log z HJT - win7 občas nenaběhnou

Drs · Příspěvekod **Drs** » 23 led 2010 16:43

Ahoj,
mám tento problém:
poslední dobou se mi náhodně často stává, že mi windows 7 nechcou naskočit. Po zapnutí se objeví logo microsoftu, pak obrazovka vítejte, zmizí kurzor, chvíli se to načítá a pak se objeví jenom černá obrazovka s kurzorem, se kterým lze hýbat, ale tady to skončí. Musím počítač vypnout a zkusit zapnout znova. Nejvíc mě udivuje, že je to úplně náhodný jev. Někdy to nastartuje bez problému, jindy se to objeví jednou, jindy dvakrát, atd. Jednou to zamrzlo už při obrazovce vítejte. Párkrát to najelo, ukázálo hlavní panel, ale bez ikonek na plose a comp nereagoval.

Na netu jsem si vygooglil něco o černé obrazovce smrti, která popisuje docela přesně můj problém. Nejdřív se říkalo, že to je aktualizací od microsoftu, to se ale popřelo a že prý za to může vir jménem Daonol, ten však podle mě v systému nemám (nezanechává u mě svou obvyklou stopu v registrech). Někdo říkal že to může způsobovat windows defender, ten jsem pro jistotu zkusil taky vypnout, ale bez úspěchu.

Mám HP 6730s, Intel DC, ATI Radeon, Win 7 (legalni).

Nemáte někdo prosím s tíhle zkušenosti? už si nevím rady. Děkuji

Log z HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:42:33, on 23.1.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
D:\Martin\Software\VIRY\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\DRS\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\DRS\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\DRS\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (HKCU)
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA92DD9A-0D33-48AD-969D-0270EAC5D2CD}: NameServer = 213.192.40.6,213.192.40.10
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 8381 bytes

Reklama

Damned · Příspěvekod **Damned** » 23 led 2010 23:25

Odinstaluj si DAEMON Tools Toolbar

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R3 - URLSearchHook: (no name) - - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O13 - Gopher Prefix:
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Drs · Příspěvekod **Drs** » 24 led 2010 11:48

Díky, moc, v HJT vše fixnuto jak jsi říkal, tady je log z Malwarebyte(ten NetCat je muj, o tom vim):

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3624
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

24.1.2010 11:45:18
mbam-log-2010-01-24 (11-45-12).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 100974
Uplynulý čas: 2 minute(s), 56 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Windows\System32\nc.exe (Backdoor.NetCat) -> No action taken.
C:\Users\DRS\Local Settings\Temporary Internet Files\udRemove.exe (Trojan.Agent) -> No action taken.

Damned · Příspěvekod **Damned** » 24 led 2010 12:05

To jako tvůj výrobek? Skutečně tebou napsaný a kompilovaný?
Nepatří to k NetCat?
Co je na tom dobré, nechat si tam backdora? Kdokoliv tě pingne, nebo náhodně zkusí IP, tak si z tvého PC vytáhne i cín na plošáku.

Drs · Příspěvekod **Drs** » 24 led 2010 12:22

Není to můj backdoor, ale proste jsem stahnul netcat a nahral jsem ho tam.. Zkousel jsem ho jenom jako telnet, pokud tam dela i nejake jine funkce, tak o tom nevim...

Damned · Příspěvekod **Damned** » 24 led 2010 12:36

Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Drs · Příspěvekod **Drs** » 24 led 2010 13:05

Odstranil jsem ten malware.. Chtel restart, tak jsem restartoval, nabehlo to napotreti, zase ta cerna obrazovka... pak jsem spustil teda ten combofix, restartlo se to, objevila se zase ta cerna obrazovka a na ni se spustilo okno combofixu... projelo to vsechny ty faze, porad okolo jenom cerna obrazovka, pak to zobrazilo log jako textovy soubor normalne v okne windows a pak najely i windowsi, plocha, panel start apod.

Tady je log:

ComboFix 10-01-23.05 - DRS 24.01.2010 12:52:24.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.3067.2115 [GMT 1:00]
Spuštěný z: c:\users\DRS\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\recycler\S-1-5-21-1757981266-1275210071-725345543-1003
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\system32\wdsdtdsini.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-24 do 2010-01-24 )))))))))))))))))))))))))))))))
.

