Zdravím, v poslednej dobe sa mi vypína notb. sám a to nie je ani nejako extrémne preťažený. Spravil mi to aj pri prezeraní stránok na nete a to som nič nerobil ani neťahal. Dnes ráno hneď pri prihlásení na svoj účet mi ho vyplo a po zapnutí mi ponuklo na výber spustiť buď v úspornom režime alebo podľa poslednej znamej konfigurácie. Prikladám log. Zatiaľ dík.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:56:49, on 2. 9. 2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\System32\bgsvcgen.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Unknown owner - C:\Program Files\Common Files\Steam\SteamService.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 5827 bytes


Poprosím niekoho aby mi to presunul do správnej sekcie, v tom zhone som to prehliadol .

//tytyty!

//mmm

[Reklama]

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O1 - Hosts: ::1 localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Problém může být i s HW.

[Brumteles68]

Posielam ten log.

Malwarebytes' Anti-Malware 1.40
Verzia databázy: 2729
Windows 6.0.6001 Service Pack 1

2. 9. 2009 9:00:38
mbam-log-2009-09-02 (09-00-38).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 100839
Uplynutý cas: 5 minute(s), 18 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 0

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
(Žiadne škodlivé položky)

[jaro3]

Vypni rez. ochranu u NOD+štít u ST.

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Brumteles68]

Posielam log z ComboFixu.

ComboFix 09-09-01.04 - Brumteles . 09. 2009 9:25.4.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.421.1051.18.2047.1252 [GMT 2:00]
Running from: c:\users\Brumteles\Downloads\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1683245060-1196235975-2706506550-500
c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500
c:\$recycle.bin\S-1-5-21-3004094700-1292148700-1120296016-500

.
((((((((((((((((((((((((( Files Created from 2009-08-02 to 2009-09-02 )))))))))))))))))))))))))))))))
.

