Problém se samovypínáním- prosím o radu+kontrolu logu Vyřešeno

[DarthM]

Zdravím,
od včerejška mám problém s notebookem. Po zapnutí najede windows (vista) a skoro ihned se objeví i černá tabulka C:/windows/(něco) shutdown a notebook se asi po 10 vteřinách vypne.

Stáhl jsem si a nainstaloval také HiJackThis, ale po spuštění scanu se objeví nápis:
"For some reason your system denied write access to the Host file. If any hijacked domains are in this file, HijakThis may NOT be able to fix this. If that happens, you need to edit the file yourself. To do this, click start, run and type: notepad C:/windows/system32/drivers/etc/hosts and press enter. Find the line(s) HijackThis reports and delete them. Save the file as ´hosts.´ (with quotes), and reboot.
For Vista: Simply, exit hijack this, right click on the hijackthis icon, choose ´run as administrator´.

Po dokončení scanování se ani neuloží výpis z logu.

Nevíte prosím, co s tím? Až zjistím, jak na to, hodím sem i ten výpis.
Díky za radu.....

edit: problém s výpisem vyřešen, tady je.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:14:43, on 13.6.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Update ESET's licence.lnk = C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe
O4 - Global Startup: Update ESET's license.lnk = C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe
O4 - Global Startup: WOW.bat
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Hledání panelu &AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\cs-CZ\local\search.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 10487 bytes

[Reklama]

[skunkicz]

fixnul bysh asik

Kód: Vybrat vše

R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll


btw. víš co je tohle ??? je to něco co sisi sam zapl ? pokud ne tak taky fixnout

Kód: Vybrat vše

O4 - Global Startup: WOW.bat


[DarthM]

Včera jsem pravděpodobně neúmyslně stáhl nějaký vir nebo program, který mi tam teď dělá paseku tím, že po najetí do windows se mi cca po těch 10 vteřinách objeví ta tabulka a za chvíli se notebook vypne.

Ok, tak toto všechno fix?-->>>

R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O4 - Global Startup: WOW.bat -> nevím, co by to mohlo být

[bledulka]

Ahoj, než přijde kolega

1. Nabootuj do nouzového režimu ( po restartu mačkej F8 - nouzový režim s prací v síti)



2.
Spustíš program HJT
-klikni na tlačítko Do a system scan and save a logfile
-Vyběhne tabulka, na začátku každého řádku je čtvereček.
-U řádku , který jsem označila, dáš do čtverečku
fajfku

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - Global Startup: Update ESET's licence.lnk = C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe
O4 - Global Startup: Update ESET's license.lnk = C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe
O4 - Global Startup: WOW.bat


-nakonec zmáčkneš tlačítko Fix checked


3. Odinstaluj ten nelegální ESET a dej si něco free, třeba aviru nebo Avast. Nelegální Nod tě neochrání.



4. Stáhni na plochu ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Před použitím vypni všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
-Zavři všechna aktivní okna a spusť ho pod učtem s právy administrátora
- Po spuštění se zobrazí podmínky použití, potvrď je stiskem tlačítka Ano

- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna

- Po dokončení skenování, se vytvoří log C:\ComboFix.txt, zkopíruj celý jeho obsah sem.

[DarthM]

Done....
zde je obsah logu z ComboFixu:

ComboFix 10-06-13.04 - DarthMapiik 14.06.2010 13:03:32.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3068.1878 [GMT 2:00]
Spuštěný z: c:\users\DarthMapiik\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((( Soubory vytvořené od 2010-05-14 do 2010-06-14 )))))))))))))))))))))))))))))))
.