2010-01-24 10:35 . 2010-01-24 10:35 -------- d-----w- c:\users\DRS\AppData\Roaming\Malwarebytes
2010-01-24 10:35 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-24 10:35 . 2010-01-24 10:35 -------- d-----w- c:\programdata\Malwarebytes
2010-01-24 10:35 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-24 10:35 . 2010-01-24 10:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-22 09:52 . 2009-12-19 09:02 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-19 10:56 . 2010-01-19 10:56 -------- d-----w- c:\program files\Synaptics
2010-01-19 10:51 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-19 10:51 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-16 01:30 . 2010-01-19 10:46 -------- d-----w- c:\program files\CCleaner
2010-01-11 22:42 . 2010-01-17 14:20 -------- d-----w- c:\users\DRS\AppData\Roaming\Wireshark
2010-01-11 22:42 . 2010-01-19 10:46 -------- d-----w- c:\program files\WinPcap
2010-01-11 22:40 . 2010-01-19 10:47 -------- d-----w- c:\program files\Wireshark
2010-01-11 22:24 . 2010-01-11 22:24 -------- d-----w- c:\users\DRS\AppData\Roaming\Ethereal
2010-01-11 22:14 . 2010-01-19 10:46 -------- d-----w- c:\program files\Ethereal
2010-01-10 14:38 . 2010-01-10 14:38 0 ----a-w- c:\windows\nsreg.dat
2010-01-10 14:38 . 2010-01-10 14:38 -------- d-----w- c:\users\DRS\AppData\Local\Thunderbird
2010-01-10 14:38 . 2010-01-10 14:38 -------- d-----w- c:\users\DRS\AppData\Roaming\Thunderbird
2010-01-10 14:36 . 2010-01-10 14:37 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-08 21:44 . 2010-01-24 11:51 -------- d-----w- c:\windows\system32\wbem\repository
2010-01-07 14:39 . 2010-01-07 14:38 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-01-07 14:38 . 2010-01-07 14:38 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-07 14:38 . 2010-01-07 14:38 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-07 14:38 . 2010-01-07 14:38 -------- d-----w- c:\users\DRS\AppData\Local\PunkBuster
2010-01-07 14:35 . 2010-01-07 14:35 -------- d-----w- c:\users\DRS\AppData\Roaming\Leadertech
2010-01-07 14:30 . 2010-01-07 14:30 -------- d-----w- c:\program files\EA Games
2010-01-06 16:44 . 2010-01-06 16:44 -------- d-----w- c:\program files\THQ
2010-01-02 13:03 . 2010-01-02 13:03 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-01-02 13:02 . 2010-01-02 13:02 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2009-12-27 15:39 . 2009-12-27 15:39 -------- d-----w- c:\program files\NetSetMan
2009-12-27 12:09 . 2009-12-27 12:09 2174976 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{79B79713-6AF8-4062-B396-6DE1E50ED6D7}-WDDriveInfo.exe
2009-12-27 11:59 . 2009-12-27 11:59 15360 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{105F72A1-39E1-B1A8-59C1-DDFF229C7319}-XMLSettings.dll
2009-12-26 23:33 . 2010-01-08 21:38 -------- d-----w- c:\users\DRS\AppData\Local\RapidSharing.eu
2009-12-25 13:00 . 2009-12-25 13:01 -------- d-----w- c:\program files\The KMPlayer

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 11:55 . 2009-07-14 08:44 687972 ----a-w- c:\windows\system32\perfh005.dat
2010-01-24 11:55 . 2009-07-14 08:44 143212 ----a-w- c:\windows\system32\perfc005.dat
2010-01-24 10:32 . 2009-12-06 21:35 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-01-19 10:56 . 2010-01-19 10:56 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-01-19 10:46 . 2009-11-13 11:18 -------- d-----w- c:\users\DRS\AppData\Roaming\GHISLER
2010-01-19 10:46 . 2009-11-13 10:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-18 23:02 . 2009-11-17 18:56 -------- d-----w- c:\users\DRS\AppData\Roaming\FileZilla
2010-01-03 18:31 . 2010-01-03 18:31 -------- d--h--w- c:\programdata\CanonBJ
2009-12-30 23:13 . 2009-12-24 20:59 -------- d-----w- c:\users\DRS\AppData\Roaming\MyPhoneExplorer
2009-12-26 23:29 . 2009-11-17 22:32 -------- d-----w- c:\program files\Rapget
2009-12-25 10:46 . 2009-12-25 10:46 -------- d-----w- c:\users\DRS\AppData\Roaming\Western Digital
2009-12-25 10:45 . 2009-12-25 10:45 -------- d-----w- c:\programdata\Western Digital
2009-12-25 10:45 . 2009-12-25 10:45 -------- d-----w- c:\program files\Western Digital
2009-12-24 20:59 . 2009-12-24 20:59 -------- d-----w- c:\program files\MyPhoneExplorer
2009-12-23 00:17 . 2009-12-23 00:17 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2009-12-23 00:17 . 2009-12-23 00:17 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-17 01:30 . 2009-11-19 18:50 -------- d-----w- c:\users\DRS\AppData\Roaming\Skype
2009-12-16 23:36 . 2009-11-19 18:52 -------- d-----w- c:\users\DRS\AppData\Roaming\skypePM
2009-12-15 02:32 . 2009-12-15 00:00 -------- d-----w- c:\users\DRS\AppData\Roaming\Nitro PDF
2009-12-15 02:07 . 2009-11-13 09:17 88776 ----a-w- c:\users\DRS\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-15 00:28 . 2009-12-15 00:28 -------- d-----w- c:\users\DRS\AppData\Roaming\Corel
2009-12-15 00:26 . 2009-12-15 00:26 -------- d-----w- c:\program files\Corel
2009-12-14 23:59 . 2009-12-14 23:59 -------- d-----w- c:\programdata\Nitro PDF
2009-12-14 23:59 . 2009-12-14 23:59 -------- d-----w- c:\program files\Nitro PDF
2009-12-14 23:59 . 2009-12-14 23:59 -------- d-----w- c:\program files\Common Files\Nitro PDF
2009-12-14 23:51 . 2009-12-14 23:51 -------- d-----w- c:\users\DRS\AppData\Roaming\Downloaded Installations
2009-12-14 19:08 . 2009-12-14 19:08 -------- d-----w- c:\users\DRS\AppData\Roaming\Ahead
2009-12-14 19:08 . 2009-12-14 19:08 -------- d-----w- c:\program files\Ahead
2009-12-14 19:08 . 2009-12-14 19:08 -------- d-----w- c:\program files\Common Files\Ahead
2009-12-14 14:44 . 2009-12-14 14:44 84661 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{E3413287-887E-1158-E7C9-9306EEB90880}-uninstall_plugin.exe
2009-12-13 20:09 . 2009-12-13 20:09 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-12-10 18:29 . 2009-11-15 23:28 -------- d-----w- c:\program files\Opera
2009-12-07 16:01 . 2009-12-07 16:01 -------- d-----w- c:\program files\MSECache
2009-12-07 14:35 . 2009-12-07 14:33 -------- d-----w- c:\program files\DoremiSoft
2009-12-07 14:17 . 2009-12-07 14:15 5 ----a-w- c:\windows\system32\SySatm.dat
2009-12-07 14:15 . 2009-12-07 14:15 -------- d-----w- c:\program files\Crystal Software
2009-12-07 11:16 . 2009-11-13 12:18 -------- d-----w- c:\program files\Java
2009-12-06 21:50 . 2009-12-06 21:45 -------- d-----w- c:\program files\Macromedia
2009-12-06 21:49 . 2009-12-06 21:49 -------- d-----w- c:\program files\Common Files\Macromedia Shared
2009-12-06 21:47 . 2009-12-06 21:47 45056 ----a-r- c:\users\DRS\AppData\Roaming\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe
2009-12-06 21:47 . 2009-12-06 21:45 -------- d-----w- c:\program files\Common Files\Macromedia
2009-12-06 21:45 . 2009-12-06 21:45 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-06 21:44 . 2009-12-06 21:33 -------- d-----w- c:\users\DRS\AppData\Roaming\DAEMON Tools Lite
2009-12-06 21:35 . 2009-12-06 21:34 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-06 21:35 . 2009-12-06 21:35 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-06 21:34 . 2009-12-06 21:33 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-12-01 22:30 . 2009-12-01 22:29 -------- d-----w- c:\program files\PDFCreator
2009-11-27 17:27 . 2009-11-27 17:27 -------- d-----w- c:\users\DRS\AppData\Roaming\TortoiseSVN
2009-11-27 17:15 . 2009-11-27 17:15 -------- d-----w- c:\users\DRS\AppData\Roaming\Subversion
2009-11-27 16:57 . 2009-11-27 16:57 -------- d-----w- c:\program files\TortoiseSVN
2009-11-27 16:57 . 2009-11-27 16:57 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2009-11-19 18:52 . 2009-11-19 18:52 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-11-13 08:44 . 2009-11-13 08:44 0 ----a-w- c:\windows\ativpsrm.bin
2009-11-02 19:42 . 2009-11-13 09:37 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:22 . 2009-11-25 09:59 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-05 17:34 . 2009-11-13 09:34 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}"= "c:\users\DRS\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll" [2009-10-05 150768]