2009-09-02 07:35 . 2009-09-02 07:36 -------- d-----w- c:\users\Brumteles\AppData\Local\temp
2009-09-02 07:35 . 2009-09-02 07:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-02 07:35 . 2009-09-02 07:35 -------- d-----w- c:\users\Jana\AppData\Local\temp
2009-09-02 07:35 . 2009-09-02 07:35 -------- d-----w- c:\users\Deti\AppData\Local\temp
2009-09-02 06:54 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-02 06:54 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-02 06:54 . 2009-09-02 06:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-01 12:17 . 2009-09-01 17:41 -------- d-----w- c:\users\Brumteles\AppData\Roaming\vlc
2009-08-26 08:01 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 07:57 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-26 07:57 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-25 10:59 . 2009-08-25 10:59 -------- d-----w- c:\users\Brumteles\{6493b478-1b81-4bc5-8a87-2a39a5fdbca2}
2009-08-25 10:54 . 2009-08-25 10:56 -------- d-----w- c:\users\Brumteles\AppData\Roaming\Hewlett Packard
2009-08-25 10:47 . 2009-08-25 10:47 -------- d-----w- C:\Intel
2009-08-25 10:46 . 2009-08-25 10:46 -------- d-----w- c:\users\Brumteles\AppData\Roaming\SampleView
2009-08-25 10:40 . 2009-08-25 10:40 3584 ----a-r- c:\users\Brumteles\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-08-25 10:40 . 2009-08-25 10:40 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-08-24 11:25 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-24 11:25 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-24 11:25 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-24 11:25 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-24 11:25 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-24 11:25 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-24 11:25 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-24 11:25 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-24 10:38 . 2009-08-24 11:07 -------- d-----w- c:\program files\HD Tune
2009-08-23 10:51 . 2009-08-23 16:04 -------- d-----w- c:\users\Deti\AppData\Roaming\DNA
2009-08-13 10:45 . 2009-08-13 10:45 -------- d-----w- c:\programdata\GARMIN
2009-08-13 10:11 . 2009-08-13 10:11 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-08-13 10:11 . 2009-08-13 10:11 -------- d-----w- c:\program files\DIFX
2009-08-13 10:11 . 2009-08-13 10:11 -------- d-----w- c:\program files\Garmin
2009-08-13 09:49 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-13 09:49 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-13 09:49 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-13 09:48 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-13 09:48 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-13 09:48 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-13 09:48 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-13 09:48 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-02 07:17 . 2006-11-09 21:16 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-01 14:52 . 2008-05-25 11:33 -------- d-----w- c:\users\Deti\AppData\Roaming\Skype
2009-09-01 14:02 . 2008-05-25 11:35 -------- d-----w- c:\users\Deti\AppData\Roaming\skypePM
2009-09-01 13:16 . 2007-09-03 11:57 -------- d-----w- c:\programdata\Roxio
2009-09-01 12:29 . 2008-05-23 20:28 -------- d-----w- c:\programdata\DVD Shrink
2009-09-01 12:06 . 2009-05-13 16:10 -------- d-----w- c:\users\Brumteles\AppData\Roaming\dvdcss
2009-08-25 11:25 . 2008-07-25 18:09 98422 ----a-w- c:\windows\system32\perfh01B.dat
2009-08-25 11:25 . 2008-07-25 18:09 32176 ----a-w- c:\windows\system32\perfc01B.dat
2009-08-25 10:53 . 2007-09-03 11:00 -------- d-----w- c:\program files\Analog Devices
2009-08-25 10:53 . 2009-05-02 18:48 -------- d-----w- c:\users\Brumteles\AppData\Roaming\InstallShield
2009-08-25 10:40 . 2009-01-13 20:20 -------- d-----w- c:\program files\MSECACHE
2009-08-14 09:24 . 2007-09-03 11:46 -------- d-----w- c:\programdata\Microsoft Help
2009-08-14 09:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-13 10:45 . 2009-06-23 17:12 -------- d-----w- c:\users\Brumteles\AppData\Roaming\GARMIN
2009-08-06 17:04 . 2008-05-26 09:12 -------- d-----w- c:\program files\ESET
2009-07-31 09:59 . 2008-08-18 11:48 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-21 21:52 . 2009-07-29 08:10 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 08:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 08:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 08:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-19 18:11 . 2009-07-19 18:11 311428 ----a-w- c:\users\Deti\AppData\Roaming\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2009-07-19 18:11 . 2009-07-19 18:11 184452 ----a-w- c:\users\Deti\AppData\Roaming\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2009-07-19 18:11 . 2009-06-09 14:04 -------- d-----w- c:\users\Deti\AppData\Roaming\InstallShield
2009-07-17 16:03 . 2009-07-17 16:03 -------- d-----w- c:\users\Deti\AppData\Roaming\TeamViewer
2009-07-17 16:03 . 2009-07-17 16:03 -------- d-----w- c:\users\Brumteles\AppData\Roaming\TeamViewer
2009-07-17 16:03 . 2009-07-17 16:03 -------- d-----w- c:\program files\TeamViewer
2009-07-17 14:27 . 2009-07-17 14:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-05 18:37 . 2009-07-05 18:37 -------- d-----w- c:\programdata\WindowsSearch
2009-07-05 11:31 . 2008-05-25 17:40 -------- d-----w- c:\users\Deti\AppData\Roaming\ICQ
2009-06-15 15:24 . 2009-07-15 07:26 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:24 . 2009-08-24 11:25 270848 ----a-w- c:\windows\system32\schannel.dll
2009-06-15 15:20 . 2009-07-15 07:26 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 07:26 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 07:26 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-09 14:04 . 2009-06-09 14:05 492164 ------w- c:\users\Deti\AppData\Roaming\InstallShield Installation Information\{E397F6F0-AEE4-4236-BB05-1351350F8365}\ISSetup.dll
2009-06-09 14:04 . 2009-06-09 14:05 460248 ----a-w- c:\users\Deti\AppData\Roaming\InstallShield Installation Information\{E397F6F0-AEE4-4236-BB05-1351350F8365}\setup.exe
2009-06-09 14:04 . 2009-06-09 14:05 164784 ----a-w- c:\users\Deti\AppData\Roaming\InstallShield Installation Information\{E397F6F0-AEE4-4236-BB05-1351350F8365}\_Setup.dll
2008-05-22 16:42 . 2008-05-22 16:42 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 833072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 16:04 49152 ----a-r- c:\windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BA417191-CD31-472D-822A-32A3A505C111}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{F2EA5B9B-76B5-42F0-91FE-9AC58FDFDF6B}c:\\program files\\icq6\\icq.exe"= Disabled:UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{D9D8762E-28AC-42A8-9B45-EA8B086081E7}c:\\program files\\icq6\\icq.exe"= Disabled:TCP:c:\program files\icq6\icq.exe:ICQ Library
