laptop,bezi velmi pomalu,IE samovolne vyskakujici stranky

[dimmilo]

NOD32-Java/TrojanDownloader.Agent.ABtrojsky kun-vylecen smazanim-vlozen do karanteny [1]
problemy vyse trvaji+PC se 2krat sam vypl.-jsem naprosty laik!diky

[Tom8sh16]

Dobrý den.

Klikněte v mém podpisu na RSIT a pošlete sem log

[dimmilo]

Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2010-01-31 11:08:55
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 38 GB (27%) free of 143 GB
Total RAM: 1790 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:16 AM, on 31/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\ProgramData\LangSoft\OETRN.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\Documents\Downloads\RSIT.exe
C:\Windows\system32\msfeedssync.exe
C:\Program Files\trend micro\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro prihlášení ke službe Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [OEXPRESS] C:\ProgramData\LangSoft\OETRN.EXE
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Výrezy obrazovky a spuštení aplikace OneNote 2007.lnk
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Update ESET's license.lnk = C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit pøekladaè - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Pøeložit &oznaèený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Pøeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{172735A0-5E3B-455A-BA37-9E21BE0BA809}: NameServer = 93.188.162.115,93.188.161.93
O17 - HKLM\System\CCS\Services\Tcpip\..\{A178580B-3C76-443C-B8AE-9FBD6A94A3A1}: NameServer = 93.188.162.115,93.188.161.93
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.115,93.188.161.93
O17 - HKLM\System\CS1\Services\Tcpip\..\{172735A0-5E3B-455A-BA37-9E21BE0BA809}: NameServer = 93.188.162.115,93.188.161.93
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.115,93.188.161.93
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GameConsoleService - Unknown owner - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12090 bytes

======Scheduled tasks folder======

C:\Windows\tasks\HPCeeScheduleForUser.job
C:\Windows\tasks\User_Feed_Synchronization-{1C55BF7C-8793-4B24-95A7-4A92D3AB8F5E}.job
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2009-12-26 520192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - c:\program files\real\realplayer\rpbrowserrecordplugin.dll [2009-09-24 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro prihlášení ke službe Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-15 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-14 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-15 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-15 256112]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2009-12-26 520192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-17 1049896]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2008-06-12 468264]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-03-14 202032]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-06-02 80896]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-05-14 2029640]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-07-23 13797920]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-02-26 2289664]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-09-15 39408]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"OEXPRESS"=C:\ProgramData\LangSoft\OETRN.EXE [2009-12-26 26624]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Update ESET's license.lnk - C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výrezy obrazovky a spuštení aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21d6b4f5-a654-11de-93b2-001d7264d234}]
shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ac6a7cf-9974-11de-a4d6-001d7264d234}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-01-31 11:08:56 ----D---- C:\Program Files\trend micro
2010-01-31 11:08:55 ----D---- C:\rsit
2010-01-31 07:44:02 ----D---- C:\Program Files\Ultimate Process Manager
2010-01-30 08:46:11 ----A---- C:\Windows\msa.exe
2010-01-22 14:14:36 ----A---- C:\Windows\system32\TURegOpt.exe
2010-01-22 14:14:32 ----A---- C:\Windows\system32\uxtuneup.dll
2010-01-22 14:14:30 ----A---- C:\Windows\system32\authuitu.dll
2010-01-22 14:13:48 ----D---- C:\Program Files\TuneUp Utilities 2010
2010-01-21 21:28:10 ----D---- C:\Users\User\AppData\Roaming\TuneUp Software
2010-01-21 21:27:08 ----D---- C:\ProgramData\TuneUp Software
2010-01-21 21:26:26 ----SHD---- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-01-21 16:19:28 ----A---- C:\Windows\system32\mshtml.dll
2010-01-21 16:19:25 ----A---- C:\Windows\system32\ieframe.dll
2010-01-21 16:19:21 ----A---- C:\Windows\system32\urlmon.dll
2010-01-21 16:19:21 ----A---- C:\Windows\system32\iertutil.dll
2010-01-21 16:19:20 ----A---- C:\Windows\system32\wininet.dll
2010-01-21 16:19:19 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-21 16:19:18 ----A---- C:\Windows\system32\occache.dll
2010-01-21 16:19:18 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-21 16:19:15 ----A---- C:\Windows\system32\ieui.dll
2010-01-21 16:19:14 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-21 16:19:14 ----A---- C:\Windows\system32\iepeers.dll
2010-01-21 16:19:13 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-21 16:19:13 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-21 16:19:13 ----A---- C:\Windows\system32\iesysprep.dll
2010-01-21 16:19:12 ----A---- C:\Windows\system32\msfeedssync.exe
2010-01-21 16:19:12 ----A---- C:\Windows\system32\ie4uinit.exe
2010-01-21 16:19:11 ----A---- C:\Windows\system32\iesetup.dll
2010-01-21 16:19:11 ----A---- C:\Windows\system32\iernonce.dll
2010-01-20 16:30:32 ----D---- C:\Program Files\MC2
2010-01-19 17:45:18 ----D---- C:\Program Files\VirtualDJ
2010-01-18 21:35:12 ----D---- C:\Program Files\Lavalys
2010-01-13 14:33:21 ----D---- C:\Temp
2010-01-12 14:20:16 ----A---- C:\Windows\system32\t2embed.dll
2010-01-12 14:20:15 ----A---- C:\Windows\system32\fontsub.dll
2010-01-05 09:46:49 ----D---- C:\Program Files\MediaMonkey