[HKEY_CLASSES_ROOT\clsid\{a55f9c95-2bb1-4ea2-bc77-dfaab78832ce}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2009-10-05 17:34 150768 ----a-w- c:\users\DRS\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\DRS\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-22 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [21.12.2007 8:21 33800]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [14.7.2009 0:52 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [18.8.2009 2:36 176128]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 8:21 468224]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [15.9.2009 10:20 188736]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14.10.2009 14:31 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 9:58 20480]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [13.11.2009 10:10 29472]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\System32\drivers\vwifimp.sys [14.7.2009 0:52 14336]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\System32\drivers\yk62x86.sys [28.9.2009 9:22 315392]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [6.12.2009 22:35 691696]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [13.11.2009 10:14 228408]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\System32\drivers\KMWDFILTER.sys [29.4.2009 15:37 25088]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [6.11.2007 21:22 34064]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\System32\drivers\wdcsam.sys [13.2.2009 12:02 11520]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [15.8.2008 14:47 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\System32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [15.8.2008 14:47 369688]
.
Obsah adresáře 'Naplánované úlohy'

2010-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3551270210-2322570739-85838943-1000Core.job
- c:\users\DRS\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-22 19:01]

2010-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3551270210-2322570739-85838943-1000UA.job
- c:\users\DRS\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-22 19:01]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {EA92DD9A-0D33-48AD-969D-0270EAC5D2CD} = 213.192.40.6,213.192.40.10
FF - ProfilePath - c:\users\DRS\AppData\Roaming\Mozilla\Firefox\Profiles\779c8akr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Mozilla Firefox\components\qippipe.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: c:\users\DRS\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-01-24 13:00:17
ComboFix-quarantined-files.txt 2010-01-24 12:00

Před spuštěním: Volných bajtů: 15 319 056 384
Po spuštění: Volných bajtů: 15 258 759 168

- - End Of File - - C9F1D1E4BE7F1D4AC6530DA8409BC641

Damned · Příspěvekod **Damned** » 24 led 2010 13:24

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\nsreg.dat

Folder::
c:\program files\DAEMON Tools Toolbar

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

Drs · Příspěvekod **Drs** » 24 led 2010 13:51

Done, zkousel jsem to dvakrat restartovat a pokazde to nabehlo napoprve, v poradku...
Tady jsou logy:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:49:58, on 24.1.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\system32\taskhost.exe
C:\totalcmd\TOTALCMD.EXE
D:\Martin\Software\VIRY\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\DRS\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\DRS\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Google Update] "C:\Users\DRS\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA92DD9A-0D33-48AD-969D-0270EAC5D2CD}: NameServer = 213.192.40.6,213.192.40.10
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 6567 bytes

ComboFix 10-01-23.05 - DRS 24.01.2010 13:36:49.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.3067.1996 [GMT 1:00]
Spuštěný z: c:\users\DRS\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\DRS\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}

FILE ::
"c:\windows\nsreg.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DAEMON Tools Toolbar
c:\program files\DAEMON Tools Toolbar\_DTLite.xml
c:\windows\nsreg.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-24 do 2010-01-24 )))))))))))))))))))))))))))))))
.

