Nelze spustis antivir ani IE

[Tai1Gunner]

Ahoj, prosim o pomoc mam problem nelze mi spustit IE a ani antivir, po pokusi preinstalovat ho mi napise "Sluzba ESET service (ekrn) nelze spustit. Presvedcte se, zda mate dostatecna opravneni pro spousteni systemovych sluzeb".

tady je log z combofixu:

ComboFix 11-06-22.03 - Lada 23.06.2011 10:50:50.1.1 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2048.903 [GMT 2:00]
Spuštěný z: c:\users\Lada\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-23 do 2011-06-23 )))))))))))))))))))))))))))))))
.
.
2011-06-23 09:02 . 2011-06-23 09:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-22 10:57 . 2011-06-20 06:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F49F1C9F-B20F-4C77-B173-D5D2F6AE7446}\mpengine.dll
2011-06-19 11:59 . 2011-06-22 11:28 -------- d-----w- C:\8ffc7fd40e86cbff785c20b3ceff0383
2011-06-16 08:11 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-16 08:11 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-16 08:11 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-16 08:09 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 08:08 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 08:08 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-16 08:08 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 08:08 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-16 08:08 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 08:08 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 08:08 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 08:08 . 2011-05-04 02:43 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 08:08 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 08:08 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-10 08:14 . 2011-06-10 08:14 -------- d-----w- c:\users\Lada\AppData\Local\Apple Computer
2011-06-10 08:14 . 2011-06-10 08:15 -------- d-----w- c:\users\Lada\AppData\Roaming\Apple Computer
2011-06-10 08:13 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-06-10 08:13 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-06-10 08:12 . 2011-06-10 08:12 -------- d-----w- c:\program files\iPod
2011-06-10 08:12 . 2011-06-10 08:13 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-06-10 08:12 . 2011-06-10 08:13 -------- d-----w- c:\program files\iTunes
2011-06-10 08:10 . 2011-06-10 08:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-06-10 08:10 . 2011-06-10 08:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-06-10 08:10 . 2011-06-10 08:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-06-10 08:10 . 2011-06-10 08:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-06-10 08:10 . 2011-06-10 08:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-06-10 08:10 . 2011-06-10 08:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-06-10 08:10 . 2011-06-10 08:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-06-10 08:10 . 2011-06-10 08:10 -------- d-----w- c:\program files\QuickTime
2011-06-10 08:10 . 2011-06-10 08:12 -------- d-----w- c:\programdata\Apple Computer
2011-06-10 08:10 . 2011-06-10 08:10 -------- d-----w- c:\users\Lada\AppData\Local\Apple
2011-06-10 08:10 . 2011-06-10 08:10 -------- d-----w- c:\program files\Apple Software Update
2011-06-10 08:09 . 2011-06-10 08:09 -------- d-----w- c:\program files\Bonjour
2011-06-10 08:09 . 2011-06-10 08:12 -------- d-----w- c:\program files\Common Files\Apple
2011-06-10 08:09 . 2011-06-10 08:09 -------- d-----w- c:\programdata\Apple
2011-06-09 16:05 . 2011-06-09 16:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 18:37 . 2011-06-02 18:37 -------- d-----w- c:\users\Lada\AppData\Local\CrashRpt
2011-06-02 11:54 . 2011-06-02 11:54 -------- d-----w- c:\users\Lada\AppData\Local\The Witcher 2
2011-06-02 10:36 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-06-02 10:36 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-06-02 10:36 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-06-02 10:36 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-06-02 10:36 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-06-02 10:36 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-06-02 10:36 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-06-02 10:36 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-06-02 10:36 . 2011-06-02 18:38 -------- d--h--w- c:\windows\msdownld.tmp
2011-05-24 15:05 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 17:14 . 2010-10-01 20:31 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-22 18:49 . 2011-05-22 18:49 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-22 18:49 . 2011-05-22 18:49 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-22 18:49 . 2011-05-22 18:49 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-22 18:49 . 2011-05-22 18:49 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-05-22 18:49 . 2011-05-22 18:49 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-22 18:49 . 2011-05-22 18:49 367104 ----a-w- c:\windows\system32\html.iec
2011-05-22 18:49 . 2011-05-22 18:49 161792 ----a-w- c:\windows\system32\msls31.dll