======List of files/folders modified in the last 1 months======

2010-01-31 11:09:03 ----D---- C:\Windows\Temp
2010-01-31 11:08:56 ----RD---- C:\Program Files
2010-01-31 10:50:26 ----D---- C:\Users\User\AppData\Roaming\Skype
2010-01-31 10:44:42 ----D---- C:\Windows\Debug
2010-01-31 10:44:42 ----AD---- C:\WINDOWS
2010-01-31 09:38:19 ----D---- C:\Windows\System32
2010-01-31 09:38:18 ----D---- C:\Windows\inf
2010-01-31 09:38:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-31 08:52:08 ----D---- C:\Windows\system32\Tasks
2010-01-31 08:52:06 ----D---- C:\Windows\Tasks
2010-01-31 08:01:05 ----D---- C:\Users\User\AppData\Roaming\skypePM
2010-01-31 01:47:34 ----D---- C:\Windows\system32\config
2010-01-31 01:47:27 ----D---- C:\Windows\system32\spool
2010-01-31 01:47:27 ----D---- C:\Windows\system32\Msdtc
2010-01-31 01:47:27 ----D---- C:\Windows\system32\drivers
2010-01-31 01:47:27 ----D---- C:\Windows\system32\CodeIntegrity
2010-01-31 01:47:27 ----D---- C:\Windows\system32\catroot2
2010-01-31 01:47:27 ----D---- C:\Users\User\AppData\Roaming\LangSoft
2010-01-31 01:47:25 ----D---- C:\TRANSLAT
2010-01-31 01:47:25 ----D---- C:\ProgramData\HP Product Assistant
2010-01-31 01:47:23 ----D---- C:\Windows\system32\wbem
2010-01-31 01:47:23 ----D---- C:\Windows\registration
2010-01-31 01:45:03 ----D---- C:\Windows\system32\LogFiles
2010-01-30 23:35:44 ----SHD---- C:\System Volume Information
2010-01-30 23:10:49 ----D---- C:\Program Files\VS Revo Group
2010-01-30 08:51:32 ----D---- C:\Program Files\Mozilla Firefox
2010-01-30 08:48:19 ----HD---- C:\ProgramData
2010-01-30 08:48:18 ----HD---- C:\Windows\system32\GroupPolicy
2010-01-30 08:21:07 ----D---- C:\Windows\Prefetch
2010-01-28 08:02:42 ----D---- C:\Windows\winsxs
2010-01-28 08:02:41 ----D---- C:\Program Files\Internet Explorer
2010-01-27 07:07:58 ----D---- C:\Windows\system32\catroot
2010-01-26 23:18:55 ----D---- C:\Users\User\AppData\Roaming\uTorrent
2010-01-26 15:30:00 ----D---- C:\Program Files\PHILIPS
2010-01-26 13:40:22 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-25 19:13:53 ----D---- C:\Torrenty
2010-01-22 14:14:50 ----SHD---- C:\Windows\Installer
2010-01-22 12:56:33 ----SD---- C:\ProgramData\Microsoft
2010-01-22 12:48:27 ----D---- C:\Windows\system32\migration
2010-01-19 17:46:12 ----RSD---- C:\Windows\Fonts
2010-01-18 16:44:20 ----SD---- C:\Users\User\AppData\Roaming\Microsoft
2010-01-14 18:22:47 ----D---- C:\Program Files\Google
2010-01-14 11:12:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-01-13 15:45:37 ----AD---- C:\Windows\SMINST
2010-01-13 14:08:11 ----D---- C:\ProgramData\Adobe
2010-01-13 14:08:11 ----D---- C:\Program Files\Common Files\Adobe
2010-01-13 14:08:03 ----D---- C:\Program Files\Adobe
2010-01-13 09:06:51 ----D---- C:\ProgramData\Microsoft Help
2010-01-13 09:05:53 ----D---- C:\Program Files\Windows Mail
2010-01-09 08:45:22 ----D---- C:\Program Files\ESET
2010-01-04 19:17:46 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2009-05-14 93312]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-17 8704]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-04-27 909824]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-06-05 222208]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-10-31 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-10-31 208896]