2010-06-14 11:08 . 2010-06-14 11:08 -------- d-----w- c:\users\DarthMapiik\AppData\Local\temp
2010-06-14 11:08 . 2010-06-14 11:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-14 11:08 . 2010-06-14 11:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-13 15:47 . 2010-06-13 15:47 388096 ----a-r- c:\users\DarthMapiik\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-13 15:47 . 2010-06-13 15:47 -------- d-----w- c:\program files\Trend Micro
2010-06-12 18:53 . 2010-06-12 18:54 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-05-25 17:50 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-14 10:35 . 2008-12-12 16:22 93035 ----a-w- c:\programdata\nvModes.dat
2010-06-14 10:33 . 2008-10-09 23:19 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-12 18:59 . 2009-06-06 14:22 -------- d-----w- c:\program files\World of Warcraft
2010-06-10 18:36 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-09 10:34 . 2009-02-07 14:28 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-08 21:00 . 2009-04-12 15:42 -------- d-----w- c:\users\DarthMapiik\AppData\Roaming\BSplayer PRO
2010-06-02 16:21 . 2009-02-10 16:24 -------- d-----w- c:\users\DarthMapiik\AppData\Roaming\Skype
2010-06-02 16:00 . 2008-12-25 17:06 -------- d-----w- c:\users\DarthMapiik\AppData\Roaming\skypePM
2010-05-26 17:06 . 2010-06-09 23:03 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 23:03 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-13 01:44 . 2008-08-25 16:52 602086 ----a-w- c:\windows\system32\perfh005.dat
2010-05-13 01:44 . 2008-08-25 16:52 116182 ----a-w- c:\windows\system32\perfc005.dat
2010-05-12 09:21 . 2009-10-02 21:33 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 19:15 . 2010-06-09 23:03 834048 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37 . 2010-06-09 23:03 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-01 14:13 . 2010-06-09 23:03 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-15 16:49 . 2010-05-31 09:03 1335048 ----a-w- c:\windows\Help\OEM\scripts\SamsungHDDFW1HC.exe
2010-04-08 14:48 . 2010-05-31 09:03 18184 ----a-w- c:\windows\Help\OEM\scripts\HPHC_BUY_BATTERY.exe
2010-04-08 14:48 . 2010-05-31 09:03 17160 ----a-w- c:\windows\Help\OEM\scripts\HPHCDisableObject.exe
2010-04-06 15:52 . 2010-05-31 09:03 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_Launch.exe
2010-04-05 17:01 . 2010-06-09 23:03 67072 ----a-w- c:\windows\system32\asycfilt.dll
2008-12-13 16:26 . 2008-12-13 16:26 22 --sha-w- c:\windows\SMINST\HPCD.sys
2008-08-25 16:57 . 2008-08-25 16:54 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-12 699456]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-25 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-14 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-14 92704]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f1,5d,29,74,2f,35,ca,01

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-06-06 721904]
R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2006-11-02 9216]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-27 77824]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-05-14 38240]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-04-27 599344]
S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [2008-06-10 280320]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-08 96856]
S3 NETw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-14 43552]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-04-27 40752]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-05-31 c:\windows\Tasks\HPCeeScheduleForDarthMapiik.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-25 13:14]

2010-06-13 c:\windows\Tasks\User_Feed_Synchronization-{714C6C7C-6E08-4D31-A69A-0A12806FECDD}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Hledání panelu &AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\cs-CZ\local\search.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\DarthMapiik\AppData\Roaming\Mozilla\Firefox\Profiles\qfixrn77.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-14 13:08
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3318421249-2765219606-1610843266-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:08,31,54,20,cd,50,63,43,10,ce,ae,8f,dd,36,c7,36,dd,80,1c,63,e7,
d9,6b,f3,20,68,82,1f,bd,de,9b,c4,43,e5,9d,66,6f,b6,6b,b3,64,44,45,cb,42,5f,\
"rkeysecu"=hex:ad,d5,33,c8,6c,09,84,4e,ab,12,58,4a,94,03,c2,8e
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(804)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btmmhook.dll
.
Celkový čas: 2010-06-14 13:11:28
ComboFix-quarantined-files.txt 2010-06-14 11:11

Před spuštěním: Volných bajtů: 129 294 700 544
Po spuštění: Volných bajtů: 129 245 532 160

- - End Of File - - 4EA549DBB1B274B49C81C21BD285FF9B

[bledulka]

Co počítač, stále se restartuje?
Prosím tě dej si vyhledat tento soubor WOW.bat, a otevři ho v notepadu, obsah vlož zde.