2011-05-22 18:49 . 2011-05-22 18:49 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-05-22 18:49 . 2011-05-22 18:49 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-22 18:49 . 2011-05-22 18:49 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-05-22 18:49 . 2011-05-22 18:49 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-05-22 18:49 . 2011-05-22 18:49 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-05-22 18:49 . 2011-05-22 18:49 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-22 18:49 . 2011-05-22 18:49 152064 ----a-w- c:\windows\system32\wextract.exe
2011-05-22 18:49 . 2011-05-22 18:49 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-05-22 18:49 . 2011-05-22 18:49 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-22 18:49 . 2011-05-22 18:49 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-22 18:49 . 2011-05-22 18:49 11776 ----a-w- c:\windows\system32\mshta.exe
2011-05-22 18:49 . 2011-05-22 18:49 101888 ----a-w- c:\windows\system32\admparse.dll
2011-05-22 18:48 . 2011-05-22 18:48 801792 ----a-w- c:\windows\system32\FntCache.dll
2011-05-22 18:48 . 2011-05-22 18:48 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-05-22 18:48 . 2011-05-22 18:48 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-05-22 18:48 . 2011-05-22 18:48 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-05-22 18:48 . 2011-05-22 18:48 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-05-22 18:48 . 2011-05-22 18:48 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-05-22 18:48 . 2011-05-22 18:48 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-05-22 18:48 . 2011-05-22 18:48 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-05-22 18:48 . 2011-05-22 18:48 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-05-22 18:48 . 2011-05-22 18:48 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-05-22 18:48 . 2011-05-22 18:48 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-05-22 18:48 . 2011-05-22 18:48 107520 ----a-w- c:\windows\system32\cdd.dll
2011-05-22 18:48 . 2011-05-22 18:48 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-05-22 18:48 . 2011-05-22 18:48 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-22 18:48 . 2011-05-22 18:48 3181568 ----a-w- c:\windows\system32\mf.dll
2011-05-22 18:48 . 2011-05-22 18:48 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-05-02 10:01 . 2011-05-02 10:01 60416 ----a-w- c:\windows\ALCFDRTM.VER
2011-05-02 10:01 . 2011-05-02 10:01 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2011-04-09 06:13 . 2011-05-11 18:09 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 18:09 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-08 15:36 . 2011-04-08 15:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 08:55 . 2011-04-06 08:51 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-04-06 08:55 . 2011-04-06 08:51 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-03-26 14:02 . 2011-03-26 14:02 53723 ----a-w- c:\windows\system32\cmonywbmlrkt.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
"Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-09-06 143360]
"chromium"="c:\users\Lada\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-06-13 1011768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2006-12-26 196608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2009-06-03 237568]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 131072]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-08-15 24576]
"V0270Mon.exe"="c:\windows\V0270Mon.exe" [2006-09-26 32768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
R2 AutoPower;Auto Power-on;c:\program files\Auto Power-on\AutoPower.exe [2005-07-25 544768]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 PortTalk;PortTalk;c:\windows\system32\Drivers\PortTalk.sys [2002-01-12 3567]
R3 SaiK0836;SaiK0836;c:\windows\system32\DRIVERS\SaiK0836.sys [2008-09-12 107008]
R3 VF0270Dev;Live! Cam Optia;c:\windows\system32\DRIVERS\V0270Dev.sys [2006-10-16 225632]
R3 VF0270Vfx;VF0270 Video FX;c:\windows\system32\DRIVERS\V0270VFx.sys [2006-06-19 6912]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-01 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-02 691696]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2422347328-4078365919-150872135-1000Core.job
- c:\users\Lada\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-13 09:03]
.
2011-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2422347328-4078365919-150872135-1000UA.job
- c:\users\Lada\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-13 09:03]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: En&queue current page with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link target with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{E4CA1BA8-67C9-1AC7-213C-5FC6C9BB7144} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-hxglyacyzetywxfct - c:\windows\system32\xnaugydgjnmpbpqa.dll
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2422347328-4078365919-150872135-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2d,a3,a6,7b,cc,dc,5f,26,81,d0,43,d2,9c,4d,1c,bd,86,c5,22,2e,22,ae,30,
0b,19,c8,ec,23,d8,58,42,6a,0f,eb,6f,9f,67,9d,1b,4e,12,1c,f4,33,20,5d,f0,cc,\
"??"=hex:dd,fb,e2,9c,8e,01,c2,67,2f,5f,2b,e3,d4,64,80,f8
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-06-23 11:11:42
ComboFix-quarantined-files.txt 2011-06-23 09:11
.
Před spuštěním: Volných bajtů: 41 300 029 440
Po spuštění: Volných bajtů: 41 176 879 104
.
- - End Of File - - 75994FE5A97518D7D6A456DAF9F0FFD5

[Roli]

Zdravím, jsi si vědom že ComboFix není dětská hračka ?

