prosím o kontrolu HJT logu...... Vyřešeno

[John.Ross]

Vkládám log, a moc prosím o kontrolu, možná to bude oříšek...... Notík zlobí, nějak se mi nepozdává... asi stůně..... děkuji.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 14:17:34, on 6.3.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
F:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\System32\wpcumi.exe
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
F:\Program Files\Free Download Manager\fdm.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\explorer.exe
C:\Users\Jakub\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}

\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program

Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program

Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - F:\Program Files\Free

Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health

Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0

\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common

Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Free Download Manager] F:\PROGRA~1\Free Download Manager\fdm.exe -autorun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://F:\PROGRA~1

\Microsoft Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://F:\Program Files\Free

Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://F:\Program

Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://F:\Program

Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://F:\Program Files\Free

Download Manager\dlall.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google

Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

F:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-

5663EE0C6C49} - F:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program

Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-

EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program

Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\Microsoft

Office\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O15 - Trusted Zone: http://*.seznam.cz
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupda ... b_site.cab?

1245357541428
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftup ... b_site.cab?

1245357803219
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -

https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) -

http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -

http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) -

http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D62CDC86-5A44-4B72-984C-157995497023}: NameServer =

213.155.229.197
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program

Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1

\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-

3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation -

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-

Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program

Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32

Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP

Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-

Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32

\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program

Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-

Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32

\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner -

C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program

Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program

Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32

\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program

Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. -

C:\Windows\system32\vfsFPService.exe

--
End of file - 10693 bytes

[Reklama]

[Damned]

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[John.Ross]

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3510
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

6.3.2010 15:01:47
mbam-log-2010-03-06 (15-01-47).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 111253
Uplynulý čas: 5 minute(s), 5 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

[Damned]

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[John.Ross]

ComboFix 10-03-05.05 - Jakub 06.03.2010 15:38:13.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3068.1600 [GMT 1:00]
Spuštěný z: c:\users\Jakub\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Jakub\Documents\cc_20100107_124202.reg
c:\windows\system32\oem13.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-06 do 2010-03-06 )))))))))))))))))))))))))))))))
.