"{9ED79A84-2049-4848-8F1F-0E81124DB244}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{306BA4D5-1FAC-4AA3-BA40-45E4857E958B}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{7F4F9C34-CFB4-422E-A37A-248A9DC485CF}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{401704EC-3803-4204-8152-7AB6EC49A848}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{5B984C0B-C913-4B9A-8AEB-3198DD1CCDCD}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{266A2977-85D7-4AF7-9CEC-B0977A1B9409}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{4ABE43F0-651F-467A-8C7C-1E3CCC33A46C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{5AFFF8C1-2DA2-467B-8625-9D0014B4B5BA}c:\\program files\\valve\\hltv.exe"= UDP:c:\program files\valve\hltv.exe:HLTV Launcher
"UDP Query User{4820F6AC-BE89-49BF-9620-35A5373B5158}c:\\program files\\valve\\hltv.exe"= TCP:c:\program files\valve\hltv.exe:HLTV Launcher
"TCP Query User{E742A376-73C2-456D-88F1-8AB059908C5D}c:\\program files\\valve\\hl.exe"= UDP:c:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{62E107F4-7B93-4BC3-8870-99530514066B}c:\\program files\\valve\\hl.exe"= TCP:c:\program files\valve\hl.exe:Half-Life Launcher
"TCP Query User{219497E7-76D2-4395-9839-6D61C0B0996C}c:\\users\\deti\\desktop\\hry\\flat out 2\\flatout2.exe"= UDP:c:\users\deti\desktop\hry\flat out 2\flatout2.exe:flatout2.exe
"UDP Query User{1690DE48-D43D-4BB3-B3DA-0B9202FFFC8D}c:\\users\\deti\\desktop\\hry\\flat out 2\\flatout2.exe"= TCP:c:\users\deti\desktop\hry\flat out 2\flatout2.exe:flatout2.exe
"{A271B0DD-EA42-4DE3-BD75-2258F0BFFA34}"= UDP:c:\users\Jana\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{6C8D0F44-0DDC-43BE-A4E0-45F122C09127}"= TCP:c:\users\Jana\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"TCP Query User{E8444593-6245-4540-A1AB-D0187F3218A3}c:\\users\\deti\\desktop\\hry\\cs 1.6\\hl.exe"= UDP:c:\users\deti\desktop\hry\cs 1.6\hl.exe:hl.exe
"UDP Query User{CC2159BA-B261-45B8-BD41-8A517204A628}c:\\users\\deti\\desktop\\hry\\cs 1.6\\hl.exe"= TCP:c:\users\deti\desktop\hry\cs 1.6\hl.exe:hl.exe
"TCP Query User{DCB58BA5-5FD2-40DF-9D09-4219F725B38E}c:\\program files\\unreal anthology\\ut2004\\system\\ut2004.exe"= UDP:c:\program files\unreal anthology\ut2004\system\ut2004.exe:UT2004
"UDP Query User{7E10DC12-8682-4EAB-A38E-05A13CA6BA09}c:\\program files\\unreal anthology\\ut2004\\system\\ut2004.exe"= TCP:c:\program files\unreal anthology\ut2004\system\ut2004.exe:UT2004
"TCP Query User{B97C071E-0F6A-42D9-9783-F0241BA995D4}c:\\users\\deti\\desktop\\hry\\copy cs 1 6\\hl.exe"= UDP:c:\users\deti\desktop\hry\copy cs 1 6\hl.exe:hl.exe
"UDP Query User{A9B8F976-6580-48B0-91F6-53C9C0579C1F}c:\\users\\deti\\desktop\\hry\\copy cs 1 6\\hl.exe"= TCP:c:\users\deti\desktop\hry\copy cs 1 6\hl.exe:hl.exe
"TCP Query User{F3625B6A-0EDD-4CF1-80D0-698C941D314B}c:\\users\\deti\\desktop\\hry\\cs 1 6\\hl.exe"= UDP:c:\users\deti\desktop\hry\cs 1 6\hl.exe:hl.exe
"UDP Query User{6FE96B03-FB06-45B4-A186-47E7F39ACB51}c:\\users\\deti\\desktop\\hry\\cs 1 6\\hl.exe"= TCP:c:\users\deti\desktop\hry\cs 1 6\hl.exe:hl.exe
"TCP Query User{31E52B8E-EF87-4D6A-88D6-FDA899621ABA}c:\\program files\\counter-strike 1.6\\hl.exe"= UDP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"UDP Query User{EBD5E89C-9676-4027-B1F1-CCD6A0DA6D6D}c:\\program files\\counter-strike 1.6\\hl.exe"= TCP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"TCP Query User{9D73FFB6-7958-4B4E-BC29-A99E92D015B6}c:\\program files\\cain\\cain.exe"= UDP:c:\program files\cain\cain.exe:Cain - Password Recovery Utility
"UDP Query User{E1C09AB3-4876-47EC-A67B-B35D6079E424}c:\\program files\\cain\\cain.exe"= TCP:c:\program files\cain\cain.exe:Cain - Password Recovery Utility
"TCP Query User{13D78C51-671C-485E-A325-0B883E363D41}c:\\program files\\counter-strike 1.6\\hl.exe"= UDP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"UDP Query User{0285CC92-775B-4471-8A0A-C9855250DD7A}c:\\program files\\counter-strike 1.6\\hl.exe"= TCP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"TCP Query User{46F4E658-6C09-470C-AAFC-50268AAF95A6}c:\\program files\\winpcap\\rpcapd.exe"= UDP:c:\program files\winpcap\rpcapd.exe:Remote Packet Capture Daemon
"UDP Query User{88A1C628-C82F-4866-8AB9-2139D5AAD587}c:\\program files\\winpcap\\rpcapd.exe"= TCP:c:\program files\winpcap\rpcapd.exe:Remote Packet Capture Daemon
"TCP Query User{8B78F180-EA78-4B1D-81C3-E064842C8DED}c:\\users\\deti\\desktop\\hry\\metin2\\metin2.bin"= UDP:c:\users\deti\desktop\hry\metin2\metin2.bin:metin2.bin
"UDP Query User{A0E23E22-F939-4A2A-9F94-35C354462D9F}c:\\users\\deti\\desktop\\hry\\metin2\\metin2.bin"= TCP:c:\users\deti\desktop\hry\metin2\metin2.bin:metin2.bin
"TCP Query User{D424EFCF-2531-45E5-857D-C7FA25A6BD4B}c:\\program files\\cain\\cain.exe"= UDP:c:\program files\cain\cain.exe:Cain - Password Recovery Utility
"UDP Query User{60E1A315-8EDF-450C-85BD-BFB481E91B67}c:\\program files\\cain\\cain.exe"= TCP:c:\program files\cain\cain.exe:Cain - Password Recovery Utility
"TCP Query User{33841017-403D-4586-8B1D-F5C83AFE969A}c:\\users\\deti\\desktop\\hry\\metin2\\metin2.bin"= UDP:c:\users\deti\desktop\hry\metin2\metin2.bin:metin2.bin
"UDP Query User{D18A8462-A7B4-4D84-B41D-4ACA2BDC7AE9}c:\\users\\deti\\desktop\\hry\\metin2\\metin2.bin"= TCP:c:\users\deti\desktop\hry\metin2\metin2.bin:metin2.bin
"TCP Query User{BC9E31F6-986B-47CA-A226-BD5886897F98}c:\\users\\deti\\desktop\\peto\\need for speed most wanted\\speed.exe"= UDP:c:\users\deti\desktop\peto\need for speed most wanted\speed.exe:speed.exe
"UDP Query User{5599FAE5-8FBF-4D7B-B9C8-6C15A1B9DFE0}c:\\users\\deti\\desktop\\peto\\need for speed most wanted\\speed.exe"= TCP:c:\users\deti\desktop\peto\need for speed most wanted\speed.exe:speed.exe
"TCP Query User{6F2A5D5D-62D5-4883-AEC9-3C110F8B1CC1}c:\\program files\\teamviewer\\version4\\teamviewer.exe"= UDP:c:\program files\teamviewer\version4\teamviewer.exe:TeamViewer Remote Control Application
"UDP Query User{9C1696AD-2B34-4873-B5ED-1CEA757E8882}c:\\program files\\teamviewer\\version4\\teamviewer.exe"= TCP:c:\program files\teamviewer\version4\teamviewer.exe:TeamViewer Remote Control Application
"TCP Query User{474E5D35-EBE4-4A4D-8DB0-72526C726536}c:\\users\\deti\\program files\\dna\\btdna.exe"= UDP:c:\users\deti\program files\dna\btdna.exe:btdna.exe
"UDP Query User{0595D9FF-FFCB-4AC6-AD80-CBA4E8783732}c:\\users\\deti\\program files\\dna\\btdna.exe"= TCP:c:\users\deti\program files\dna\btdna.exe:btdna.exe
"TCP Query User{8393A961-6475-4D0D-9F3B-AEF98C149348}c:\\users\\deti\\program files\\dna\\btdna.exe"= UDP:c:\users\deti\program files\dna\btdna.exe:btdna.exe
"UDP Query User{93654E98-9D25-453D-87B7-4AA2219DFFA1}c:\\users\\deti\\program files\\dna\\btdna.exe"= TCP:c:\users\deti\program files\dna\btdna.exe:btdna.exe