2010-01-24 12:41 . 2010-01-24 12:41 -------- d-----w- c:\users\DRS\AppData\Local\temp
2010-01-24 12:41 . 2010-01-24 12:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-24 12:41 . 2010-01-24 12:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-24 10:35 . 2010-01-24 10:35 -------- d-----w- c:\users\DRS\AppData\Roaming\Malwarebytes
2010-01-24 10:35 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-24 10:35 . 2010-01-24 10:35 -------- d-----w- c:\programdata\Malwarebytes
2010-01-24 10:35 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-24 10:35 . 2010-01-24 10:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-22 09:52 . 2009-12-19 09:02 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-19 10:56 . 2010-01-19 10:56 -------- d-----w- c:\program files\Synaptics
2010-01-19 10:51 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-19 10:51 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-16 01:30 . 2010-01-19 10:46 -------- d-----w- c:\program files\CCleaner
2010-01-11 22:42 . 2010-01-17 14:20 -------- d-----w- c:\users\DRS\AppData\Roaming\Wireshark
2010-01-11 22:42 . 2010-01-19 10:46 -------- d-----w- c:\program files\WinPcap
2010-01-11 22:40 . 2010-01-19 10:47 -------- d-----w- c:\program files\Wireshark
2010-01-11 22:24 . 2010-01-11 22:24 -------- d-----w- c:\users\DRS\AppData\Roaming\Ethereal
2010-01-11 22:14 . 2010-01-19 10:46 -------- d-----w- c:\program files\Ethereal
2010-01-10 14:38 . 2010-01-10 14:38 -------- d-----w- c:\users\DRS\AppData\Local\Thunderbird
2010-01-10 14:38 . 2010-01-10 14:38 -------- d-----w- c:\users\DRS\AppData\Roaming\Thunderbird
2010-01-10 14:36 . 2010-01-10 14:37 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-08 21:44 . 2010-01-24 11:51 -------- d-----w- c:\windows\system32\wbem\repository
2010-01-07 14:39 . 2010-01-07 14:38 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-01-07 14:38 . 2010-01-07 14:38 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-07 14:38 . 2010-01-07 14:38 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-07 14:38 . 2010-01-07 14:38 -------- d-----w- c:\users\DRS\AppData\Local\PunkBuster
2010-01-07 14:35 . 2010-01-07 14:35 -------- d-----w- c:\users\DRS\AppData\Roaming\Leadertech
2010-01-07 14:30 . 2010-01-07 14:30 -------- d-----w- c:\program files\EA Games
2010-01-06 16:44 . 2010-01-06 16:44 -------- d-----w- c:\program files\THQ
2010-01-02 13:03 . 2010-01-02 13:03 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-01-02 13:02 . 2010-01-02 13:02 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2009-12-27 15:39 . 2009-12-27 15:39 -------- d-----w- c:\program files\NetSetMan
2009-12-27 12:09 . 2009-12-27 12:09 2174976 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{79B79713-6AF8-4062-B396-6DE1E50ED6D7}-WDDriveInfo.exe
2009-12-27 11:59 . 2009-12-27 11:59 15360 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{105F72A1-39E1-B1A8-59C1-DDFF229C7319}-XMLSettings.dll
2009-12-26 23:33 . 2010-01-08 21:38 -------- d-----w- c:\users\DRS\AppData\Local\RapidSharing.eu
2009-12-25 13:00 . 2009-12-25 13:01 -------- d-----w- c:\program files\The KMPlayer