R3 KMWDFILTER;HIDUASDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-01-29 1042464]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-05-09 43040]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-07-23 9791072]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2008-04-24 14848]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-17 199344]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
R3 usbvideo;Zobrazovací zarízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-10-31 661504]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
S3 ahxz6qvd;ahxz6qvd; C:\Windows\system32\drivers\ahxz6qvd.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-08-11 23040]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-20 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-08-11 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-08-11 30208]
S3 drmkaud;Dekodér zvuku DRM jádra spolecnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-08-11 149504]
S3 samhid;samhid; C:\Windows\system32\drivers\samhid.sys [2006-01-07 7548]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\Windows\system32\DRIVERS\Rts5161ccid.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-02-26 73728]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-23 211488]
R2 Recovery Service for Windows;Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [2008-04-26 361808]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-17 386560]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-01-09 148832]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-14 20680]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe []
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-15 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-01-22 435016]

-----------------EOF-----------------

[Tom8sh16]

Stahněte MBAM, nainstalujte, dejte Úplný sken. Před skenem ještě program aktualizujte.

NIC NEMAŽTE (MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu)

Log potom pošlete sem.

[dimmilo]

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3510
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

31/01/2010 7:19:18 PM
mbam-log-2010-01-31 (19-19-07).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|E:\|F:\|G:\|)
Zkontrolované objekty: 332449
Uplynulý èas: 1 hour(s), 26 minute(s), 30 second(s)

Infikované procesy v pamìti: 0
Infikované moduly v pamìti: 0
Infikované klíèe registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáøe: 0
Infikované soubory: 5

Infikované procesy v pamìti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v pamìti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíèe registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáøe:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\msa.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\System32\spool\prtprocs\w32x86\000011db.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\System32\spool\prtprocs\w32x86\0000278b.tmp (Trojan.FakeAlert) -> No action taken.

[dimmilo]

Dobry vecer,tak jak vidite-nevypada to nejlip
-jinak jsem chtel aktualizovat MBAM pred skenem,ale bohuzel mi to hodilo hlasku,ze nelze!- Error code:732(12007,0)
-dale Vas prosim,omluvte prodlevy v nasi komunikaci,jsem v CA,to zn.,ze jste o 6hod. napred,takze se vetsinou mijime ,tak se mnou mejte trpelivost-diky!