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [6. 2. 2009 14:23 106208]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6. 2. 2009 14:23 727720]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [6. 2. 2009 14:24 92800]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2. 11. 2006 12:25 167936]
S3 DAMDrv;DAMDrv;c:\windows\System32\drivers\DAMDrv.sys [3. 9. 2007 14:03 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\System32\flcdlock.exe [8. 6. 2007 18:06 172131]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17. 11. 2008 16:40 3668480]
S3 PAC7311;VGA SoC PC-Camera;c:\windows\System32\drivers\PA707UCM.SYS [8. 11. 2006 9:59 530304]
S4 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [3. 9. 2007 13:51 540448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-01-13 c:\windows\Tasks\HPCeeScheduleForJana.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-09-03 21:46]

2009-05-14 c:\windows\Tasks\User_Feed_Synchronization-{5B620C07-2FC2-47F8-BBEC-6BCB70A43ADC}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com
mStart Page = hxxp://www.hp.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\Microsoft Office\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Brumteles\AppData\Roaming\Mozilla\Firefox\Profiles\9dwk101x.default\
FF - prefs.js: browser.startup.homepage - www.zoznam.sk
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-02 09:35
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2472)
c:\program files\Aberger\HfAsistentSlk\FotoSync.dll
c:\program files\Aberger\HfAsistentSlk\xerc2701.dll
c:\program files\Aberger\HfAsistentSlk\fotosynr.dll
.
Completion time: 2009-09-02 9:40
ComboFix-quarantined-files.txt 2009-09-02 07:40
ComboFix2.txt 2009-03-31 15:16

Pre-Run: 30 565 289 984 bytes free
Post-Run: 33 639 190 528 bytes free

249 --- E O F --- 2009-08-28 14:41

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\bthservsdp.dat

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu .

stáhni SuperAntiSpyware
aktualizuj databázi , proveď sken a následně nákazy smaž

Pak nový log z HJT.

[Brumteles68]

Posielam tie logy.

ComboFix 09-09-01.04 - Brumteles . 09. 2009 11:18.5.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.421.1051.18.2047.1162 [GMT 2:00]
Running from: c:\users\Brumteles\Downloads\ComboFix.exe
Command switches used :: c:\users\Brumteles\Desktop\CFScript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active


FILE ::
"c:\windows\bthservsdp.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\bthservsdp.dat

.
((((((((((((((((((((((((( Files Created from 2009-08-02 to 2009-09-02 )))))))))))))))))))))))))))))))
.