2010-03-06 14:44 . 2010-03-06 14:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-06 13:55 . 2010-03-06 13:55 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-06 13:13 . 2010-03-06 13:13 388096 ----a-r- c:\users\Jakub\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-06 13:13 . 2010-03-06 13:13 -------- d-----w- c:\program files\TrendMicro
2010-02-27 16:51 . 2010-02-27 16:51 -------- d-----w- c:\users\Jakub\AppData\Roaming\AnvSoft
2010-02-27 06:42 . 2010-02-27 06:51 -------- d-----w- c:\users\Jakub\AppData\Roaming\PhoneRemoteControl
2010-02-27 05:36 . 2010-02-27 05:36 -------- d-----w- c:\users\Jakub\AppData\Roaming\GTek
2010-02-26 17:33 . 2010-02-26 17:33 -------- d-----w- c:\users\Jakub\AppData\Local\WinAVI
2010-02-26 17:30 . 2010-02-26 17:31 -------- d-----w- c:\users\Jakub\AppData\Roaming\RVM
2010-02-24 12:47 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 12:46 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 12:46 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 12:46 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 12:46 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 12:46 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 12:46 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 12:46 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 12:46 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 12:46 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 12:46 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 12:46 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 12:46 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-10 13:06 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 13:06 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 13:06 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 13:06 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 13:06 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-10 13:06 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-10 13:05 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 13:05 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 13:05 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 13:05 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 13:05 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 13:05 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 13:05 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 13:05 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-10 13:05 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-10 13:05 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 13:05 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-07 17:16 . 2010-02-07 17:16 -------- d-----w- c:\programdata\FreeDownloadManager.ORG
2010-02-07 11:48 . 2004-08-09 16:43 94208 ----a-w- c:\windows\amcap.exe
2010-02-07 11:47 . 2005-10-26 16:11 53248 ----a-w- c:\windows\vsnpstd3.dll
2010-02-04 17:32 . 2009-11-20 11:08 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-04 17:32 . 2010-02-04 17:32 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-04 17:31 . 2010-02-04 17:31 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-02-04 17:30 . 2010-02-07 12:08 -------- d-----w- c:\programdata\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-06 14:35 . 2009-10-30 20:06 -------- d-----w- c:\users\Jakub\AppData\Roaming\Free Download Manager
2010-03-06 14:23 . 2009-12-30 18:23 -------- d-----w- c:\users\Jakub\AppData\Roaming\Skype
2010-03-06 13:03 . 2009-12-30 18:31 -------- d-----w- c:\users\Jakub\AppData\Roaming\skypePM
2010-03-05 20:54 . 2009-06-30 17:58 48317 ----a-w- c:\programdata\nvModes.dat
2010-03-05 17:20 . 2008-07-03 08:14 602086 ----a-w- c:\windows\system32\perfh005.dat
2010-03-05 17:20 . 2008-07-03 08:14 116182 ----a-w- c:\windows\system32\perfc005.dat
2010-02-28 13:46 . 2009-06-11 12:57 -------- d-----w- c:\users\Jakub\AppData\Roaming\gtk-2.0
2010-02-27 19:22 . 2010-02-27 19:22 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-02-27 04:22 . 2008-07-02 22:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-27 03:42 . 2010-01-18 13:51 -------- d-----w- c:\users\Jakub\AppData\Roaming\Audacity
2010-02-24 18:07 . 2009-06-09 21:29 108472 ----a-w- c:\users\Jakub\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-01 07:49 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-10 14:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-10 13:12 . 2009-10-03 06:02 -------- d-----w- c:\programdata\Microsoft Help
2010-02-07 12:20 . 2010-01-22 22:31 -------- d-----w- c:\program files\Bradbury
2010-02-04 17:34 . 2009-06-09 21:23 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-01 18:46 . 2009-06-09 21:26 -------- d-----w- c:\users\Jakub\AppData\Roaming\Hewlett-Packard
2010-01-26 19:15 . 2010-01-26 19:15 -------- d-----w- c:\program files\TeamViewer
2010-01-23 18:44 . 2010-01-23 18:44 -------- d-----w- c:\program files\QS
2010-01-23 18:44 . 2010-01-23 18:32 -------- d-----w- c:\users\Jakub\AppData\Roaming\TeamViewer
2010-01-22 18:13 . 2009-06-18 20:37 737280 ----a-w- c:\windows\iun6002.exe
2010-01-22 07:35 . 2009-12-09 07:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 10:07 . 2009-06-18 20:37 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-01-13 20:12 . 2010-01-13 20:01 -------- d-----w- c:\program files\PCNetSoftware
2010-01-07 15:07 . 2009-06-28 20:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-06-28 20:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 12:31 . 2009-11-29 21:44 -------- d-----w- c:\program files\Common Files\Real
2010-01-07 11:16 . 2010-01-07 11:16 279172 ----a-w- c:\programdata\eSellerate\eWebClient.dll
2010-01-07 11:16 . 2010-01-07 11:16 -------- d-----w- c:\programdata\eSellerate
2010-01-07 11:16 . 2010-01-07 11:16 -------- d-----w- c:\program files\Common Files\eSellerate
2010-01-06 15:38 . 2010-02-24 12:46 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 12:46 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 12:46 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-24 12:46 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-05 22:19 . 2010-01-05 22:19 -------- d-----w- c:\users\Jakub\AppData\Roaming\NeroDCTemplates
2010-01-02 06:38 . 2010-01-22 07:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 07:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 07:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 07:43 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-31 18:17 . 2009-12-31 18:14 6022144 ----a-w- c:\users\Jakub\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe
2009-12-30 18:31 . 2009-12-30 18:31 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-12-15 23:00 . 2009-07-19 20:54 680 ----a-w- c:\users\Jakub\AppData\Local\d3d9caps.dat
2008-07-03 08:16 . 2008-07-03 08:16 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"Free Download Manager"="f:\progra~1\Free Download Manager\fdm.exe" [2009-01-02 3399727]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-12 699456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2009-03-10 468264]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"GrooveMonitor"="f:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):44,ac,55,4f,22,05,ca,01

R3 ALSysIO;ALSysIO;c:\users\Jakub\AppData\Local\Temp\ALSysIO.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe [2009-03-02 81920]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-02-06 92800]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-01-12 185640]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-03-26 595248]
S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [2008-03-14 280192]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-08-06 44576]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-03-26 40752]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-03-06 c:\windows\Tasks\AWC Startup.job
- f:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-12-28 12:51]

2010-02-27 c:\windows\Tasks\HPCeeScheduleForJakub.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-07-02 13:14]

2010-03-06 c:\windows\Tasks\User_Feed_Synchronization-{00FF7A09-6214-4353-9FD9-E332E29A0F80}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]