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 11:55 . 2009-07-14 08:44 687972 ----a-w- c:\windows\system32\perfh005.dat
2010-01-24 11:55 . 2009-07-14 08:44 143212 ----a-w- c:\windows\system32\perfc005.dat
2010-01-19 10:56 . 2010-01-19 10:56 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-01-19 10:46 . 2009-11-13 11:18 -------- d-----w- c:\users\DRS\AppData\Roaming\GHISLER
2010-01-19 10:46 . 2009-11-13 10:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-18 23:02 . 2009-11-17 18:56 -------- d-----w- c:\users\DRS\AppData\Roaming\FileZilla
2010-01-03 18:31 . 2010-01-03 18:31 -------- d--h--w- c:\programdata\CanonBJ
2009-12-30 23:13 . 2009-12-24 20:59 -------- d-----w- c:\users\DRS\AppData\Roaming\MyPhoneExplorer
2009-12-26 23:29 . 2009-11-17 22:32 -------- d-----w- c:\program files\Rapget
2009-12-25 10:46 . 2009-12-25 10:46 -------- d-----w- c:\users\DRS\AppData\Roaming\Western Digital
2009-12-25 10:45 . 2009-12-25 10:45 -------- d-----w- c:\programdata\Western Digital
2009-12-25 10:45 . 2009-12-25 10:45 -------- d-----w- c:\program files\Western Digital
2009-12-24 20:59 . 2009-12-24 20:59 -------- d-----w- c:\program files\MyPhoneExplorer
2009-12-23 00:17 . 2009-12-23 00:17 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2009-12-23 00:17 . 2009-12-23 00:17 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-17 01:30 . 2009-11-19 18:50 -------- d-----w- c:\users\DRS\AppData\Roaming\Skype
2009-12-16 23:36 . 2009-11-19 18:52 -------- d-----w- c:\users\DRS\AppData\Roaming\skypePM
2009-12-15 02:32 . 2009-12-15 00:00 -------- d-----w- c:\users\DRS\AppData\Roaming\Nitro PDF
2009-12-15 02:07 . 2009-11-13 09:17 88776 ----a-w- c:\users\DRS\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-15 00:28 . 2009-12-15 00:28 -------- d-----w- c:\users\DRS\AppData\Roaming\Corel
2009-12-15 00:26 . 2009-12-15 00:26 -------- d-----w- c:\program files\Corel
2009-12-14 23:59 . 2009-12-14 23:59 -------- d-----w- c:\programdata\Nitro PDF
2009-12-14 23:59 . 2009-12-14 23:59 -------- d-----w- c:\program files\Nitro PDF
2009-12-14 23:59 . 2009-12-14 23:59 -------- d-----w- c:\program files\Common Files\Nitro PDF
2009-12-14 23:51 . 2009-12-14 23:51 -------- d-----w- c:\users\DRS\AppData\Roaming\Downloaded Installations
2009-12-14 19:08 . 2009-12-14 19:08 -------- d-----w- c:\users\DRS\AppData\Roaming\Ahead
2009-12-14 19:08 . 2009-12-14 19:08 -------- d-----w- c:\program files\Ahead
2009-12-14 19:08 . 2009-12-14 19:08 -------- d-----w- c:\program files\Common Files\Ahead
2009-12-14 14:44 . 2009-12-14 14:44 84661 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{E3413287-887E-1158-E7C9-9306EEB90880}-uninstall_plugin.exe
2009-12-13 20:09 . 2009-12-13 20:09 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-12-10 18:29 . 2009-11-15 23:28 -------- d-----w- c:\program files\Opera
2009-12-07 16:01 . 2009-12-07 16:01 -------- d-----w- c:\program files\MSECache
2009-12-07 14:35 . 2009-12-07 14:33 -------- d-----w- c:\program files\DoremiSoft
2009-12-07 14:17 . 2009-12-07 14:15 5 ----a-w- c:\windows\system32\SySatm.dat
2009-12-07 14:15 . 2009-12-07 14:15 -------- d-----w- c:\program files\Crystal Software
2009-12-07 11:16 . 2009-11-13 12:18 -------- d-----w- c:\program files\Java
2009-12-06 21:50 . 2009-12-06 21:45 -------- d-----w- c:\program files\Macromedia
2009-12-06 21:49 . 2009-12-06 21:49 -------- d-----w- c:\program files\Common Files\Macromedia Shared
2009-12-06 21:47 . 2009-12-06 21:47 45056 ----a-r- c:\users\DRS\AppData\Roaming\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe
2009-12-06 21:47 . 2009-12-06 21:45 -------- d-----w- c:\program files\Common Files\Macromedia
2009-12-06 21:45 . 2009-12-06 21:45 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-06 21:44 . 2009-12-06 21:33 -------- d-----w- c:\users\DRS\AppData\Roaming\DAEMON Tools Lite
2009-12-06 21:35 . 2009-12-06 21:34 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-06 21:35 . 2009-12-06 21:35 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-06 21:34 . 2009-12-06 21:33 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-12-01 22:30 . 2009-12-01 22:29 -------- d-----w- c:\program files\PDFCreator
2009-11-27 17:27 . 2009-11-27 17:27 -------- d-----w- c:\users\DRS\AppData\Roaming\TortoiseSVN
2009-11-27 17:15 . 2009-11-27 17:15 -------- d-----w- c:\users\DRS\AppData\Roaming\Subversion
2009-11-27 16:57 . 2009-11-27 16:57 -------- d-----w- c:\program files\TortoiseSVN
2009-11-27 16:57 . 2009-11-27 16:57 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2009-11-19 18:52 . 2009-11-19 18:52 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-11-13 08:44 . 2009-11-13 08:44 0 ----a-w- c:\windows\ativpsrm.bin
2009-11-02 19:42 . 2009-11-13 09:37 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:22 . 2009-11-25 09:59 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-05 17:34 . 2009-11-13 09:34 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-01-24_11.58.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-13 14:11 . 2010-01-24 12:09 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-13 14:11 . 2010-01-24 11:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-13 14:11 . 2010-01-24 12:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-11-13 14:11 . 2010-01-24 11:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-11-13 14:11 . 2010-01-24 12:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-11-13 14:11 . 2010-01-24 11:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-11-13 09:30 . 2010-01-24 11:53 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-13 09:30 . 2010-01-24 12:09 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 02:03 . 2010-01-24 12:06 6815744 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:03 . 2010-01-24 10:09 6815744 c:\windows\System32\SMI\Store\Machine\schema.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}"= "c:\users\DRS\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll" [2009-10-05 150768]

[HKEY_CLASSES_ROOT\clsid\{a55f9c95-2bb1-4ea2-bc77-dfaab78832ce}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2009-10-05 17:34 150768 ----a-w- c:\users\DRS\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\DRS\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-22 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [21.12.2007 8:21 33800]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [14.7.2009 0:52 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [18.8.2009 2:36 176128]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 8:21 468224]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [15.9.2009 10:20 188736]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14.10.2009 14:31 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 9:58 20480]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [13.11.2009 10:10 29472]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\System32\drivers\vwifimp.sys [14.7.2009 0:52 14336]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\System32\drivers\yk62x86.sys [28.9.2009 9:22 315392]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [6.12.2009 22:35 691696]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [13.11.2009 10:14 228408]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\System32\drivers\KMWDFILTER.sys [29.4.2009 15:37 25088]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [6.11.2007 21:22 34064]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\System32\drivers\wdcsam.sys [13.2.2009 12:02 11520]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [15.8.2008 14:47 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\System32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [15.8.2008 14:47 369688]
.
Obsah adresáře 'Naplánované úlohy'