2009-09-02 09:26 . 2009-09-02 09:26 -------- d-----w- c:\users\Brumteles\AppData\Local\temp
2009-09-02 09:26 . 2009-09-02 09:26 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-02 09:26 . 2009-09-02 09:26 -------- d-----w- c:\users\Jana\AppData\Local\temp
2009-09-02 09:26 . 2009-09-02 09:26 -------- d-----w- c:\users\Deti\AppData\Local\temp
2009-09-02 09:26 . 2009-09-02 09:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-02 09:18 . 2009-09-02 09:18 -------- d-----w- c:\users\Brumteles\AppData\Local\ESET
2009-09-02 08:36 . 2009-09-02 08:36 -------- d-----w- c:\users\Brumteles\AppData\Local\Adobe
2009-09-02 06:54 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-02 06:54 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-02 06:54 . 2009-09-02 06:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-01 12:17 . 2009-09-01 17:41 -------- d-----w- c:\users\Brumteles\AppData\Roaming\vlc
2009-08-26 08:01 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 07:57 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-26 07:57 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-25 10:59 . 2009-08-25 10:59 -------- d-----w- c:\users\Brumteles\{6493b478-1b81-4bc5-8a87-2a39a5fdbca2}
2009-08-25 10:54 . 2009-08-25 10:56 -------- d-----w- c:\users\Brumteles\AppData\Roaming\Hewlett Packard
2009-08-25 10:47 . 2009-08-25 10:47 -------- d-----w- C:\Intel
2009-08-25 10:46 . 2009-08-25 10:46 -------- d-----w- c:\users\Brumteles\AppData\Roaming\SampleView
2009-08-25 10:40 . 2009-08-25 10:40 3584 ----a-r- c:\users\Brumteles\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-08-25 10:40 . 2009-08-25 10:40 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-08-24 11:25 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-24 11:25 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-24 11:25 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-24 11:25 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-24 11:25 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-24 11:25 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-24 11:25 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-24 11:25 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-24 10:38 . 2009-08-24 11:07 -------- d-----w- c:\program files\HD Tune
2009-08-23 10:51 . 2009-08-23 16:04 -------- d-----w- c:\users\Deti\AppData\Roaming\DNA
2009-08-13 10:45 . 2009-08-13 10:45 -------- d-----w- c:\programdata\GARMIN
2009-08-13 10:11 . 2009-08-13 10:11 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-08-13 10:11 . 2009-08-13 10:11 -------- d-----w- c:\program files\DIFX
2009-08-13 10:11 . 2009-08-13 10:11 -------- d-----w- c:\program files\Garmin
2009-08-13 09:49 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-13 09:49 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-13 09:49 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-13 09:48 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-13 09:48 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-13 09:48 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-13 09:48 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-13 09:48 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-01 14:52 . 2008-05-25 11:33 -------- d-----w- c:\users\Deti\AppData\Roaming\Skype
2009-09-01 14:02 . 2008-05-25 11:35 -------- d-----w- c:\users\Deti\AppData\Roaming\skypePM
2009-09-01 13:16 . 2007-09-03 11:57 -------- d-----w- c:\programdata\Roxio
2009-09-01 12:29 . 2008-05-23 20:28 -------- d-----w- c:\programdata\DVD Shrink
2009-09-01 12:06 . 2009-05-13 16:10 -------- d-----w- c:\users\Brumteles\AppData\Roaming\dvdcss
2009-08-25 11:25 . 2008-07-25 18:09 98422 ----a-w- c:\windows\system32\perfh01B.dat
2009-08-25 11:25 . 2008-07-25 18:09 32176 ----a-w- c:\windows\system32\perfc01B.dat
2009-08-25 10:53 . 2007-09-03 11:00 -------- d-----w- c:\program files\Analog Devices
2009-08-25 10:53 . 2009-05-02 18:48 -------- d-----w- c:\users\Brumteles\AppData\Roaming\InstallShield
2009-08-25 10:40 . 2009-01-13 20:20 -------- d-----w- c:\program files\MSECACHE
2009-08-14 09:24 . 2007-09-03 11:46 -------- d-----w- c:\programdata\Microsoft Help
2009-08-14 09:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-13 10:45 . 2009-06-23 17:12 -------- d-----w- c:\users\Brumteles\AppData\Roaming\GARMIN
2009-08-06 17:04 . 2008-05-26 09:12 -------- d-----w- c:\program files\ESET
2009-07-31 09:59 . 2008-08-18 11:48 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-21 21:52 . 2009-07-29 08:10 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 08:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 08:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 08:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-19 18:11 . 2009-07-19 18:11 311428 ----a-w- c:\users\Deti\AppData\Roaming\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2009-07-19 18:11 . 2009-07-19 18:11 184452 ----a-w- c:\users\Deti\AppData\Roaming\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2009-07-19 18:11 . 2009-06-09 14:04 -------- d-----w- c:\users\Deti\AppData\Roaming\InstallShield
2009-07-17 16:03 . 2009-07-17 16:03 -------- d-----w- c:\users\Deti\AppData\Roaming\TeamViewer
2009-07-17 16:03 . 2009-07-17 16:03 -------- d-----w- c:\users\Brumteles\AppData\Roaming\TeamViewer
2009-07-17 16:03 . 2009-07-17 16:03 -------- d-----w- c:\program files\TeamViewer
2009-07-17 14:27 . 2009-07-17 14:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-05 18:37 . 2009-07-05 18:37 -------- d-----w- c:\programdata\WindowsSearch
2009-07-05 11:31 . 2008-05-25 17:40 -------- d-----w- c:\users\Deti\AppData\Roaming\ICQ
2009-06-15 15:24 . 2009-07-15 07:26 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:24 . 2009-08-24 11:25 270848 ----a-w- c:\windows\system32\schannel.dll
2009-06-15 15:20 . 2009-07-15 07:26 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 07:26 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 07:26 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-09 14:04 . 2009-06-09 14:05 492164 ------w- c:\users\Deti\AppData\Roaming\InstallShield Installation Information\{E397F6F0-AEE4-4236-BB05-1351350F8365}\ISSetup.dll
2009-06-09 14:04 . 2009-06-09 14:05 460248 ----a-w- c:\users\Deti\AppData\Roaming\InstallShield Installation Information\{E397F6F0-AEE4-4236-BB05-1351350F8365}\setup.exe
2009-06-09 14:04 . 2009-06-09 14:05 164784 ----a-w- c:\users\Deti\AppData\Roaming\InstallShield Installation Information\{E397F6F0-AEE4-4236-BB05-1351350F8365}\_Setup.dll
2008-05-22 16:42 . 2008-05-22 16:42 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 833072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 16:04 49152 ----a-r- c:\windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BA417191-CD31-472D-822A-32A3A505C111}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{F2EA5B9B-76B5-42F0-91FE-9AC58FDFDF6B}c:\\program files\\icq6\\icq.exe"= Disabled:UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{D9D8762E-28AC-42A8-9B45-EA8B086081E7}c:\\program files\\icq6\\icq.exe"= Disabled:TCP:c:\program files\icq6\icq.exe:ICQ Library