2010-03-06 c:\windows\Tasks\User_Feed_Synchronization-{C870AC55-3C57-40FE-97C6-B63B1FF75B57}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - f:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://f:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://f:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://f:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://f:\program files\Free Download Manager\dlall.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: seznam.cz
TCP: {D62CDC86-5A44-4B72-984C-157995497023} = 213.155.229.197
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-AVerMedia A309 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A309 (MiniCard



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-06 15:45
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\DPPWDFLT.dll
.
Celkový čas: 2010-03-06 15:47:35
ComboFix-quarantined-files.txt 2010-03-06 14:47
ComboFix2.txt 2009-06-30 17:36

Před spuštěním: Volných bajtů: 80 098 590 720
Po spuštění: Volných bajtů: 92 170 940 416

- - End Of File - - 5D5242170A8D8BF742238FCD444A8340

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
c:\programdata\ezsidmv.dat
c:\users\Jakub\AppData\Local\d3d9caps.dat
c:\programdata\NOS\Adobe_Downloads\arh.exe
c:\users\Jakub\AppData\Local\Temp\ALSysIO.sys

Folder::
c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller
c:\programdata\NOS

Driver::
ALSysIO;ALSysIO
ALSysIO

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00

Rootkit::
c:\users\Jakub\AppData\Local\Temp\ALSysIO.sys




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

[John.Ross]

Problém...... vše probíhalo jak má, pak notík naběhl do okna, kde žádá přihlášení uživatele (nebo se restartl), přihlásil jsem se otiskem prstu, naběhl, naskočilo i okno combofixu, že vytváří log a 45minut nic, nešlo s ním hnout, nijak jen natvrdo vypnout. připadne mi ted jakoby rozhozený... asi jsem udělal chybu s tím vypnutím.... co teď. Vrátit pc do bodu obnovení před posledním krokem a znovu spustit script??

[Damned]

Najdi v PC texťák s názvem ComboFix.txt nebo Combofix1.txt Combofix2.txt.

[John.Ross]

Jsem tu online.

tohle mi vyhodilo při vyhledání combofix.txt a combofix2.txt totožné dokumenty


ComboFix 10-03-05.05 - Jakub 06.03.2010 15:38:13.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3068.1600 [GMT 1:00]
Spuštěný z: c:\users\Jakub\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Jakub\Documents\cc_20100107_124202.reg
c:\windows\system32\oem13.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-06 do 2010-03-06 )))))))))))))))))))))))))))))))
.