[Tom8sh16]

Dobré odpoledne.
V MBAM klikněte na Odstranit vše.

Potom stáhněte na plochu ComboFix.
▪ Před použitím ComboFixu je doporučeno vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
▪ Po spuštění potvrďte podmínky užití.
▪ Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujících se oken.
▪ Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem.
▪ ComboFix je třeba spustit pod účtem s právy administrátora.


Co se prodlev týče - nic se neděje

[dimmilo]

Dobry vecer -tak tady to je:


ComboFix 10-02-01.02 - User 01/02/2010 15:33:13.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1029.18.1790.952 [GMT -5:00]
Running from: c:\users\User\Documents\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-01-01 to 2010-02-01 )))))))))))))))))))))))))))))))
.

2010-02-01 20:44 . 2010-02-01 20:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-31 22:36 . 2010-01-31 22:36 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2010-01-31 22:36 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-31 22:36 . 2010-01-31 22:36 -------- d-----w- c:\programdata\Malwarebytes
2010-01-31 22:36 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-31 22:36 . 2010-02-01 00:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-31 16:08 . 2010-01-31 16:09 -------- d-----w- c:\program files\trend micro
2010-01-31 16:08 . 2010-01-31 16:09 -------- d-----w- C:\rsit
2010-01-31 12:44 . 2010-01-31 12:45 -------- d-----w- c:\program files\Ultimate Process Manager
2010-01-30 13:34 . 2009-12-30 16:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-01-30 13:03 . 2010-01-30 13:03 -------- d-----w- c:\users\User\AppData\Local\VS Revo Group
2010-01-26 20:30 . 2006-01-07 16:09 7548 ----a-w- c:\windows\system32\drivers\Samhid.sys
2010-01-22 19:14 . 2009-10-30 20:08 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2010-01-22 19:14 . 2009-10-30 20:01 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-22 19:14 . 2009-10-30 20:01 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-01-22 19:13 . 2010-01-22 19:14 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-01-22 02:28 . 2010-01-22 02:28 -------- d-----w- c:\users\User\AppData\Roaming\TuneUp Software
2010-01-22 02:27 . 2010-01-22 02:27 -------- d-----w- c:\programdata\TuneUp Software
2010-01-22 02:26 . 2010-01-22 02:26 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-01-20 21:30 . 2010-01-26 18:40 -------- d-----w- c:\program files\MC2
2010-01-19 22:45 . 2010-01-19 22:54 -------- d-----w- c:\program files\VirtualDJ
2010-01-19 02:35 . 2010-01-19 02:35 -------- d-----w- c:\program files\Lavalys
2010-01-13 19:33 . 2010-01-13 20:46 -------- d-----w- C:\Temp
2010-01-12 19:20 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 19:20 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-05 14:46 . 2010-01-28 17:00 -------- d-----w- c:\users\User\AppData\Local\MediaMonkey
2010-01-05 14:46 . 2010-01-05 14:47 -------- d-----w- c:\program files\MediaMonkey