"{9ED79A84-2049-4848-8F1F-0E81124DB244}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{306BA4D5-1FAC-4AA3-BA40-45E4857E958B}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{7F4F9C34-CFB4-422E-A37A-248A9DC485CF}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{401704EC-3803-4204-8152-7AB6EC49A848}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{5B984C0B-C913-4B9A-8AEB-3198DD1CCDCD}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{266A2977-85D7-4AF7-9CEC-B0977A1B9409}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{4ABE43F0-651F-467A-8C7C-1E3CCC33A46C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{5AFFF8C1-2DA2-467B-8625-9D0014B4B5BA}c:\\program files\\valve\\hltv.exe"= UDP:c:\program files\valve\hltv.exe:HLTV Launcher
"UDP Query User{4820F6AC-BE89-49BF-9620-35A5373B5158}c:\\program files\\valve\\hltv.exe"= TCP:c:\program files\valve\hltv.exe:HLTV Launcher
"TCP Query User{E742A376-73C2-456D-88F1-8AB059908C5D}c:\\program files\\valve\\hl.exe"= UDP:c:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{62E107F4-7B93-4BC3-8870-99530514066B}c:\\program files\\valve\\hl.exe"= TCP:c:\program files\valve\hl.exe:Half-Life Launcher
"TCP Query User{219497E7-76D2-4395-9839-6D61C0B0996C}c:\\users\\deti\\desktop\\hry\\flat out 2\\flatout2.exe"= UDP:c:\users\deti\desktop\hry\flat out 2\flatout2.exe:flatout2.exe
"UDP Query User{1690DE48-D43D-4BB3-B3DA-0B9202FFFC8D}c:\\users\\deti\\desktop\\hry\\flat out 2\\flatout2.exe"= TCP:c:\users\deti\desktop\hry\flat out 2\flatout2.exe:flatout2.exe
"{A271B0DD-EA42-4DE3-BD75-2258F0BFFA34}"= UDP:c:\users\Jana\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{6C8D0F44-0DDC-43BE-A4E0-45F122C09127}"= TCP:c:\users\Jana\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"TCP Query User{E8444593-6245-4540-A1AB-D0187F3218A3}c:\\users\\deti\\desktop\\hry\\cs 1.6\\hl.exe"= UDP:c:\users\deti\desktop\hry\cs 1.6\hl.exe:hl.exe
"UDP Query User{CC2159BA-B261-45B8-BD41-8A517204A628}c:\\users\\deti\\desktop\\hry\\cs 1.6\\hl.exe"= TCP:c:\users\deti\desktop\hry\cs 1.6\hl.exe:hl.exe
"TCP Query User{DCB58BA5-5FD2-40DF-9D09-4219F725B38E}c:\\program files\\unreal anthology\\ut2004\\system\\ut2004.exe"= UDP:c:\program files\unreal anthology\ut2004\system\ut2004.exe:UT2004
"UDP Query User{7E10DC12-8682-4EAB-A38E-05A13CA6BA09}c:\\program files\\unreal anthology\\ut2004\\system\\ut2004.exe"= TCP:c:\program files\unreal anthology\ut2004\system\ut2004.exe:UT2004
"TCP Query User{B97C071E-0F6A-42D9-9783-F0241BA995D4}c:\\users\\deti\\desktop\\hry\\copy cs 1 6\\hl.exe"= UDP:c:\users\deti\desktop\hry\copy cs 1 6\hl.exe:hl.exe
"UDP Query User{A9B8F976-6580-48B0-91F6-53C9C0579C1F}c:\\users\\deti\\desktop\\hry\\copy cs 1 6\\hl.exe"= TCP:c:\users\deti\desktop\hry\copy cs 1 6\hl.exe:hl.exe
"TCP Query User{F3625B6A-0EDD-4CF1-80D0-698C941D314B}c:\\users\\deti\\desktop\\hry\\cs 1 6\\hl.exe"= UDP:c:\users\deti\desktop\hry\cs 1 6\hl.exe:hl.exe
"UDP Query User{6FE96B03-FB06-45B4-A186-47E7F39ACB51}c:\\users\\deti\\desktop\\hry\\cs 1 6\\hl.exe"= TCP:c:\users\deti\desktop\hry\cs 1 6\hl.exe:hl.exe
"TCP Query User{31E52B8E-EF87-4D6A-88D6-FDA899621ABA}c:\\program files\\counter-strike 1.6\\hl.exe"= UDP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"UDP Query User{EBD5E89C-9676-4027-B1F1-CCD6A0DA6D6D}c:\\program files\\counter-strike 1.6\\hl.exe"= TCP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"TCP Query User{9D73FFB6-7958-4B4E-BC29-A99E92D015B6}c:\\program files\\cain\\cain.exe"= UDP:c:\program files\cain\cain.exe:Cain - Password Recovery Utility
"UDP Query User{E1C09AB3-4876-47EC-A67B-B35D6079E424}c:\\program files\\cain\\cain.exe"= TCP:c:\program files\cain\cain.exe:Cain - Password Recovery Utility
"TCP Query User{13D78C51-671C-485E-A325-0B883E363D41}c:\\program files\\counter-strike 1.6\\hl.exe"= UDP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"UDP Query User{0285CC92-775B-4471-8A0A-C9855250DD7A}c:\\program files\\counter-strike 1.6\\hl.exe"= TCP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"TCP Query User{46F4E658-6C09-470C-AAFC-50268AAF95A6}c:\\program files\\winpcap\\rpcapd.exe"= UDP:c:\program files\winpcap\rpcapd.exe:Remote Packet Capture Daemon
"UDP Query User{88A1C628-C82F-4866-8AB9-2139D5AAD587}c:\\program files\\winpcap\\rpcapd.exe"= TCP:c:\program files\winpcap\rpcapd.exe:Remote Packet Capture Daemon
"TCP Query User{8B78F180-EA78-4B1D-81C3-E064842C8DED}c:\\users\\deti\\desktop\\hry\\metin2\\metin2.bin"= UDP:c:\users\deti\desktop\hry\metin2\metin2.bin:metin2.bin
"UDP Query User{A0E23E22-F939-4A2A-9F94-35C354462D9F}c:\\users\\deti\\desktop\\hry\\metin2\\metin2.bin"= TCP:c:\users\deti\desktop\hry\metin2\metin2.bin:metin2.bin
"TCP Query User{D424EFCF-2531-45E5-857D-C7FA25A6BD4B}c:\\program files\\cain\\cain.exe"= UDP:c:\program files\cain\cain.exe:Cain - Password Recovery Utility
"UDP Query User{60E1A315-8EDF-450C-85BD-BFB481E91B67}c:\\program files\\cain\\cain.exe"= TCP:c:\program files\cain\cain.exe:Cain - Password Recovery Utility
"TCP Query User{33841017-403D-4586-8B1D-F5C83AFE969A}c:\\users\\deti\\desktop\\hry\\metin2\\metin2.bin"= UDP:c:\users\deti\desktop\hry\metin2\metin2.bin:metin2.bin
"UDP Query User{D18A8462-A7B4-4D84-B41D-4ACA2BDC7AE9}c:\\users\\deti\\desktop\\hry\\metin2\\metin2.bin"= TCP:c:\users\deti\desktop\hry\metin2\metin2.bin:metin2.bin
"TCP Query User{BC9E31F6-986B-47CA-A226-BD5886897F98}c:\\users\\deti\\desktop\\peto\\need for speed most wanted\\speed.exe"= UDP:c:\users\deti\desktop\peto\need for speed most wanted\speed.exe:speed.exe
"UDP Query User{5599FAE5-8FBF-4D7B-B9C8-6C15A1B9DFE0}c:\\users\\deti\\desktop\\peto\\need for speed most wanted\\speed.exe"= TCP:c:\users\deti\desktop\peto\need for speed most wanted\speed.exe:speed.exe
"TCP Query User{6F2A5D5D-62D5-4883-AEC9-3C110F8B1CC1}c:\\program files\\teamviewer\\version4\\teamviewer.exe"= UDP:c:\program files\teamviewer\version4\teamviewer.exe:TeamViewer Remote Control Application
"UDP Query User{9C1696AD-2B34-4873-B5ED-1CEA757E8882}c:\\program files\\teamviewer\\version4\\teamviewer.exe"= TCP:c:\program files\teamviewer\version4\teamviewer.exe:TeamViewer Remote Control Application
"TCP Query User{474E5D35-EBE4-4A4D-8DB0-72526C726536}c:\\users\\deti\\program files\\dna\\btdna.exe"= UDP:c:\users\deti\program files\dna\btdna.exe:btdna.exe
"UDP Query User{0595D9FF-FFCB-4AC6-AD80-CBA4E8783732}c:\\users\\deti\\program files\\dna\\btdna.exe"= TCP:c:\users\deti\program files\dna\btdna.exe:btdna.exe
"TCP Query User{8393A961-6475-4D0D-9F3B-AEF98C149348}c:\\users\\deti\\program files\\dna\\btdna.exe"= UDP:c:\users\deti\program files\dna\btdna.exe:btdna.exe
"UDP Query User{93654E98-9D25-453D-87B7-4AA2219DFFA1}c:\\users\\deti\\program files\\dna\\btdna.exe"= TCP:c:\users\deti\program files\dna\btdna.exe:btdna.exe