2010-03-06 14:44 . 2010-03-06 14:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-06 13:55 . 2010-03-06 13:55 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-06 13:13 . 2010-03-06 13:13 388096 ----a-r- c:\users\Jakub\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-06 13:13 . 2010-03-06 13:13 -------- d-----w- c:\program files\TrendMicro
2010-02-27 16:51 . 2010-02-27 16:51 -------- d-----w- c:\users\Jakub\AppData\Roaming\AnvSoft
2010-02-27 06:42 . 2010-02-27 06:51 -------- d-----w- c:\users\Jakub\AppData\Roaming\PhoneRemoteControl
2010-02-27 05:36 . 2010-02-27 05:36 -------- d-----w- c:\users\Jakub\AppData\Roaming\GTek
2010-02-26 17:33 . 2010-02-26 17:33 -------- d-----w- c:\users\Jakub\AppData\Local\WinAVI
2010-02-26 17:30 . 2010-02-26 17:31 -------- d-----w- c:\users\Jakub\AppData\Roaming\RVM
2010-02-24 12:47 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 12:46 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 12:46 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 12:46 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 12:46 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 12:46 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 12:46 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 12:46 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 12:46 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 12:46 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 12:46 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 12:46 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 12:46 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-10 13:06 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 13:06 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 13:06 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 13:06 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 13:06 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-10 13:06 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-10 13:05 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 13:05 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 13:05 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 13:05 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 13:05 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 13:05 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 13:05 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 13:05 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-10 13:05 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-10 13:05 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 13:05 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-07 17:16 . 2010-02-07 17:16 -------- d-----w- c:\programdata\FreeDownloadManager.ORG
2010-02-07 11:48 . 2004-08-09 16:43 94208 ----a-w- c:\windows\amcap.exe
2010-02-07 11:47 . 2005-10-26 16:11 53248 ----a-w- c:\windows\vsnpstd3.dll
2010-02-04 17:32 . 2009-11-20 11:08 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-04 17:32 . 2010-02-04 17:32 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-04 17:31 . 2010-02-04 17:31 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-02-04 17:30 . 2010-02-07 12:08 -------- d-----w- c:\programdata\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-06 14:35 . 2009-10-30 20:06 -------- d-----w- c:\users\Jakub\AppData\Roaming\Free Download Manager
2010-03-06 14:23 . 2009-12-30 18:23 -------- d-----w- c:\users\Jakub\AppData\Roaming\Skype
2010-03-06 13:03 . 2009-12-30 18:31 -------- d-----w- c:\users\Jakub\AppData\Roaming\skypePM
2010-03-05 20:54 . 2009-06-30 17:58 48317 ----a-w- c:\programdata\nvModes.dat
2010-03-05 17:20 . 2008-07-03 08:14 602086 ----a-w- c:\windows\system32\perfh005.dat
2010-03-05 17:20 . 2008-07-03 08:14 116182 ----a-w- c:\windows\system32\perfc005.dat
2010-02-28 13:46 . 2009-06-11 12:57 -------- d-----w- c:\users\Jakub\AppData\Roaming\gtk-2.0
2010-02-27 19:22 . 2010-02-27 19:22 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-02-27 04:22 . 2008-07-02 22:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-27 03:42 . 2010-01-18 13:51 -------- d-----w- c:\users\Jakub\AppData\Roaming\Audacity
2010-02-24 18:07 . 2009-06-09 21:29 108472 ----a-w- c:\users\Jakub\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-01 07:49 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-10 14:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-10 13:12 . 2009-10-03 06:02 -------- d-----w- c:\programdata\Microsoft Help
2010-02-07 12:20 . 2010-01-22 22:31 -------- d-----w- c:\program files\Bradbury
2010-02-04 17:34 . 2009-06-09 21:23 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-01 18:46 . 2009-06-09 21:26 -------- d-----w- c:\users\Jakub\AppData\Roaming\Hewlett-Packard
2010-01-26 19:15 . 2010-01-26 19:15 -------- d-----w- c:\program files\TeamViewer
2010-01-23 18:44 . 2010-01-23 18:44 -------- d-----w- c:\program files\QS
2010-01-23 18:44 . 2010-01-23 18:32 -------- d-----w- c:\users\Jakub\AppData\Roaming\TeamViewer
2010-01-22 18:13 . 2009-06-18 20:37 737280 ----a-w- c:\windows\iun6002.exe
2010-01-22 07:35 . 2009-12-09 07:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 10:07 . 2009-06-18 20:37 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-01-13 20:12 . 2010-01-13 20:01 -------- d-----w- c:\program files\PCNetSoftware
2010-01-07 15:07 . 2009-06-28 20:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-06-28 20:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 12:31 . 2009-11-29 21:44 -------- d-----w- c:\program files\Common Files\Real
2010-01-07 11:16 . 2010-01-07 11:16 279172 ----a-w- c:\programdata\eSellerate\eWebClient.dll
2010-01-07 11:16 . 2010-01-07 11:16 -------- d-----w- c:\programdata\eSellerate
2010-01-07 11:16 . 2010-01-07 11:16 -------- d-----w- c:\program files\Common Files\eSellerate
2010-01-06 15:38 . 2010-02-24 12:46 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 12:46 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 12:46 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-24 12:46 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-05 22:19 . 2010-01-05 22:19 -------- d-----w- c:\users\Jakub\AppData\Roaming\NeroDCTemplates
2010-01-02 06:38 . 2010-01-22 07:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 07:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 07:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 07:43 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-31 18:17 . 2009-12-31 18:14 6022144 ----a-w- c:\users\Jakub\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe
2009-12-30 18:31 . 2009-12-30 18:31 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-12-15 23:00 . 2009-07-19 20:54 680 ----a-w- c:\users\Jakub\AppData\Local\d3d9caps.dat
2008-07-03 08:16 . 2008-07-03 08:16 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"Free Download Manager"="f:\progra~1\Free Download Manager\fdm.exe" [2009-01-02 3399727]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-12 699456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2009-03-10 468264]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"GrooveMonitor"="f:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):44,ac,55,4f,22,05,ca,01

R3 ALSysIO;ALSysIO;c:\users\Jakub\AppData\Local\Temp\ALSysIO.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe [2009-03-02 81920]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-02-06 92800]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-01-12 185640]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-03-26 595248]
S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [2008-03-14 280192]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-08-06 44576]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-03-26 40752]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-03-06 c:\windows\Tasks\AWC Startup.job
- f:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-12-28 12:51]