2010-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3551270210-2322570739-85838943-1000Core.job
- c:\users\DRS\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-22 19:01]

2010-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3551270210-2322570739-85838943-1000UA.job
- c:\users\DRS\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-22 19:01]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {EA92DD9A-0D33-48AD-969D-0270EAC5D2CD} = 213.192.40.6,213.192.40.10
FF - ProfilePath - c:\users\DRS\AppData\Roaming\Mozilla\Firefox\Profiles\779c8akr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Mozilla Firefox\components\qippipe.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: c:\users\DRS\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-01-24 13:42:49
ComboFix-quarantined-files.txt 2010-01-24 12:42
ComboFix2.txt 2010-01-24 12:00

Před spuštěním: Volných bajtů: 15 307 874 304
Po spuštění: Volných bajtů: 15 252 758 528

- - End Of File - - A83D78B16F9022D135057308E13A0652

Damned · Příspěvekod **Damned** » 24 led 2010 14:24

Tak to dočistíme.

Odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start-Spustit a zadej Combofix[mezera]/uninstal

Stáhni si T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)

(pozn.Pokud máš AVG nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG, Aviru.)
*****************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All. Zatrhni LOP Check a Purity Check. File age změň na 14 days. Klikni na Run Scan. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj

Drs · Příspěvekod **Drs** » 24 led 2010 14:48

Tak jsem to tam napsal podle tveho navodu, restartovalo se to, dvakrat najela cerna obrazovka, vypnul jsem a zapnul, potreti cerna obrazovka s oknem combofixu, projel ten autoscan, vsechny ty faze, pak ukazal log, najely windows.. Pak jsem zkusil napsat /uninstall se dvema l a odinstalovalo se to. Dal jsem nic nedelal, Tcleaner ani OTL jsem zatim nepoustel, mam?

tady je ten posledni log z comba:

ComboFix 10-01-23.05 - DRS 24.01.2010 14:34:20.3.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.3067.2087 [GMT 1:00]
Spuštěný z: c:\users\DRS\Desktop\ComboFix.exe
Použité ovládací přepínače :: /uninstal
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-24 do 2010-01-24 )))))))))))))))))))))))))))))))
.

2010-01-24 13:40 . 2010-01-24 13:40 -------- d-----w- c:\users\DRS\AppData\Local\temp
2010-01-24 13:40 . 2010-01-24 13:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-24 13:40 . 2010-01-24 13:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-24 10:35 . 2010-01-24 10:35 -------- d-----w- c:\users\DRS\AppData\Roaming\Malwarebytes
2010-01-24 10:35 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-24 10:35 . 2010-01-24 10:35 -------- d-----w- c:\programdata\Malwarebytes
2010-01-24 10:35 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-24 10:35 . 2010-01-24 10:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-22 09:52 . 2009-12-19 09:02 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-19 10:56 . 2010-01-19 10:56 -------- d-----w- c:\program files\Synaptics
2010-01-19 10:51 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-19 10:51 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-16 01:30 . 2010-01-19 10:46 -------- d-----w- c:\program files\CCleaner
2010-01-11 22:42 . 2010-01-17 14:20 -------- d-----w- c:\users\DRS\AppData\Roaming\Wireshark
2010-01-11 22:42 . 2010-01-19 10:46 -------- d-----w- c:\program files\WinPcap
2010-01-11 22:40 . 2010-01-19 10:47 -------- d-----w- c:\program files\Wireshark
2010-01-11 22:24 . 2010-01-11 22:24 -------- d-----w- c:\users\DRS\AppData\Roaming\Ethereal
2010-01-11 22:14 . 2010-01-19 10:46 -------- d-----w- c:\program files\Ethereal
2010-01-10 14:38 . 2010-01-10 14:38 -------- d-----w- c:\users\DRS\AppData\Local\Thunderbird
2010-01-10 14:38 . 2010-01-10 14:38 -------- d-----w- c:\users\DRS\AppData\Roaming\Thunderbird
2010-01-10 14:36 . 2010-01-10 14:37 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-08 21:44 . 2010-01-24 13:33 -------- d-----w- c:\windows\system32\wbem\repository
2010-01-07 14:39 . 2010-01-07 14:38 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-01-07 14:38 . 2010-01-07 14:38 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-07 14:38 . 2010-01-07 14:38 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-07 14:38 . 2010-01-07 14:38 -------- d-----w- c:\users\DRS\AppData\Local\PunkBuster
2010-01-07 14:35 . 2010-01-07 14:35 -------- d-----w- c:\users\DRS\AppData\Roaming\Leadertech
2010-01-07 14:30 . 2010-01-07 14:30 -------- d-----w- c:\program files\EA Games
2010-01-06 16:44 . 2010-01-06 16:44 -------- d-----w- c:\program files\THQ
2010-01-02 13:03 . 2010-01-02 13:03 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-01-02 13:02 . 2010-01-02 13:02 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2009-12-27 15:39 . 2009-12-27 15:39 -------- d-----w- c:\program files\NetSetMan
2009-12-27 12:09 . 2009-12-27 12:09 2174976 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{79B79713-6AF8-4062-B396-6DE1E50ED6D7}-WDDriveInfo.exe
2009-12-27 11:59 . 2009-12-27 11:59 15360 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{105F72A1-39E1-B1A8-59C1-DDFF229C7319}-XMLSettings.dll
2009-12-26 23:33 . 2010-01-08 21:38 -------- d-----w- c:\users\DRS\AppData\Local\RapidSharing.eu