[DarthM]

Ne, už jsem ho restartoval a zdá se, že problémy nejsou.
btw. zkoušel jsem ten soubor WOW.bat vyhledat, ale asi už ho smazal HiJackFix, protože ho vyhledávač nenašel.

Pokud v logu z ComboFixu není nic v nepořádku, tak už to snad bude ok :)....díky moc za radu

[bledulka]

HJT maže pouze záznam v regisru, ne soubor, pokud mu k tomu nedám přímo příkaz.
Raději ho ještě najdeme, jestli nejsi proti.


StáhniSystemLook
http://jpshortstuff.247fixes.com/SystemLook.exe

- ulož ho na plochu a spusť.
- do okénka zkopíruj

Kód: Vybrat vše

:filefind
WOW.bat



- klikni na Look, proběhne sken, na konci se zobrazí log, jehož obsah zkopíruješ sem

[DarthM]

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 19:53 on 14/06/2010 by DarthMapiik (Administrator - Elevation successful)

========== filefind ==========

Searching for "WOW.bat"
No files found.

-=End Of File=-


asi nic?

[bledulka]

Není tam.

Combofix přesuň na plochu
-otevři si Poznámkový blok
-Do něj zkopíruj text z tohoto okénka

Kód: Vybrat vše

Driver::
NOD32FiXTemDono

 


-vytvořený TXT soubor ulož jako CFScript.txt na plochu a levým myšítkem přesuň nad ikonu Combofixu, kde ho upustíš

-Po proběhnutí skenu a ukončení combofixu by se měl objevit log, vlož ho zde.

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

[DarthM]

Omlouvám se za prodlevu. Nebyl jsem teď dlouho doma.

Tady je ten log..podle instrukcí.

ComboFix 10-07-07.02 - DarthMapiik 08.07.2010 17:51:44.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3068.1844 [GMT 2:00]
Spuštěný z: c:\users\DarthMapiik\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\DarthMapiik\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NOD32FiXTemDono


((((((((((((((((((((((((( Soubory vytvořené od 2010-06-08 do 2010-07-08 )))))))))))))))))))))))))))))))
.