2010-02-27 c:\windows\Tasks\HPCeeScheduleForJakub.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-07-02 13:14]

2010-03-06 c:\windows\Tasks\User_Feed_Synchronization-{00FF7A09-6214-4353-9FD9-E332E29A0F80}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]

2010-03-06 c:\windows\Tasks\User_Feed_Synchronization-{C870AC55-3C57-40FE-97C6-B63B1FF75B57}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - f:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://f:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://f:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://f:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://f:\program files\Free Download Manager\dlall.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: seznam.cz
TCP: {D62CDC86-5A44-4B72-984C-157995497023} = 213.155.229.197
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-AVerMedia A309 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A309 (MiniCard



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-06 15:45
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\DPPWDFLT.dll
.
Celkový čas: 2010-03-06 15:47:35
ComboFix-quarantined-files.txt 2010-03-06 14:47
ComboFix2.txt 2009-06-30 17:36

Před spuštěním: Volných bajtů: 80 098 590 720
Po spuštění: Volných bajtů: 92 170 940 416

- - End Of File - - 5D5242170A8D8BF742238FCD444A8340

[Damned]

Skus tedy znovu ten skript.

Určitě jsou totožné????

[John.Ross]

combofix.txt nalezeno toto:


ComboFix 10-03-05.05 - Jakub 06.03.2010 15:38:13.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3068.1600 [GMT 1:00]
Spuštěný z: c:\users\Jakub\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Jakub\Documents\cc_20100107_124202.reg
c:\windows\system32\oem13.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-06 do 2010-03-06 )))))))))))))))))))))))))))))))
.