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-01 20:25 . 2009-09-15 17:37 49942 ----a-w- c:\windows\system32\perfh005.dat
2010-02-01 20:25 . 2009-09-15 17:37 15742 ----a-w- c:\windows\system32\perfc005.dat
2010-02-01 20:25 . 2008-08-11 10:56 672380 ----a-w- c:\windows\system32\perfh00C.dat
2010-02-01 20:25 . 2008-08-11 10:56 127578 ----a-w- c:\windows\system32\perfc00C.dat
2010-02-01 20:22 . 2009-10-12 20:10 -------- d-----w- c:\users\User\AppData\Roaming\Skype
2010-02-01 20:17 . 2009-09-18 13:33 31776 ----a-w- c:\programdata\nvModes.dat
2010-02-01 20:16 . 2008-08-11 12:18 12 ----a-w- c:\windows\bthservsdp.dat
2010-02-01 20:16 . 2009-09-21 02:13 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-02-01 17:44 . 2009-09-15 11:05 -------- d-----w- c:\users\User\AppData\Roaming\skypePM
2010-01-31 06:47 . 2009-09-21 02:26 -------- d-----w- c:\users\User\AppData\Roaming\LangSoft
2010-01-31 06:47 . 2009-10-15 18:39 -------- d-----w- c:\programdata\HP Product Assistant
2010-01-31 04:10 . 2009-09-15 17:55 -------- d-----w- c:\program files\VS Revo Group
2010-01-27 04:18 . 2009-09-15 20:32 -------- d-----w- c:\users\User\AppData\Roaming\uTorrent
2010-01-26 20:30 . 2009-11-22 23:27 -------- d-----w- c:\program files\PHILIPS
2010-01-26 18:40 . 2008-08-11 12:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-25 14:14 . 2009-09-18 17:27 680 ----a-w- c:\users\User\AppData\Local\d3d9caps.dat
2010-01-19 23:56 . 2009-09-04 17:24 107320 ----a-w- c:\users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-14 23:22 . 2009-09-15 16:15 -------- d-----w- c:\program files\Google
2010-01-14 16:12 . 2009-10-03 12:13 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 19:08 . 2009-09-04 17:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-13 14:06 . 2009-09-04 17:10 -------- d-----w- c:\programdata\Microsoft Help
2010-01-13 14:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-09 13:45 . 2009-09-14 23:28 -------- d-----w- c:\program files\ESET
2010-01-02 06:38 . 2010-01-21 21:19 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 21:19 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-21 21:19 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-21 21:19 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-30 21:46 . 2009-12-30 20:06 -------- d-----w- c:\programdata\Apple Computer
2009-12-30 21:46 . 2009-12-30 20:01 -------- d-----w- c:\program files\Common Files\Apple
2009-12-30 20:15 . 2009-12-30 20:11 -------- d-----w- c:\users\User\AppData\Roaming\Apple Computer
2009-12-30 20:08 . 2009-12-30 20:08 -------- d-----w- c:\program files\Bonjour
2009-12-30 20:01 . 2009-12-30 20:01 -------- d-----w- c:\programdata\Apple
2009-12-28 23:03 . 2009-12-28 23:03 -------- d-----w- c:\program files\VDOWNLOADER
2009-12-26 14:30 . 2009-10-05 13:43 520192 ----a-w- c:\programdata\LangSoft\WebIE.dll
2009-12-26 14:30 . 2009-09-21 02:47 -------- d-----w- c:\programdata\LangSoft
2009-12-26 14:30 . 2009-09-21 02:51 356352 ----a-w- c:\programdata\LangSoft\TrnOutl.dll
2009-12-26 14:30 . 2009-09-21 02:51 299008 ----a-w- c:\programdata\LangSoft\TrnWord.dll
2009-12-26 14:30 . 2009-12-26 14:30 45056 ----a-w- c:\programdata\LangSoft\TRNOEH.DLL
2009-12-26 14:30 . 2009-12-26 14:30 26624 ----a-w- c:\programdata\LangSoft\OETRN.EXE
2009-12-26 14:30 . 2009-12-26 14:30 200704 ----a-w- c:\programdata\LangSoft\TRNOET.DLL
2009-12-14 18:43 . 2009-12-14 18:43 764168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-13 19:10 . 2009-12-13 19:10 -------- d-----w- c:\users\User\AppData\Roaming\GTek
2009-12-12 13:08 . 2009-09-04 18:24 -------- d-----w- c:\users\User\AppData\Roaming\CyberLink
2009-12-07 14:19 . 2009-09-04 17:15 -------- d-----w- c:\users\User\AppData\Roaming\Hewlett-Packard
2009-11-17 14:05 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-09 12:31 . 2009-12-14 18:24 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-14 18:24 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-14 18:24 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-08-11 10:58 . 2008-08-11 10:58 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-15 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"OEXPRESS"="c:\programdata\LangSoft\OETRN.EXE" [2009-12-26 26624]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Update ESET's license.lnk - c:\program files\ESET\MiNODLogin\MiNODLogin.exe [2009-12-9 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"BMIMZMHMFM"=c:\users\User\AppData\Local\Temp\Vlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):b4,55,5f,1a,2b,36,ca,01