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [6. 2. 2009 14:23 106208]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6. 2. 2009 14:23 727720]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [6. 2. 2009 14:24 92800]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2. 11. 2006 12:25 167936]
S3 DAMDrv;DAMDrv;c:\windows\System32\drivers\DAMDrv.sys [3. 9. 2007 14:03 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\System32\flcdlock.exe [8. 6. 2007 18:06 172131]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17. 11. 2008 16:40 3668480]
S3 PAC7311;VGA SoC PC-Camera;c:\windows\System32\drivers\PA707UCM.SYS [8. 11. 2006 9:59 530304]
S4 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [3. 9. 2007 13:51 540448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-01-13 c:\windows\Tasks\HPCeeScheduleForJana.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-09-03 21:46]

2009-05-14 c:\windows\Tasks\User_Feed_Synchronization-{5B620C07-2FC2-47F8-BBEC-6BCB70A43ADC}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com
mStart Page = hxxp://www.hp.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\Microsoft Office\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Brumteles\AppData\Roaming\Mozilla\Firefox\Profiles\9dwk101x.default\
FF - prefs.js: browser.startup.homepage - www.zoznam.sk
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-02 11:26
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\BRUMTE~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
Completion time: 2009-09-02 11:30
ComboFix-quarantined-files.txt 2009-09-02 09:30
ComboFix2.txt 2009-09-02 07:40
ComboFix3.txt 2009-03-31 15:16