2010-03-06 14:44 . 2010-03-06 14:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-06 13:55 . 2010-03-06 13:55 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-06 13:13 . 2010-03-06 13:13 388096 ----a-r- c:\users\Jakub\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-06 13:13 . 2010-03-06 13:13 -------- d-----w- c:\program files\TrendMicro
2010-02-27 16:51 . 2010-02-27 16:51 -------- d-----w- c:\users\Jakub\AppData\Roaming\AnvSoft
2010-02-27 06:42 . 2010-02-27 06:51 -------- d-----w- c:\users\Jakub\AppData\Roaming\PhoneRemoteControl
2010-02-27 05:36 . 2010-02-27 05:36 -------- d-----w- c:\users\Jakub\AppData\Roaming\GTek
2010-02-26 17:33 . 2010-02-26 17:33 -------- d-----w- c:\users\Jakub\AppData\Local\WinAVI
2010-02-26 17:30 . 2010-02-26 17:31 -------- d-----w- c:\users\Jakub\AppData\Roaming\RVM
2010-02-24 12:47 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 12:46 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 12:46 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 12:46 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 12:46 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 12:46 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 12:46 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 12:46 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 12:46 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 12:46 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 12:46 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 12:46 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 12:46 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-10 13:06 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 13:06 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 13:06 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 13:06 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 13:06 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-10 13:06 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-10 13:05 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 13:05 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 13:05 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 13:05 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 13:05 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 13:05 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 13:05 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 13:05 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-10 13:05 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-10 13:05 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 13:05 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-07 17:16 . 2010-02-07 17:16 -------- d-----w- c:\programdata\FreeDownloadManager.ORG
2010-02-07 11:48 . 2004-08-09 16:43 94208 ----a-w- c:\windows\amcap.exe
2010-02-07 11:47 . 2005-10-26 16:11 53248 ----a-w- c:\windows\vsnpstd3.dll
2010-02-04 17:32 . 2009-11-20 11:08 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-04 17:32 . 2010-02-04 17:32 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-04 17:31 . 2010-02-04 17:31 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-02-04 17:30 . 2010-02-07 12:08 -------- d-----w- c:\programdata\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-06 14:35 . 2009-10-30 20:06 -------- d-----w- c:\users\Jakub\AppData\Roaming\Free Download Manager
2010-03-06 14:23 . 2009-12-30 18:23 -------- d-----w- c:\users\Jakub\AppData\Roaming\Skype
2010-03-06 13:03 . 2009-12-30 18:31 -------- d-----w- c:\users\Jakub\AppData\Roaming\skypePM
2010-03-05 20:54 . 2009-06-30 17:58 48317 ----a-w- c:\programdata\nvModes.dat
2010-03-05 17:20 . 2008-07-03 08:14 602086 ----a-w- c:\windows\system32\perfh005.dat
2010-03-05 17:20 . 2008-07-03 08:14 116182 ----a-w- c:\windows\system32\perfc005.dat
2010-02-28 13:46 . 2009-06-11 12:57 -------- d-----w- c:\users\Jakub\AppData\Roaming\gtk-2.0
2010-02-27 19:22 . 2010-02-27 19:22 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-02-27 04:22 . 2008-07-02 22:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-27 03:42 . 2010-01-18 13:51 -------- d-----w- c:\users\Jakub\AppData\Roaming\Audacity
2010-02-24 18:07 . 2009-06-09 21:29 108472 ----a-w- c:\users\Jakub\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-01 07:49 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-10 14:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-10 13:12 . 2009-10-03 06:02 -------- d-----w- c:\programdata\Microsoft Help
2010-02-07 12:20 . 2010-01-22 22:31 -------- d-----w- c:\program files\Bradbury
2010-02-04 17:34 . 2009-06-09 21:23 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-01 18:46 . 2009-06-09 21:26 -------- d-----w- c:\users\Jakub\AppData\Roaming\Hewlett-Packard
2010-01-26 19:15 . 2010-01-26 19:15 -------- d-----w- c:\program files\TeamViewer
2010-01-23 18:44 . 2010-01-23 18:44 -------- d-----w- c:\program files\QS
2010-01-23 18:44 . 2010-01-23 18:32 -------- d-----w- c:\users\Jakub\AppData\Roaming\TeamViewer
2010-01-22 18:13 . 2009-06-18 20:37 737280 ----a-w- c:\windows\iun6002.exe
2010-01-22 07:35 . 2009-12-09 07:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 10:07 . 2009-06-18 20:37 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-01-13 20:12 . 2010-01-13 20:01 -------- d-----w- c:\program files\PCNetSoftware
2010-01-07 15:07 . 2009-06-28 20:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-06-28 20:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 12:31 . 2009-11-29 21:44 -------- d-----w- c:\program files\Common Files\Real
2010-01-07 11:16 . 2010-01-07 11:16 279172 ----a-w- c:\programdata\eSellerate\eWebClient.dll
2010-01-07 11:16 . 2010-01-07 11:16 -------- d-----w- c:\programdata\eSellerate
2010-01-07 11:16 . 2010-01-07 11:16 -------- d-----w- c:\program files\Common Files\eSellerate
2010-01-06 15:38 . 2010-02-24 12:46 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 12:46 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 12:46 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-24 12:46 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-05 22:19 . 2010-01-05 22:19 -------- d-----w- c:\users\Jakub\AppData\Roaming\NeroDCTemplates
2010-01-02 06:38 . 2010-01-22 07:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 07:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 07:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 07:43 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-31 18:17 . 2009-12-31 18:14 6022144 ----a-w- c:\users\Jakub\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe
2009-12-30 18:31 . 2009-12-30 18:31 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-12-15 23:00 . 2009-07-19 20:54 680 ----a-w- c:\users\Jakub\AppData\Local\d3d9caps.dat
2008-07-03 08:16 . 2008-07-03 08:16 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"Free Download Manager"="f:\progra~1\Free Download Manager\fdm.exe" [2009-01-02 3399727]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-12 699456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2009-03-10 468264]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"GrooveMonitor"="f:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):44,ac,55,4f,22,05,ca,01

R3 ALSysIO;ALSysIO;c:\users\Jakub\AppData\Local\Temp\ALSysIO.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe [2009-03-02 81920]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-02-06 92800]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-01-12 185640]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-03-26 595248]
S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [2008-03-14 280192]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-08-06 44576]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-03-26 40752]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-03-06 c:\windows\Tasks\AWC Startup.job
- f:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-12-28 12:51]

2010-02-27 c:\windows\Tasks\HPCeeScheduleForJakub.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-07-02 13:14]

2010-03-06 c:\windows\Tasks\User_Feed_Synchronization-{00FF7A09-6214-4353-9FD9-E332E29A0F80}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]

2010-03-06 c:\windows\Tasks\User_Feed_Synchronization-{C870AC55-3C57-40FE-97C6-B63B1FF75B57}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - f:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://f:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://f:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://f:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://f:\program files\Free Download Manager\dlall.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: seznam.cz
TCP: {D62CDC86-5A44-4B72-984C-157995497023} = 213.155.229.197
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-AVerMedia A309 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A309 (MiniCard