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14/05/2009 2:47 PM 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14/05/2009 2:47 PM 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [14/05/2009 2:49 PM 93312]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [11/08/2008 9:36 AM 361808]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30/10/2009 3:05 PM 1021256]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [11/08/2008 8:12 AM 193840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [09/05/2008 2:17 PM 43040]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 7:24 AM 10064]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [20/09/2009 9:09 PM 721904]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [20/01/2008 9:23 PM 21504]
S3 Revoflt;Revoflt;c:\windows\System32\drivers\revoflt.sys [30/01/2010 8:34 AM 27192]
S3 samhid;samhid;c:\windows\System32\drivers\Samhid.sys [26/01/2010 3:30 PM 7548]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-02-01 c:\windows\Tasks\HPCeeScheduleForUser.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-11 22:14]

2010-02-01 c:\windows\Tasks\User_Feed_Synchronization-{1C55BF7C-8793-4B24-95A7-4A92D3AB8F5E}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://seznam.cz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
TCP: {172735A0-5E3B-455A-BA37-9E21BE0BA809} = 93.188.162.115,93.188.161.93
TCP: {A178580B-3C76-443C-B8AE-9FBD6A94A3A1} = 93.188.162.115,93.188.161.93
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\k2o1gici.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-01 15:44
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll atapi.sys >>UNKNOWN [0x874CF8C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x807a0d24
\Driver\ACPI -> acpi.sys @ 0x8060ed68
\Driver\atapi -> atapi.sys @ 0x828a99b0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-02-01 15:49:28
ComboFix-quarantined-files.txt 2010-02-01 20:49

Pre-Run: Volných bajtu: 36,389,199,872
Post-Run: Volných bajtu: 36,077,166,592

- - End Of File - - B8C5C257C3AE1BF1C3892795F07A38B7

[Tom8sh16]

Dobrý večer.

Tento soubor:
c:\windows\System32\drivers\revoflt.sys
otestujte na virustotal.com a vložte sem pouze odkaz (link) k výsledku.
Pokud se u souboru zobrazí, že už dříve byl testován, klikněte na tlačítko Otestovat soubor znovu.

(Poznámka: pokud by nějaké soubory nebyly k nalezení, přesvědčte se, zda máte zapnuté zobrazování skrytých souborů a složek, pokud ne, tak Nabídka Start -> Ovládací panely -> Možnosti složky -> Zobrazení -> Zobrazovat skryté soubory a složky -> OK)

[dimmilo]

zdravim,tak tady to je:


http://www.virustotal.com/cs/analisis/5 ... 1265147898

[Tom8sh16]

Dobré ráno.
Log vypadá OK, jaký je stav PC?

[dimmilo]

Dobre rano.

Problemy ustaly,PC bezi svizneji,stranky uz nevyskakuji takze ....co Vy na to??

[Tom8sh16]

V takovém případě myslím, že už jen dočistíme a je to vše


Na dočištění použijte T-Cleaner, viz. můj podpis.
Pro potvrzení stiskněte vždy klávesu A nebo Enter.
(Poznámka: Některé antiviry chybně tuto utilitu označují jako vir. Pokud by ho tedy antivir blokoval, vypněte ho, stáhněte a použijte T-Cleaner, a pak antivir zase zapněte).


a ještě ATF Cleaner, viz. můj podpis
Po spuštění staženého souboru se objeví okno:

Zatrhněte Select All, klikněte na Empty Selected + všechny aktivní záložky (nahoře) - Main, Firefox + Opera a pak Exit

Potom už jen restartujte PC

[dimmilo]

Zdravim.

Tak jsem vycistil a restartoval!
Pracovat pod vasim vedenim je, i pro PC-analfabeta jako jsem ja,radost a pohoda
Mnohokrat dekuji za pomoc!
Mejte se.

[Tom8sh16]

Není zač, rád jsem Vám pomohl