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 13:37 . 2009-07-14 08:44 687972 ----a-w- c:\windows\system32\perfh005.dat
2010-01-24 13:37 . 2009-07-14 08:44 143212 ----a-w- c:\windows\system32\perfc005.dat
2010-01-19 10:56 . 2010-01-19 10:56 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-01-19 10:46 . 2009-11-13 11:18 -------- d-----w- c:\users\DRS\AppData\Roaming\GHISLER
2010-01-19 10:46 . 2009-11-13 10:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-18 23:02 . 2009-11-17 18:56 -------- d-----w- c:\users\DRS\AppData\Roaming\FileZilla
2010-01-03 18:31 . 2010-01-03 18:31 -------- d--h--w- c:\programdata\CanonBJ
2009-12-30 23:13 . 2009-12-24 20:59 -------- d-----w- c:\users\DRS\AppData\Roaming\MyPhoneExplorer
2009-12-26 23:29 . 2009-11-17 22:32 -------- d-----w- c:\program files\Rapget
2009-12-25 13:01 . 2009-12-25 13:00 -------- d-----w- c:\program files\The KMPlayer
2009-12-25 10:46 . 2009-12-25 10:46 -------- d-----w- c:\users\DRS\AppData\Roaming\Western Digital
2009-12-25 10:45 . 2009-12-25 10:45 -------- d-----w- c:\programdata\Western Digital
2009-12-25 10:45 . 2009-12-25 10:45 -------- d-----w- c:\program files\Western Digital
2009-12-24 20:59 . 2009-12-24 20:59 -------- d-----w- c:\program files\MyPhoneExplorer
2009-12-23 00:17 . 2009-12-23 00:17 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2009-12-23 00:17 . 2009-12-23 00:17 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-17 01:30 . 2009-11-19 18:50 -------- d-----w- c:\users\DRS\AppData\Roaming\Skype
2009-12-16 23:36 . 2009-11-19 18:52 -------- d-----w- c:\users\DRS\AppData\Roaming\skypePM
2009-12-15 02:32 . 2009-12-15 00:00 -------- d-----w- c:\users\DRS\AppData\Roaming\Nitro PDF
2009-12-15 02:07 . 2009-11-13 09:17 88776 ----a-w- c:\users\DRS\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-15 00:28 . 2009-12-15 00:28 -------- d-----w- c:\users\DRS\AppData\Roaming\Corel
2009-12-15 00:26 . 2009-12-15 00:26 -------- d-----w- c:\program files\Corel
2009-12-14 23:59 . 2009-12-14 23:59 -------- d-----w- c:\programdata\Nitro PDF
2009-12-14 23:59 . 2009-12-14 23:59 -------- d-----w- c:\program files\Nitro PDF
2009-12-14 23:59 . 2009-12-14 23:59 -------- d-----w- c:\program files\Common Files\Nitro PDF
2009-12-14 23:51 . 2009-12-14 23:51 -------- d-----w- c:\users\DRS\AppData\Roaming\Downloaded Installations
2009-12-14 19:08 . 2009-12-14 19:08 -------- d-----w- c:\users\DRS\AppData\Roaming\Ahead
2009-12-14 19:08 . 2009-12-14 19:08 -------- d-----w- c:\program files\Ahead
2009-12-14 19:08 . 2009-12-14 19:08 -------- d-----w- c:\program files\Common Files\Ahead
2009-12-14 14:44 . 2009-12-14 14:44 84661 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{E3413287-887E-1158-E7C9-9306EEB90880}-uninstall_plugin.exe
2009-12-13 20:09 . 2009-12-13 20:09 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-12-10 18:29 . 2009-11-15 23:28 -------- d-----w- c:\program files\Opera
2009-12-07 16:01 . 2009-12-07 16:01 -------- d-----w- c:\program files\MSECache
2009-12-07 14:35 . 2009-12-07 14:33 -------- d-----w- c:\program files\DoremiSoft
2009-12-07 14:17 . 2009-12-07 14:15 5 ----a-w- c:\windows\system32\SySatm.dat
2009-12-07 14:15 . 2009-12-07 14:15 -------- d-----w- c:\program files\Crystal Software
2009-12-07 11:16 . 2009-11-13 12:18 -------- d-----w- c:\program files\Java
2009-12-06 21:50 . 2009-12-06 21:45 -------- d-----w- c:\program files\Macromedia
2009-12-06 21:49 . 2009-12-06 21:49 -------- d-----w- c:\program files\Common Files\Macromedia Shared
2009-12-06 21:47 . 2009-12-06 21:47 45056 ----a-r- c:\users\DRS\AppData\Roaming\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe
2009-12-06 21:47 . 2009-12-06 21:45 -------- d-----w- c:\program files\Common Files\Macromedia
2009-12-06 21:45 . 2009-12-06 21:45 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-06 21:44 . 2009-12-06 21:33 -------- d-----w- c:\users\DRS\AppData\Roaming\DAEMON Tools Lite
2009-12-06 21:35 . 2009-12-06 21:34 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-06 21:35 . 2009-12-06 21:35 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-06 21:34 . 2009-12-06 21:33 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-12-01 22:30 . 2009-12-01 22:29 -------- d-----w- c:\program files\PDFCreator
2009-11-27 17:27 . 2009-11-27 17:27 -------- d-----w- c:\users\DRS\AppData\Roaming\TortoiseSVN
2009-11-27 17:15 . 2009-11-27 17:15 -------- d-----w- c:\users\DRS\AppData\Roaming\Subversion
2009-11-27 16:57 . 2009-11-27 16:57 -------- d-----w- c:\program files\TortoiseSVN
2009-11-27 16:57 . 2009-11-27 16:57 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2009-11-19 18:52 . 2009-11-19 18:52 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-11-13 08:44 . 2009-11-13 08:44 0 ----a-w- c:\windows\ativpsrm.bin
2009-11-02 19:42 . 2009-11-13 09:37 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:22 . 2009-11-25 09:59 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-05 17:34 . 2009-11-13 09:34 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-01-24_11.58.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-13 11:28 . 2010-01-24 12:48 29902 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-01-24 13:34 39846 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-11-13 09:30 . 2010-01-24 11:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-13 09:30 . 2010-01-24 13:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-13 09:30 . 2010-01-24 11:53 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-13 09:30 . 2010-01-24 13:35 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-13 09:30 . 2010-01-24 13:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-13 09:30 . 2010-01-24 11:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-13 09:30 . 2010-01-24 11:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-13 09:30 . 2010-01-24 13:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-13 14:11 . 2010-01-24 11:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-13 14:11 . 2010-01-24 13:11 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-13 14:11 . 2010-01-24 13:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-11-13 14:11 . 2010-01-24 11:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-11-13 14:11 . 2010-01-24 13:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-11-13 14:11 . 2010-01-24 11:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-11-13 09:30 . 2010-01-24 13:35 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-13 09:30 . 2010-01-24 11:53 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-13 09:30 . 2010-01-24 11:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-13 09:30 . 2010-01-24 13:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-13 09:19 . 2010-01-24 13:34 4752 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3551270210-2322570739-85838943-1000_UserData.bin
- 2009-11-13 08:54 . 2010-01-24 11:50 2458 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2009-11-13 08:54 . 2010-01-24 13:28 2458 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2010-01-24 11:50 . 2010-01-24 11:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-01-24 13:29 . 2010-01-24 13:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-01-24 11:50 . 2010-01-24 11:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-24 13:29 . 2010-01-24 13:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:05 . 2010-01-24 11:55 672502 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-01-24 13:37 672502 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-01-24 11:55 127970 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2010-01-24 13:37 127970 c:\windows\System32\perfc009.dat
- 2009-07-14 02:03 . 2010-01-24 10:09 6815744 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:03 . 2010-01-24 12:59 6815744 c:\windows\System32\SMI\Store\Machine\schema.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}"= "c:\users\DRS\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll" [2009-10-05 150768]