No nic už se stalo, ale než budeme pokračovat tal tohle :

c:\windows\system32\cmonywbmlrkt.exe

otestuj na VIRUSTOTAL

(po načtení stránky klikni na tlačítko Procházet, najdi cestu k výše zmíněnému souboru a klikni na tlačítko Odeslat soubor

trvá to okolo deseti minut pak mi sem zkopíruj link, to je ten řádek nahoře v prohlížeči)

Pokud ti to napíše že soubor již byl testován nech otestovat znovu.

[Tai1Gunner]

diky za odpoved, jo vim ze combofix bude mocny nastroj ale docetl jsem se o nem na jinych strankach a podle navodu co tam byl jsem ho pouzil.

Nicméně jsem nechal projet ten soubor a tady je vysledek:

http://www.virustotal.com/file-scan/rep ... 1308825465

[Roli]

No prosím, je to šmejd jak jsem si myslel, tak že budeme mazat.

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

File::  
c:\windows\system32\cmonywbmlrkt.exe

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[Tai1Gunner]

tak tady je ten log:

ComboFix 11-06-22.03 - Lada 23.06.2011 17:00:51.2.1 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2048.1289 [GMT 2:00]
Spuštěný z: c:\users\Lada\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Lada\Desktop\CFScript.txt.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\cmonywbmlrkt.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\cmonywbmlrkt.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-23 do 2011-06-23 )))))))))))))))))))))))))))))))
.
.
2011-06-23 15:11 . 2011-06-23 15:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-22 10:57 . 2011-06-20 06:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F49F1C9F-B20F-4C77-B173-D5D2F6AE7446}\mpengine.dll
2011-06-19 11:59 . 2011-06-22 11:28 -------- d-----w- C:\8ffc7fd40e86cbff785c20b3ceff0383
2011-06-16 08:11 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-16 08:11 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-16 08:11 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-16 08:09 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 08:08 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 08:08 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-16 08:08 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 08:08 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-16 08:08 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 08:08 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 08:08 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 08:08 . 2011-05-04 02:43 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 08:08 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 08:08 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-10 08:14 . 2011-06-10 08:14 -------- d-----w- c:\users\Lada\AppData\Local\Apple Computer
2011-06-10 08:14 . 2011-06-10 08:15 -------- d-----w- c:\users\Lada\AppData\Roaming\Apple Computer
2011-06-10 08:13 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-06-10 08:13 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-06-10 08:12 . 2011-06-10 08:12 -------- d-----w- c:\program files\iPod
2011-06-10 08:12 . 2011-06-10 08:13 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-06-10 08:12 . 2011-06-10 08:13 -------- d-----w- c:\program files\iTunes
2011-06-10 08:10 . 2011-06-10 08:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-06-10 08:10 . 2011-06-10 08:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-06-10 08:10 . 2011-06-10 08:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-06-10 08:10 . 2011-06-10 08:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-06-10 08:10 . 2011-06-10 08:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-06-10 08:10 . 2011-06-10 08:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-06-10 08:10 . 2011-06-10 08:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-06-10 08:10 . 2011-06-10 08:10 -------- d-----w- c:\program files\QuickTime
2011-06-10 08:10 . 2011-06-10 08:12 -------- d-----w- c:\programdata\Apple Computer
2011-06-10 08:10 . 2011-06-10 08:10 -------- d-----w- c:\users\Lada\AppData\Local\Apple
2011-06-10 08:10 . 2011-06-10 08:10 -------- d-----w- c:\program files\Apple Software Update
2011-06-10 08:09 . 2011-06-10 08:09 -------- d-----w- c:\program files\Bonjour
2011-06-10 08:09 . 2011-06-10 08:12 -------- d-----w- c:\program files\Common Files\Apple
2011-06-10 08:09 . 2011-06-10 08:09 -------- d-----w- c:\programdata\Apple
2011-06-09 16:05 . 2011-06-09 16:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 18:37 . 2011-06-02 18:37 -------- d-----w- c:\users\Lada\AppData\Local\CrashRpt
2011-06-02 11:54 . 2011-06-02 11:54 -------- d-----w- c:\users\Lada\AppData\Local\The Witcher 2