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-06 15:45
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\DPPWDFLT.dll
.
Celkový čas: 2010-03-06 15:47:35
ComboFix-quarantined-files.txt 2010-03-06 14:47
ComboFix2.txt 2009-06-30 17:36

Před spuštěním: Volných bajtů: 80 098 590 720
Po spuštění: Volných bajtů: 92 170 940 416

- - End Of File - - 5D5242170A8D8BF742238FCD444A8340



Combofix1.txt ----- nic nenašel

Combofix2.txt

ComboFix 10-03-05.05 - Jakub 06.03.2010 15:38:13.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3068.1600 [GMT 1:00]
Spuštěný z: c:\users\Jakub\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Jakub\Documents\cc_20100107_124202.reg
c:\windows\system32\oem13.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-06 do 2010-03-06 )))))))))))))))))))))))))))))))
.

2010-03-06 14:44 . 2010-03-06 14:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-06 13:55 . 2010-03-06 13:55 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-06 13:13 . 2010-03-06 13:13 388096 ----a-r- c:\users\Jakub\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-06 13:13 . 2010-03-06 13:13 -------- d-----w- c:\program files\TrendMicro
2010-02-27 16:51 . 2010-02-27 16:51 -------- d-----w- c:\users\Jakub\AppData\Roaming\AnvSoft
2010-02-27 06:42 . 2010-02-27 06:51 -------- d-----w- c:\users\Jakub\AppData\Roaming\PhoneRemoteControl
2010-02-27 05:36 . 2010-02-27 05:36 -------- d-----w- c:\users\Jakub\AppData\Roaming\GTek
2010-02-26 17:33 . 2010-02-26 17:33 -------- d-----w- c:\users\Jakub\AppData\Local\WinAVI
2010-02-26 17:30 . 2010-02-26 17:31 -------- d-----w- c:\users\Jakub\AppData\Roaming\RVM
2010-02-24 12:47 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 12:46 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 12:46 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 12:46 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 12:46 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 12:46 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 12:46 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 12:46 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 12:46 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 12:46 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 12:46 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 12:46 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 12:46 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-10 13:06 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 13:06 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 13:06 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 13:06 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 13:06 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-10 13:06 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-10 13:05 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 13:05 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 13:05 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 13:05 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 13:05 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 13:05 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 13:05 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 13:05 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-10 13:05 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-10 13:05 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 13:05 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-07 17:16 . 2010-02-07 17:16 -------- d-----w- c:\programdata\FreeDownloadManager.ORG
2010-02-07 11:48 . 2004-08-09 16:43 94208 ----a-w- c:\windows\amcap.exe
2010-02-07 11:47 . 2005-10-26 16:11 53248 ----a-w- c:\windows\vsnpstd3.dll
2010-02-04 17:32 . 2009-11-20 11:08 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-04 17:32 . 2010-02-04 17:32 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-04 17:31 . 2010-02-04 17:31 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-02-04 17:30 . 2010-02-07 12:08 -------- d-----w- c:\programdata\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-06 14:35 . 2009-10-30 20:06 -------- d-----w- c:\users\Jakub\AppData\Roaming\Free Download Manager
2010-03-06 14:23 . 2009-12-30 18:23 -------- d-----w- c:\users\Jakub\AppData\Roaming\Skype
2010-03-06 13:03 . 2009-12-30 18:31 -------- d-----w- c:\users\Jakub\AppData\Roaming\skypePM
2010-03-05 20:54 . 2009-06-30 17:58 48317 ----a-w- c:\programdata\nvModes.dat
2010-03-05 17:20 . 2008-07-03 08:14 602086 ----a-w- c:\windows\system32\perfh005.dat
2010-03-05 17:20 . 2008-07-03 08:14 116182 ----a-w- c:\windows\system32\perfc005.dat
2010-02-28 13:46 . 2009-06-11 12:57 -------- d-----w- c:\users\Jakub\AppData\Roaming\gtk-2.0
2010-02-27 19:22 . 2010-02-27 19:22 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-02-27 04:22 . 2008-07-02 22:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-27 03:42 . 2010-01-18 13:51 -------- d-----w- c:\users\Jakub\AppData\Roaming\Audacity
2010-02-24 18:07 . 2009-06-09 21:29 108472 ----a-w- c:\users\Jakub\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-01 07:49 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-10 14:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-10 13:12 . 2009-10-03 06:02 -------- d-----w- c:\programdata\Microsoft Help
2010-02-07 12:20 . 2010-01-22 22:31 -------- d-----w- c:\program files\Bradbury
2010-02-04 17:34 . 2009-06-09 21:23 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-01 18:46 . 2009-06-09 21:26 -------- d-----w- c:\users\Jakub\AppData\Roaming\Hewlett-Packard
2010-01-26 19:15 . 2010-01-26 19:15 -------- d-----w- c:\program files\TeamViewer
2010-01-23 18:44 . 2010-01-23 18:44 -------- d-----w- c:\program files\QS
2010-01-23 18:44 . 2010-01-23 18:32 -------- d-----w- c:\users\Jakub\AppData\Roaming\TeamViewer
2010-01-22 18:13 . 2009-06-18 20:37 737280 ----a-w- c:\windows\iun6002.exe
2010-01-22 07:35 . 2009-12-09 07:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 10:07 . 2009-06-18 20:37 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-01-13 20:12 . 2010-01-13 20:01 -------- d-----w- c:\program files\PCNetSoftware
2010-01-07 15:07 . 2009-06-28 20:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-06-28 20:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 12:31 . 2009-11-29 21:44 -------- d-----w- c:\program files\Common Files\Real
2010-01-07 11:16 . 2010-01-07 11:16 279172 ----a-w- c:\programdata\eSellerate\eWebClient.dll
2010-01-07 11:16 . 2010-01-07 11:16 -------- d-----w- c:\programdata\eSellerate
2010-01-07 11:16 . 2010-01-07 11:16 -------- d-----w- c:\program files\Common Files\eSellerate
2010-01-06 15:38 . 2010-02-24 12:46 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 12:46 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 12:46 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-24 12:46 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-05 22:19 . 2010-01-05 22:19 -------- d-----w- c:\users\Jakub\AppData\Roaming\NeroDCTemplates
2010-01-02 06:38 . 2010-01-22 07:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 07:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 07:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 07:43 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-31 18:17 . 2009-12-31 18:14 6022144 ----a-w- c:\users\Jakub\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe
2009-12-30 18:31 . 2009-12-30 18:31 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-12-15 23:00 . 2009-07-19 20:54 680 ----a-w- c:\users\Jakub\AppData\Local\d3d9caps.dat
2008-07-03 08:16 . 2008-07-03 08:16 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"Free Download Manager"="f:\progra~1\Free Download Manager\fdm.exe" [2009-01-02 3399727]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-12 699456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2009-03-10 468264]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"GrooveMonitor"="f:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):44,ac,55,4f,22,05,ca,01