[HKEY_CLASSES_ROOT\clsid\{a55f9c95-2bb1-4ea2-bc77-dfaab78832ce}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2009-10-05 17:34 150768 ----a-w- c:\users\DRS\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\DRS\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-22 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [21.12.2007 8:21 33800]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [14.7.2009 0:52 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [18.8.2009 2:36 176128]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 8:21 468224]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [15.9.2009 10:20 188736]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14.10.2009 14:31 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 9:58 20480]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [13.11.2009 10:10 29472]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\System32\drivers\vwifimp.sys [14.7.2009 0:52 14336]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\System32\drivers\yk62x86.sys [28.9.2009 9:22 315392]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [6.12.2009 22:35 691696]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [13.11.2009 10:14 228408]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\System32\drivers\KMWDFILTER.sys [29.4.2009 15:37 25088]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [6.11.2007 21:22 34064]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\System32\drivers\wdcsam.sys [13.2.2009 12:02 11520]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [15.8.2008 14:47 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\System32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [15.8.2008 14:47 369688]
.
Obsah adresáře 'Naplánované úlohy'

2010-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3551270210-2322570739-85838943-1000Core.job
- c:\users\DRS\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-22 19:01]

2010-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3551270210-2322570739-85838943-1000UA.job
- c:\users\DRS\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-22 19:01]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {EA92DD9A-0D33-48AD-969D-0270EAC5D2CD} = 213.192.40.6,213.192.40.10
FF - ProfilePath - c:\users\DRS\AppData\Roaming\Mozilla\Firefox\Profiles\779c8akr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\program files\Mozilla Firefox\components\qippipe.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: c:\users\DRS\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-01-24 14:42:11
ComboFix-quarantined-files.txt 2010-01-24 13:42
ComboFix2.txt 2010-01-24 12:42
ComboFix3.txt 2010-01-24 12:00

Před spuštěním: Volných bajtů: 15 340 183 552
Po spuštění: Volných bajtů: 15 260 008 448

- - End Of File - - 53B058DF06A7C56C2DAE4713455E4605

Damned · Příspěvekod **Damned** » 24 led 2010 15:07

Chtěl jsem Odinstalovat ComboFix a stáhnou OTL .

Přečti si to ještě jednou a udělej. Pokud nejde ComboFix odinstalovat, napiš mi to.
Ale on půjde, že? :idea:

V uninstall jsou totiž 2 "l" :blush:

log z HJT - win7 občas nenaběhnou Vyřešeno

log z HJT - win7 občas nenaběhnou

Re: log z HJT - win7 občas nenaběhnou

Re: log z HJT - win7 občas nenaběhnou

Re: log z HJT - win7 občas nenaběhnou

Re: log z HJT - win7 občas nenaběhnou

Re: log z HJT - win7 občas nenaběhnou

Re: log z HJT - win7 občas nenaběhnou

Re: log z HJT - win7 občas nenaběhnou

Re: log z HJT - win7 občas nenaběhnou

Re: log z HJT - win7 občas nenaběhnou

Re: log z HJT - win7 občas nenaběhnou

Re: log z HJT - win7 občas nenaběhnou

Kdo je online