Pre-Run: 33 624 420 352 bytes free
Post-Run: 33 580 683 264 bytes free

244 --- E O F --- 2009-08-28 14:41


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:53, on 2. 9. 2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\System32\bgsvcgen.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Unknown owner - C:\Program Files\Common Files\Steam\SteamService.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 5651 bytes

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si program OTM (by OldTimer)
http://www.edisk.cz/stahni/07995/OTMove ... .39KB.html
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg

:Files
c:\users\BRUMTE~1\AppData\Local\Temp\catchme.dll

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.

Popiš stav notebooku.

[Brumteles68]

a========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File/Folder c:\users\BRUMTE~1\AppData\Local\Temp\catchme.dll not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Users\Brumteles\AppData\Local\Mozilla\Firefox\Profiles\9dwk101x.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Brumteles\AppData\Local\Mozilla\Firefox\Profiles\9dwk101x.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Brumteles\AppData\Local\Mozilla\Firefox\Profiles\9dwk101x.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Brumteles\AppData\Local\Mozilla\Firefox\Profiles\9dwk101x.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Brumteles\AppData\Local\Mozilla\Firefox\Profiles\9dwk101x.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\Brumteles\AppData\Local\Mozilla\Firefox\Profiles\9dwk101x.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTM by OldTimer - Version 2.1.0.1 log created on 09022009_132102


Tak, pc sa reštartovalo a po reštarte mi na pc-helpe nešlo grafické rozhranie. Po vyčistení CCleanerom mi to nabehlo ok. Od rána mám ntb. zapnutý, iba surfujem a zatiaľ žiaden restart, iba ráno ako som už opisoval, po prihlásani nenabehol.

[jaro3]

Tak to zkoušej , jinak bych zkusil defragmentaci HDD -jeho kontrolu a kontrolu RAM . I zdrojem( akumulátor,baterie) to může být.

[Brumteles68]

Defragmentovať som skúšal už predtým a stale mi napíše že nie je nutná defragm. Pred chvíľou som nainštaloval servis pack 2, tak to zatiaľ budem sledovať, ak by sa to opakovalo, tak sa ozvem. Zatiaľ dík .

[Brumteles68]

Vyzerá to zatiaľ OK, až na tú vistu Díííík