R3 ALSysIO;ALSysIO;c:\users\Jakub\AppData\Local\Temp\ALSysIO.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe [2009-03-02 81920]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-02-06 92800]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-01-12 185640]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-03-26 595248]
S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [2008-03-14 280192]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-08-06 44576]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-03-26 40752]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-03-06 c:\windows\Tasks\AWC Startup.job
- f:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-12-28 12:51]

2010-02-27 c:\windows\Tasks\HPCeeScheduleForJakub.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-07-02 13:14]

2010-03-06 c:\windows\Tasks\User_Feed_Synchronization-{00FF7A09-6214-4353-9FD9-E332E29A0F80}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]

2010-03-06 c:\windows\Tasks\User_Feed_Synchronization-{C870AC55-3C57-40FE-97C6-B63B1FF75B57}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - f:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://f:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://f:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://f:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://f:\program files\Free Download Manager\dlall.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: seznam.cz
TCP: {D62CDC86-5A44-4B72-984C-157995497023} = 213.155.229.197
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-AVerMedia A309 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A309 (MiniCard



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-06 15:45
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\DPPWDFLT.dll
.
Celkový čas: 2010-03-06 15:47:35
ComboFix-quarantined-files.txt 2010-03-06 14:47
ComboFix2.txt 2009-06-30 17:36

Před spuštěním: Volných bajtů: 80 098 590 720
Po spuštění: Volných bajtů: 92 170 940 416

- - End Of File - - 5D5242170A8D8BF742238FCD444A8340

[Damned]

Odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start-Spustit a zadej Combofix[mezera]/uninstall

Pak si stáhni nový Combofix podle návodu, ulož si ho na Plochu a rovnou přes něj přetáhni ten script.