2010-07-07 20:44 . 2010-07-07 20:44 -------- d-----w- c:\users\DarthMapiik\AppData\Roaming\Ubisoft
2010-07-07 20:38 . 2010-07-07 20:38 -------- d-----w- c:\programdata\Ubisoft
2010-07-07 20:25 . 2010-07-07 20:25 -------- d-----w- c:\program files\Ubisoft
2010-06-25 22:20 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-25 22:20 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-25 22:20 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-25 22:20 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-25 22:20 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-24 14:31 . 2010-06-24 14:31 -------- d-----w- c:\users\DarthMapiik\AppData\Local\Blizzard Entertainment
2010-06-24 01:00 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-24 01:00 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-22 14:15 . 2010-06-22 14:15 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-14 10:40 . 2010-06-14 10:40 -------- d-----w- c:\users\DarthMapiik\AppData\Local\ESET
2010-06-13 15:47 . 2010-06-13 15:47 -------- d-----w- c:\program files\Trend Micro
2010-06-12 18:53 . 2010-06-12 18:54 -------- d-----w- c:\programdata\Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-08 16:01 . 2008-12-12 16:22 93035 ----a-w- c:\programdata\nvModes.dat
2010-07-08 15:59 . 2008-10-09 23:19 12 ----a-w- c:\windows\bthservsdp.dat
2010-07-08 14:14 . 2009-02-10 16:24 -------- d-----w- c:\users\DarthMapiik\AppData\Roaming\Skype
2010-07-08 14:03 . 2008-12-25 17:06 -------- d-----w- c:\users\DarthMapiik\AppData\Roaming\skypePM
2010-07-07 20:25 . 2008-08-25 07:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-03 09:39 . 2009-10-08 12:50 -------- d-----w- c:\users\DarthMapiik\AppData\Roaming\HpUpdate
2010-06-13 15:47 . 2010-06-13 15:47 388096 ----a-r- c:\users\DarthMapiik\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-12 18:59 . 2009-06-06 14:22 -------- d-----w- c:\program files\World of Warcraft
2010-06-10 18:36 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-09 10:34 . 2009-02-07 14:28 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-08 21:00 . 2009-04-12 15:42 -------- d-----w- c:\users\DarthMapiik\AppData\Roaming\BSplayer PRO
2010-05-26 17:06 . 2010-06-09 23:03 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 23:03 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-02 21:33 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-13 01:44 . 2008-08-25 16:52 602086 ----a-w- c:\windows\system32\perfh005.dat
2010-05-13 01:44 . 2008-08-25 16:52 116182 ----a-w- c:\windows\system32\perfc005.dat
2010-05-04 19:15 . 2010-06-09 23:03 834048 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37 . 2010-06-09 23:03 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-01 14:13 . 2010-06-09 23:03 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 14:13 . 2010-05-25 17:50 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 16:43 . 2010-06-24 01:00 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-24 01:00 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-24 01:00 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-24 01:00 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-04-15 16:49 . 2010-05-31 09:03 1335048 ----a-w- c:\windows\Help\OEM\scripts\SamsungHDDFW1HC.exe
2008-12-13 16:26 . 2008-12-13 16:26 22 --sha-w- c:\windows\SMINST\HPCD.sys
2008-08-25 16:57 . 2008-08-25 16:54 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-12 699456]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-25 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-14 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-14 92704]

c:\users\DarthMapiik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Registration Assassin.LNK - c:\program files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe [2010-7-7 967304]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f1,5d,29,74,2f,35,ca,01

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-06-06 721904]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-27 77824]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-05-14 38240]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-04-27 599344]
S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [2008-06-10 280320]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-08 96856]
S3 NETw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-14 43552]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-04-27 40752]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-07-04 c:\windows\Tasks\HPCeeScheduleForDarthMapiik.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-25 13:14]

2010-07-08 c:\windows\Tasks\User_Feed_Synchronization-{714C6C7C-6E08-4D31-A69A-0A12806FECDD}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Hledání panelu &AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\cs-CZ\local\search.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\DarthMapiik\AppData\Roaming\Mozilla\Firefox\Profiles\qfixrn77.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-08 18:01
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3318421249-2765219606-1610843266-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:08,31,54,20,cd,50,63,43,10,ce,ae,8f,dd,36,c7,36,dd,80,1c,63,e7,
d9,6b,f3,20,68,82,1f,bd,de,9b,c4,43,e5,9d,66,6f,b6,6b,b3,64,44,45,cb,42,5f,\
"rkeysecu"=hex:ad,d5,33,c8,6c,09,84,4e,ab,12,58,4a,94,03,c2,8e
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(720)
c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(2300)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
c:\windows\system32\rundll32.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Celkový čas: 2010-07-08 18:09:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-08 16:09
ComboFix2.txt 2010-06-14 11:11

Před spuštěním: Volných bajtů: 122 745 405 440
Po spuštění: Volných bajtů: 122 673 135 616

- - End Of File - - 09B2EF469EB5284BEA424DB1519E9D02

[jaro3]

Odinstaluj si ESET Smart Security a nainstaluj Aviru , Avast nebo AVG ( vše free)

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\programdata\nvModes.dat
c:\windows\bthservsdp.dat

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT