prosím o kontrolu

[VB]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:55, on 3.1.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\System.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Seznam.cz\postak.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Opera\opera.exe
C:\Users\Vojta\AppData\Local\Opera\Opera\temporary_downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\listicka.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [MSN Messanger] C:\Windows\System.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - Global Startup: JDownloader – zástupce.lnk = C:\Program Files\JDownloader\JDownloader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 7888 bytes

[Unlimited_Killer]

Nějakou potvůrku tam vidím.

~~~

Vložte sem log z ComboFix.

Stáhněte a uložte na Plochu ComboFix, poté ho spusťte s administrátorským oprávněním.
Ještě před spuštěním vypněte rezidentní štít antiviru, či antispywaru.
Po spuštění se Vám zobrazí licenční podmínky, klikněte na 'Ano'. Budete také dotázán na instalaci konzole pro zotavení, klikněte na 'Ano'.
Celý sken bude trvat tak 5-10 minut, v závislosti na tom, kolika soubory se bude CF prodírat. Váš PC bude pravděpodobně restartován, tak se toho neděste. Než úplně skončí sken, nic nedělejte, hlavně neklikejte do spuštěného okna s ComboFixem.
Po skončení skenu na Vás vypadne log, který vkopírujete sem.

[VB]

ComboFix 10-01-02.05 - Vojta 03.01.2010 15:17:40.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3263.2294 [GMT 1:00]
Spuštěný z: c:\users\Vojta\Desktop\ComboFix.exe
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1802847808-766491492-1937495079-1001
c:\users\Kulzi\AppData\Roaming\inst.exe
c:\windows\system.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-03 do 2010-01-03 )))))))))))))))))))))))))))))))
.

2010-01-03 09:28 . 2010-01-03 09:28 -------- d-----w- c:\windows\Downloaded Installations
2010-01-03 09:23 . 2010-01-03 09:23 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-01-03 09:23 . 2010-01-03 09:23 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-01-03 09:23 . 2010-01-03 09:23 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-01-03 09:23 . 2010-01-03 09:23 -------- d-----w- c:\program files\Sony Ericsson
2010-01-01 19:30 . 2010-01-01 19:30 -------- d-----w- c:\program files\free-downloads.net
2010-01-01 19:30 . 2010-01-01 19:30 -------- d-----w- c:\program files\Conduit
2010-01-01 18:32 . 2010-01-01 18:32 -------- d-----w- c:\users\Vojta\AppData\Roaming\NeroDigital(TM)
2010-01-01 14:35 . 2010-01-01 14:35 -------- d-----w- c:\users\Vojta\AppData\Local\Diagnostics
2009-12-30 20:56 . 2009-12-30 20:56 -------- d-----w- c:\users\Vojta\AppData\Local\HandBrake
2009-12-30 20:56 . 2009-12-30 20:56 -------- d-----w- c:\users\Vojta\AppData\Roaming\HandBrake
2009-12-30 20:51 . 2009-12-30 20:51 -------- d-----w- c:\program files\Handbrake
2009-12-28 12:05 . 2009-12-28 12:05 125952 ----a-w- c:\programdata\ParetoLogic\UUS2\Temp\Update.exe
2009-12-28 11:57 . 2009-12-28 11:57 -------- d-----w- c:\users\Vojta\AppData\Local\ElevatedDiagnostics
2009-12-28 11:51 . 2009-12-28 11:51 -------- d-----w- c:\users\Vojta\AppData\Roaming\DriverCure
2009-12-28 11:51 . 2009-12-28 12:06 -------- d-----w- c:\programdata\DriverCure
2009-12-28 11:51 . 2009-12-28 11:51 -------- d-----w- c:\programdata\ParetoLogic
2009-12-25 08:23 . 2009-12-25 08:23 -------- d-----w- c:\program files\GameHi_USA
2009-12-23 04:54 . 2008-12-04 10:57 146432 ----a-w- c:\windows\system32\APOMngr.DLL
2009-12-23 04:54 . 2008-09-17 13:05 72704 ----a-w- c:\windows\system32\CmdRtr.DLL
2009-12-19 23:03 . 2009-12-19 23:03 -------- d-----w- c:\program files\FireStarter Gaming
2009-12-19 23:02 . 2009-12-19 23:02 -------- d-----w- c:\users\Kulzi\AppData\Local\ESET
2009-12-19 22:10 . 2009-12-19 22:10 -------- d-----w- c:\users\Kulzi\AppData\Local\Blizzard Entertainment
2009-12-19 22:08 . 2009-12-19 22:08 -------- d-----w- c:\users\Public\Games
2009-12-13 07:50 . 2009-12-13 07:50 -------- d-----w- c:\users\Vojta\AppData\Local\ESET
2009-12-11 22:45 . 2009-12-11 22:45 -------- d-----w- c:\users\Kulzi\AppData\Local\Diagnostics

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-03 14:15 . 2009-11-12 15:47 -------- d-----w- c:\users\Vojta\AppData\Roaming\uTorrent
2010-01-03 14:15 . 2009-11-02 14:08 -------- d-----w- c:\users\Vojta\AppData\Roaming\Skype
2010-01-03 13:36 . 2009-11-07 11:14 -------- d-----w- c:\users\Vojta\AppData\Roaming\Vso
2010-01-03 12:03 . 2009-11-02 14:09 -------- d-----w- c:\users\Vojta\AppData\Roaming\skypePM
2010-01-03 10:30 . 2009-11-02 16:35 -------- d-----w- c:\program files\JDownloader
2010-01-03 10:22 . 2009-11-03 20:24 -------- d-----w- c:\users\Vojta\AppData\Roaming\Any Video Converter Professional
2010-01-03 09:34 . 2009-07-14 08:44 622422 ----a-w- c:\windows\system32\perfh005.dat
2010-01-03 09:34 . 2009-07-14 08:44 118604 ----a-w- c:\windows\system32\perfc005.dat
2010-01-03 09:32 . 2010-01-03 09:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2010-01-01 18:42 . 2009-11-11 16:55 -------- d-----w- c:\program files\MKVtoolnix
2010-01-01 03:18 . 2009-11-03 17:57 -------- d-----w- c:\users\Kulzi\AppData\Roaming\Skype
2009-12-31 23:02 . 2009-11-19 17:48 -------- d-----w- c:\users\Kulzi\AppData\Roaming\skypePM
2009-12-31 09:23 . 2009-11-15 17:57 -------- d-----w- c:\users\Vojta\AppData\Roaming\NeroDCTemplates
2009-12-25 08:23 . 2009-11-03 17:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-23 22:21 . 2009-11-08 18:15 -------- d-----w- c:\users\Kulzi\AppData\Roaming\uTorrent
2009-12-23 04:54 . 2009-12-23 04:53 -------- d--h--w- c:\program files\Temp
2009-12-23 04:53 . 2009-12-23 04:53 -------- d-----w- c:\program files\Realtek
2009-12-21 09:07 . 2009-11-02 10:24 -------- d-----w- c:\program files\Java
2009-12-17 20:44 . 2009-11-22 10:40 -------- d-----w- c:\users\Vojta\AppData\Roaming\ICQ
2009-12-12 12:22 . 2009-11-02 13:41 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-12-11 22:41 . 2009-11-03 17:58 108824 ----a-w- c:\users\Kulzi\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-10 22:14 . 2009-11-07 10:59 -------- d-----w- c:\program files\Seznam.cz
2009-12-10 12:30 . 2009-11-02 10:10 108824 ----a-w- c:\users\Vojta\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-09 15:28 . 2009-11-02 10:48 -------- d-----w- c:\programdata\Microsoft Help
2009-12-09 08:51 . 2009-11-03 05:49 -------- d-----w- c:\programdata\CanonIJPLM
2009-12-06 12:49 . 2009-11-05 16:16 -------- d-----w- c:\users\Vojta\AppData\Roaming\BSplayer Pro
2009-12-06 09:46 . 2009-11-05 16:16 -------- d-----w- c:\users\Vojta\AppData\Roaming\BSplayer
2009-12-03 17:13 . 2009-11-02 09:56 -------- d-----w- c:\program files\PowerArchiver
2009-12-01 06:19 . 2009-12-01 06:19 -------- d-----w- c:\program files\LS
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-25 16:44 . 2009-11-25 16:44 -------- d-----w- c:\users\Kulzi\AppData\Roaming\DAEMON Tools Lite
2009-11-23 15:36 . 2009-11-02 08:16 -------- d-----w- c:\program files\Opera
2009-11-23 08:45 . 2009-11-23 08:45 -------- d-----w- c:\program files\Microsoft Flight Simulator X
2009-11-20 15:24 . 2009-07-14 04:52 -------- d-----w- c:\program files\Microsoft Games
2009-11-20 04:28 . 2009-11-20 04:28 -------- d-----w- c:\program files\Alcohol Soft
2009-11-15 17:30 . 2009-11-02 10:36 -------- d-----w- c:\users\Vojta\AppData\Roaming\Nero
2009-11-15 16:20 . 2009-11-15 16:20 -------- d-----w- c:\program files\Activision
2009-11-15 15:39 . 2009-11-15 15:39 -------- d-----w- c:\program files\Call of Duty Modern Warfare 2
2009-11-14 12:51 . 2009-11-14 12:50 -------- d-----w- c:\program files\TuneUp Utilities 2010
2009-11-14 12:50 . 2009-11-02 15:00 -------- d-----w- c:\programdata\TuneUp Software
2009-11-12 17:57 . 2009-11-12 17:58 53319 ----a-w- c:\programdata\Temp\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe
2009-11-12 17:57 . 2009-11-05 17:03 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-11-12 17:57 . 2009-11-02 10:04 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-12 17:57 . 2009-11-02 10:04 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-12 16:30 . 2009-11-12 16:30 -------- d-----w- c:\program files\uTorrent
2009-11-10 16:34 . 2009-11-10 11:47 -------- d-----w- c:\programdata\NOS
2009-11-10 12:08 . 2009-11-02 10:25 -------- d-----w- c:\programdata\Nero
2009-11-10 11:47 . 2009-11-10 11:47 -------- d-----w- c:\program files\NOS
2009-11-09 15:42 . 2009-11-09 15:42 -------- d-----w- c:\users\Kulzi\AppData\Roaming\Canon
2009-11-09 06:15 . 2009-11-09 06:15 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-11-08 18:29 . 2009-11-08 18:20 -------- d-----w- c:\program files\Ask.com
2009-11-08 18:15 . 2009-11-08 16:48 -------- d-----w- c:\programdata\Electronic Arts
2009-11-08 16:48 . 2009-11-02 16:46 -------- d-----w- c:\program files\Electronic Arts
2009-11-08 16:48 . 2009-11-08 16:48 5272 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-11-08 10:52 . 2009-11-08 10:52 -------- d-----w- c:\program files\Bethesda Softworks
2009-11-08 10:50 . 2009-11-03 05:45 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-07 17:51 . 2009-11-07 17:51 -------- d-----w- c:\users\Vojta\AppData\Roaming\Canon
2009-11-07 12:00 . 2009-11-07 11:06 -------- d-----w- c:\users\Kulzi\AppData\Roaming\Vso
2009-11-07 11:33 . 2009-11-07 11:33 -------- d-----w- c:\programdata\vsosdk
2009-11-07 11:06 . 2009-11-07 11:06 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-11-07 11:06 . 2009-11-07 11:06 47360 ----a-w- c:\users\Kulzi\AppData\Roaming\pcouffin.sys
2009-11-07 11:06 . 2009-11-07 11:06 47360 ----a-w- c:\users\Kulzi\AppData\Roaming\pcouffin.sys
2009-11-07 11:06 . 2009-11-07 11:06 -------- d-----w- c:\program files\VSO
2009-11-07 10:41 . 2009-11-06 12:18 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-11-07 10:37 . 2009-11-07 10:37 -------- d-----w- c:\users\Kulzi\AppData\Roaming\DivX
2009-11-07 10:37 . 2009-11-04 21:08 -------- d-----w- c:\users\Kulzi\AppData\Roaming\Nero
2009-11-06 12:18 . 2009-11-06 12:18 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-05 17:07 . 2009-11-05 17:06 -------- d-----w- c:\programdata\CyberLink
2009-11-05 17:07 . 2009-11-05 17:07 -------- d-----w- c:\users\Vojta\AppData\Roaming\CyberLink
2009-11-05 17:06 . 2009-11-05 17:04 -------- d-----w- c:\program files\CyberLink
2009-11-05 17:05 . 2009-11-05 17:05 -------- d-----w- c:\program files\Common Files\CyberLink
2009-11-05 17:03 . 2009-11-05 17:03 53319 ----a-w- c:\programdata\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-11-05 16:28 . 2009-11-04 17:17 -------- d-----w- c:\program files\Webteh
2009-11-05 05:27 . 2009-11-05 05:25 -------- d-----w- c:\programdata\Norton
2009-11-05 05:26 . 2009-11-05 05:25 -------- d-----w- c:\programdata\Symantec
2009-11-05 05:25 . 2009-11-05 05:25 -------- d-----w- c:\programdata\NortonInstaller
2009-11-04 20:16 . 2009-11-04 20:16 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-04 20:16 . 2009-11-04 20:16 38208 ----a-w- c:\users\Kulzi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-04 20:16 . 2009-11-04 20:16 38208 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-04 20:15 . 2009-11-04 20:15 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-04 17:20 . 2009-11-04 17:17 -------- d-----w- c:\users\Kulzi\AppData\Roaming\BSplayer
2009-11-04 17:17 . 2009-11-04 17:17 -------- d-----w- c:\users\Kulzi\AppData\Roaming\BSplayer Pro
2009-11-04 15:26 . 2009-11-04 15:20 9015296 ----a-w- c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\Clover.tls.dll
2009-11-04 15:21 . 2009-11-04 15:21 10743808 ----a-w- c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\RockSugar.tls.dll
2009-11-02 19:42 . 2009-11-02 08:40 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 14:09 . 2009-11-02 14:09 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-02 13:42 . 2009-11-02 13:38 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-29 19:43 . 2009-11-14 12:51 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2009-10-29 19:38 . 2009-11-14 12:51 21320 ----a-w- c:\windows\system32\authuitu.dll
2009-10-29 19:38 . 2009-11-14 12:51 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-10-29 07:22 . 2009-11-26 02:00 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 18:00 . 2009-11-02 10:04 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-11 03:17 . 2009-11-02 10:24 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2009-03-10 2079256]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 13:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2009-03-10 10:47 2079256 ----a-w- c:\program files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2009-03-10 2079256]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2009-11-12 289072]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2009-11-02 448664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-09-01 75048]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-18 7711264]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
JDownloader - z stupce.lnk - c:\program files\JDownloader\JDownloader.exe [2009-10-26 214528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [9.4.2009 15:18 107256]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/11/05 18:05];c:\program files\CyberLink\PowerDVD9\000.fcl [1.9.2009 16:59 87536]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [9.4.2009 15:19 731840]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [9.4.2009 15:21 38240]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [3.11.2009 18:54 222968]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [29.10.2009 20:41 1021256]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [1.3.2009 23:05 139776]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [2.11.2009 14:38 691696]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [3.1.2010 10:23 13224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-01-03 15:24:33
ComboFix-quarantined-files.txt 2010-01-03 14:24

Před spuštěním: Volných bajtů: 36 294 791 168
Po spuštění: Volných bajtů: 79 298 490 368

- - End Of File - - 1E0ACD3F3D7E24F2EB1C11D61292E6C5

[Unlimited_Killer]

Omlouvám se za zpoždění, začala mi škola.

~~~

Otevřete si Poznámkový blok a zkopírujte do něj

Kód: Vybrat vše

KillAll::

Folder::
C:\Program Files\free-downloads.net
C:\Program Files\Ask.com
C:\Program Files\ICQ6Toolbar

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"=-
[-HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{ecdee021-0d17-467f-a1ff-c7a115230949}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"=-
"SSBkgdUpdate"=-
"Adobe Reader Speed Launcher"=-

Driver::
ICQ Service

uložte to na Plochu jako CFScript.txt Pak jej myší přetáhněte nad ComboFix (!musí být na Ploše!) a pusťte.



ComboFix vykoná příkazy ze skriptu, PC může být opět restartován.
Po skončení mi sem dejte log, který na Vás po dočistění vybafne.

[VB]

ComboFix 10-01-02.05 - Vojta 05.01.2010 15:22:45.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3263.2694 [GMT 1:00]
Spuštěný z: c:\users\Vojta\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Vojta\Desktop\CFScript.txt
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\free-downloads.net
c:\program files\free-downloads.net\free-downloads.netToolbarHelper.exe
c:\program files\free-downloads.net\INSTALL.LOG
c:\program files\free-downloads.net\tbfree.dll
c:\program files\free-downloads.net\toolbar.cfg
c:\program files\free-downloads.net\UNWISE.EXE
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ICQ Service


((((((((((((((((((((((((( Soubory vytvořené od 2009-12-05 do 2010-01-05 )))))))))))))))))))))))))))))))
.

2010-01-05 14:29 . 2010-01-05 14:29 -------- d-----w- C:\Device
2010-01-05 14:28 . 2010-01-05 14:30 -------- d-----w- c:\users\Vojta\AppData\Local\temp
2010-01-05 14:28 . 2010-01-05 14:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-05 14:28 . 2010-01-05 14:28 -------- d-----w- c:\users\Kulzi\AppData\Local\temp
2010-01-03 09:28 . 2010-01-03 09:28 -------- d-----w- c:\windows\Downloaded Installations
2010-01-03 09:23 . 2010-01-03 09:23 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-01-03 09:23 . 2010-01-03 09:23 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-01-03 09:23 . 2010-01-03 09:23 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-01-03 09:23 . 2010-01-03 09:23 -------- d-----w- c:\program files\Sony Ericsson
2010-01-01 19:30 . 2010-01-01 19:30 -------- d-----w- c:\program files\Conduit
2010-01-01 18:32 . 2010-01-01 18:32 -------- d-----w- c:\users\Vojta\AppData\Roaming\NeroDigital(TM)
2010-01-01 14:35 . 2010-01-01 14:35 -------- d-----w- c:\users\Vojta\AppData\Local\Diagnostics
2009-12-30 20:56 . 2009-12-30 20:56 -------- d-----w- c:\users\Vojta\AppData\Local\HandBrake
2009-12-30 20:56 . 2009-12-30 20:56 -------- d-----w- c:\users\Vojta\AppData\Roaming\HandBrake
2009-12-30 20:51 . 2009-12-30 20:51 -------- d-----w- c:\program files\Handbrake
2009-12-28 12:05 . 2009-12-28 12:05 125952 ----a-w- c:\programdata\ParetoLogic\UUS2\Temp\Update.exe
2009-12-28 11:57 . 2009-12-28 11:57 -------- d-----w- c:\users\Vojta\AppData\Local\ElevatedDiagnostics
2009-12-28 11:51 . 2009-12-28 11:51 -------- d-----w- c:\users\Vojta\AppData\Roaming\DriverCure
2009-12-28 11:51 . 2009-12-28 12:06 -------- d-----w- c:\programdata\DriverCure
2009-12-28 11:51 . 2009-12-28 11:51 -------- d-----w- c:\programdata\ParetoLogic
2009-12-25 08:23 . 2009-12-25 08:23 -------- d-----w- c:\program files\GameHi_USA
2009-12-23 04:54 . 2008-12-04 10:57 146432 ----a-w- c:\windows\system32\APOMngr.DLL
2009-12-23 04:54 . 2008-09-17 13:05 72704 ----a-w- c:\windows\system32\CmdRtr.DLL
2009-12-19 23:03 . 2009-12-19 23:03 -------- d-----w- c:\program files\FireStarter Gaming
2009-12-19 23:02 . 2009-12-19 23:02 -------- d-----w- c:\users\Kulzi\AppData\Local\ESET
2009-12-19 22:10 . 2009-12-19 22:10 -------- d-----w- c:\users\Kulzi\AppData\Local\Blizzard Entertainment
2009-12-19 22:08 . 2009-12-19 22:08 -------- d-----w- c:\users\Public\Games
2009-12-13 07:50 . 2009-12-13 07:50 -------- d-----w- c:\users\Vojta\AppData\Local\ESET
2009-12-11 22:45 . 2009-12-11 22:45 -------- d-----w- c:\users\Kulzi\AppData\Local\Diagnostics

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 14:31 . 2009-11-02 16:35 -------- d-----w- c:\program files\JDownloader
2010-01-05 14:20 . 2009-11-12 15:47 -------- d-----w- c:\users\Vojta\AppData\Roaming\uTorrent
2010-01-05 14:15 . 2009-07-14 08:44 622422 ----a-w- c:\windows\system32\perfh005.dat
2010-01-05 14:15 . 2009-07-14 08:44 118604 ----a-w- c:\windows\system32\perfc005.dat
2010-01-04 22:18 . 2009-11-03 17:57 -------- d-----w- c:\users\Kulzi\AppData\Roaming\Skype
2010-01-04 20:11 . 2009-11-02 14:08 -------- d-----w- c:\users\Vojta\AppData\Roaming\Skype
2010-01-04 17:55 . 2009-11-02 14:09 -------- d-----w- c:\users\Vojta\AppData\Roaming\skypePM
2010-01-04 17:25 . 2009-11-19 17:48 -------- d-----w- c:\users\Kulzi\AppData\Roaming\skypePM
2010-01-04 14:49 . 2009-11-02 10:36 -------- d-----w- c:\programdata\LightScribe
2010-01-03 15:57 . 2009-11-07 11:14 -------- d-----w- c:\users\Vojta\AppData\Roaming\Vso
2010-01-03 10:22 . 2009-11-03 20:24 -------- d-----w- c:\users\Vojta\AppData\Roaming\Any Video Converter Professional
2010-01-03 09:32 . 2010-01-03 09:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2010-01-01 18:42 . 2009-11-11 16:55 -------- d-----w- c:\program files\MKVtoolnix
2009-12-31 09:23 . 2009-11-15 17:57 -------- d-----w- c:\users\Vojta\AppData\Roaming\NeroDCTemplates
2009-12-25 08:23 . 2009-11-03 17:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-23 22:21 . 2009-11-08 18:15 -------- d-----w- c:\users\Kulzi\AppData\Roaming\uTorrent
2009-12-23 04:54 . 2009-12-23 04:53 -------- d--h--w- c:\program files\Temp
2009-12-23 04:53 . 2009-12-23 04:53 -------- d-----w- c:\program files\Realtek
2009-12-21 09:07 . 2009-11-02 10:24 -------- d-----w- c:\program files\Java
2009-12-17 20:44 . 2009-11-22 10:40 -------- d-----w- c:\users\Vojta\AppData\Roaming\ICQ
2009-12-12 12:22 . 2009-11-02 13:41 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-12-11 22:41 . 2009-11-03 17:58 108824 ----a-w- c:\users\Kulzi\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-10 22:14 . 2009-11-07 10:59 -------- d-----w- c:\program files\Seznam.cz
2009-12-10 12:30 . 2009-11-02 10:10 108824 ----a-w- c:\users\Vojta\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-09 15:28 . 2009-11-02 10:48 -------- d-----w- c:\programdata\Microsoft Help
2009-12-09 08:51 . 2009-11-03 05:49 -------- d-----w- c:\programdata\CanonIJPLM
2009-12-06 12:49 . 2009-11-05 16:16 -------- d-----w- c:\users\Vojta\AppData\Roaming\BSplayer Pro
2009-12-06 09:46 . 2009-11-05 16:16 -------- d-----w- c:\users\Vojta\AppData\Roaming\BSplayer
2009-12-03 17:13 . 2009-11-02 09:56 -------- d-----w- c:\program files\PowerArchiver
2009-12-01 06:19 . 2009-12-01 06:19 -------- d-----w- c:\program files\LS
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-25 16:44 . 2009-11-25 16:44 -------- d-----w- c:\users\Kulzi\AppData\Roaming\DAEMON Tools Lite
2009-11-23 15:36 . 2009-11-02 08:16 -------- d-----w- c:\program files\Opera
2009-11-23 08:45 . 2009-11-23 08:45 -------- d-----w- c:\program files\Microsoft Flight Simulator X
2009-11-20 15:24 . 2009-07-14 04:52 -------- d-----w- c:\program files\Microsoft Games
2009-11-20 04:28 . 2009-11-20 04:28 -------- d-----w- c:\program files\Alcohol Soft
2009-11-15 17:30 . 2009-11-02 10:36 -------- d-----w- c:\users\Vojta\AppData\Roaming\Nero
2009-11-15 16:20 . 2009-11-15 16:20 -------- d-----w- c:\program files\Activision
2009-11-15 15:39 . 2009-11-15 15:39 -------- d-----w- c:\program files\Call of Duty Modern Warfare 2
2009-11-14 12:51 . 2009-11-14 12:50 -------- d-----w- c:\program files\TuneUp Utilities 2010
2009-11-14 12:50 . 2009-11-02 15:00 -------- d-----w- c:\programdata\TuneUp Software
2009-11-12 17:57 . 2009-11-12 17:58 53319 ----a-w- c:\programdata\Temp\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe
2009-11-12 17:57 . 2009-11-05 17:03 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-11-12 17:57 . 2009-11-02 10:04 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-12 17:57 . 2009-11-02 10:04 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-12 16:30 . 2009-11-12 16:30 -------- d-----w- c:\program files\uTorrent
2009-11-10 16:34 . 2009-11-10 11:47 -------- d-----w- c:\programdata\NOS
2009-11-10 12:08 . 2009-11-02 10:25 -------- d-----w- c:\programdata\Nero
2009-11-10 11:47 . 2009-11-10 11:47 -------- d-----w- c:\program files\NOS
2009-11-09 15:42 . 2009-11-09 15:42 -------- d-----w- c:\users\Kulzi\AppData\Roaming\Canon
2009-11-09 06:15 . 2009-11-09 06:15 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-11-08 18:15 . 2009-11-08 16:48 -------- d-----w- c:\programdata\Electronic Arts
2009-11-08 16:48 . 2009-11-02 16:46 -------- d-----w- c:\program files\Electronic Arts
2009-11-08 16:48 . 2009-11-08 16:48 5272 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-11-08 10:52 . 2009-11-08 10:52 -------- d-----w- c:\program files\Bethesda Softworks
2009-11-08 10:50 . 2009-11-03 05:45 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-07 17:51 . 2009-11-07 17:51 -------- d-----w- c:\users\Vojta\AppData\Roaming\Canon
2009-11-07 12:00 . 2009-11-07 11:06 -------- d-----w- c:\users\Kulzi\AppData\Roaming\Vso
2009-11-07 11:33 . 2009-11-07 11:33 -------- d-----w- c:\programdata\vsosdk
2009-11-07 11:06 . 2009-11-07 11:06 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-11-07 11:06 . 2009-11-07 11:06 47360 ----a-w- c:\users\Kulzi\AppData\Roaming\pcouffin.sys
2009-11-07 11:06 . 2009-11-07 11:06 47360 ----a-w- c:\users\Kulzi\AppData\Roaming\pcouffin.sys
2009-11-07 11:06 . 2009-11-07 11:06 -------- d-----w- c:\program files\VSO
2009-11-07 10:41 . 2009-11-06 12:18 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-11-07 10:37 . 2009-11-07 10:37 -------- d-----w- c:\users\Kulzi\AppData\Roaming\DivX
2009-11-07 10:37 . 2009-11-04 21:08 -------- d-----w- c:\users\Kulzi\AppData\Roaming\Nero
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-05 17:03 . 2009-11-05 17:03 53319 ----a-w- c:\programdata\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-11-04 20:16 . 2009-11-04 20:16 38208 ----a-w- c:\users\Kulzi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-04 20:16 . 2009-11-04 20:16 38208 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-04 15:26 . 2009-11-04 15:20 9015296 ----a-w- c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\Clover.tls.dll
2009-11-04 15:21 . 2009-11-04 15:21 10743808 ----a-w- c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\RockSugar.tls.dll
2009-11-02 19:42 . 2009-11-02 08:40 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 14:09 . 2009-11-02 14:09 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-02 13:42 . 2009-11-02 13:38 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-29 19:43 . 2009-11-14 12:51 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2009-10-29 19:38 . 2009-11-14 12:51 21320 ----a-w- c:\windows\system32\authuitu.dll
2009-10-29 19:38 . 2009-11-14 12:51 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-10-29 07:22 . 2009-11-26 02:00 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 18:00 . 2009-11-02 10:04 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-11 03:17 . 2009-11-02 10:24 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2009-11-12 289072]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2009-11-02 448664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-09-01 75048]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-18 7711264]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
JDownloader - z stupce.lnk - c:\program files\JDownloader\JDownloader.exe [2009-10-26 214528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [9.4.2009 15:18 107256]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/11/05 18:05];c:\program files\CyberLink\PowerDVD9\000.fcl [1.9.2009 16:59 87536]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [9.4.2009 15:19 731840]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [9.4.2009 15:21 38240]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [29.10.2009 20:41 1021256]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [1.3.2009 23:05 139776]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [3.1.2010 10:23 13224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-free-downloads.net Toolbar - c:\progra~1\FREE-D~1.NET\UNWISE.EXE
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe



**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8579F1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xe5726854
SecurityProcedure -> 0x1
QueryNameProcedure -> 0x8dc05d96
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\taskhost.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Java\jre6\bin\javaw.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2010-01-05 15:32:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-05 14:32
ComboFix2.txt 2010-01-03 14:24

Před spuštěním: Volných bajtů: 74 611 437 568
Po spuštění: Volných bajtů: 74 190 340 096

- - End Of File - - E889107AD609CA7441CDE977A5FF7F22

[Unlimited_Killer]

Poprosím o nový RSIT log.

[VB]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:50:42, on 6.1.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Seznam.cz\postak.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Users\Vojta\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\listicka.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - Global Startup: JDownloader – zástupce.lnk = C:\Program Files\JDownloader\JDownloader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 6522 bytes

[Unlimited_Killer]

Vidím tam pouze pár věcí na fixnutí. Už to bude snad vše.
A můžeme zksuit ještě MBAM (pro jistotu).

~~~

Spusťte přejmenované HiJackThis - C:\Program Files\Trend Micro\HijackThis\jmeno_usera.exe
Klikněte na 'Do a system scan only'.
U níže uvedených položek udělejte fajfku do čtverečku a poté klikněte na 'Fix Checked'.

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

Pokud by tam nějaká položka nebyla, vynechte ji.

~~~

Odinstalujte ComboFix
Start >> Spustit >> vkopírujte do okénka:

Kód: Vybrat vše

ComboFix /Uninstall

>> stiskněte Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.

~~~

Spusťte opět OTM, ale tentokrát klikněte na 'CleanUp!' [vizte obrázek].


~~~

Stáhněte MBAM a postupujte podle popisu. Zatím nic nemažte, MBAM má občas falešné detekce.
Potom mi sem vložte log.

~~~

Zkuste pročistit PC CCleanerem.
Nainstalujte, jen dávejte pozor a při instalaci odfajfkujte položku Instalovat Yahoo! Toolbar.
Spusťte.

Záložka Čistič -> nechte zatrženo vše, jak je, a klikněte na 'Spustit CCleaner'.

Záložka Registry > klikněte na 'Hledej problémy'. Vyhledá problémy v registru, až dokončí analyzování, klikněte na 'Opravit vybrané problémy'. Nabídne Vám vytvoření zálohy - pro jistotu ji vytvořte a uložte například na Plochu.

CCleaner doporučuji používat pravidelně, celkem rapidně dokáže zrychlit PC.

~~~

Po těchto mým 'zákrocích' Vám nebudou fungovat automatické aktualizace například Javy (spouštěly se zbytečně hned po startu systému a zatěžovaly RAM).
Proto doporučuji stáhnout si prográmek jménem FileHippo Update Checker, který stačit jednou týdně spustit a přehledně Vám zobrazí, který software je neaktuální.

[VB]

Malwarebytes' Anti-Malware 1.43
Verze databáze: 3501
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6.1.2010 17:09:34
mbam-log-2010-01-06 (17-09-34).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 120479
Uplynulý čas: 2 minute(s), 59 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

[Unlimited_Killer]

Super - teď ten zbytek a poté úplně nový log RSIT. A spusťte ho v Režimu kompatibility s Windows XP.

~~~

Stáhněte a uložte na Plochu RSIT.
Spusťte, nechte v rolovacím menu '1 month' a klikněte na 'Continue'.
Vyčkejte několik vteřin, než se vygeneruje log se jménem log.txt
(pokud nebude log vygenerován, naleznete jej v C:\rsit\log.txt).
Obsah tohoto logu vložte do svého příspěvku.

[VB]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:17:54, on 6.1.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Seznam.cz\postak.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\listicka.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
O4 - Global Startup: JDownloader – zástupce.lnk = C:\Program Files\JDownloader\JDownloader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 6354 bytes

[Unlimited_Killer]

Dobře nyní odinstalujte Ask Toolbar.
Jinak ten UpdateChecker se nemusí spouštět po startu - mírně brzdí PC, takže ho spouštějte +- jednou za týden. Teď Vám ho odstraním z položek po startu.
Jinak RSIT jste asi nevytvořil - jen HijackThis. Ale nevadí.

~~~

Spusťte Poznámkový blok [Start > Spustit > notepad > Enter].
Do něho vkopírujte následující text:

Kód: Vybrat vše

Windows Registry Editor Version 5.00 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"=-

Uložte například na Plochu jako oprava.reg [viz obrázek] a dvojklikem spusťte.

Poté restartujte PC.

~~~

To je už vše. Díky za spolupráci a doufám, že se opět někdy uvidíme.

[VB]

Mockrát děkuji a přeji hodně úspěchů ve škole.

[Unlimited_Killer]

Není zač.