2011-06-02 10:36 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-06-02 10:36 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-06-02 10:36 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-06-02 10:36 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-06-02 10:36 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-06-02 10:36 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-06-02 10:36 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-06-02 10:36 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-06-02 10:36 . 2011-06-02 18:38 -------- d--h--w- c:\windows\msdownld.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 17:14 . 2010-10-01 20:31 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-22 18:49 . 2011-05-22 18:49 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-22 18:49 . 2011-05-22 18:49 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-22 18:49 . 2011-05-22 18:49 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-22 18:49 . 2011-05-22 18:49 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-05-22 18:49 . 2011-05-22 18:49 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-22 18:49 . 2011-05-22 18:49 367104 ----a-w- c:\windows\system32\html.iec
2011-05-22 18:49 . 2011-05-22 18:49 161792 ----a-w- c:\windows\system32\msls31.dll
2011-05-22 18:49 . 2011-05-22 18:49 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-05-22 18:49 . 2011-05-22 18:49 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-22 18:49 . 2011-05-22 18:49 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-05-22 18:49 . 2011-05-22 18:49 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-05-22 18:49 . 2011-05-22 18:49 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-05-22 18:49 . 2011-05-22 18:49 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-22 18:49 . 2011-05-22 18:49 152064 ----a-w- c:\windows\system32\wextract.exe
2011-05-22 18:49 . 2011-05-22 18:49 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-05-22 18:49 . 2011-05-22 18:49 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-22 18:49 . 2011-05-22 18:49 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-22 18:49 . 2011-05-22 18:49 11776 ----a-w- c:\windows\system32\mshta.exe
2011-05-22 18:49 . 2011-05-22 18:49 101888 ----a-w- c:\windows\system32\admparse.dll
2011-05-22 18:48 . 2011-05-22 18:48 801792 ----a-w- c:\windows\system32\FntCache.dll
2011-05-22 18:48 . 2011-05-22 18:48 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-05-22 18:48 . 2011-05-22 18:48 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-05-22 18:48 . 2011-05-22 18:48 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-05-22 18:48 . 2011-05-22 18:48 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-05-22 18:48 . 2011-05-22 18:48 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-05-22 18:48 . 2011-05-22 18:48 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-05-22 18:48 . 2011-05-22 18:48 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-05-22 18:48 . 2011-05-22 18:48 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-05-22 18:48 . 2011-05-22 18:48 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-05-22 18:48 . 2011-05-22 18:48 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-05-22 18:48 . 2011-05-22 18:48 107520 ----a-w- c:\windows\system32\cdd.dll
2011-05-22 18:48 . 2011-05-22 18:48 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-05-22 18:48 . 2011-05-22 18:48 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-22 18:48 . 2011-05-22 18:48 3181568 ----a-w- c:\windows\system32\mf.dll
2011-05-22 18:48 . 2011-05-22 18:48 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-05-02 10:01 . 2011-05-02 10:01 60416 ----a-w- c:\windows\ALCFDRTM.VER
2011-05-02 10:01 . 2011-05-02 10:01 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2011-04-09 06:13 . 2011-05-11 18:09 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 18:09 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-24 15:05 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-04-08 15:36 . 2011-04-08 15:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 08:55 . 2011-04-06 08:51 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-04-06 08:55 . 2011-04-06 08:51 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
"Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-09-06 143360]
"Badoo Desktop"="c:\programdata\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe" [2011-06-07 1017344]
"chromium"="c:\users\Lada\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-06-13 1011768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2006-12-26 196608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2009-06-03 237568]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 131072]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-08-15 24576]
"V0270Mon.exe"="c:\windows\V0270Mon.exe" [2006-09-26 32768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
3;4 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
R2 AutoPower;Auto Power-on;c:\program files\Auto Power-on\AutoPower.exe [2005-07-25 544768]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 PortTalk;PortTalk;c:\windows\system32\Drivers\PortTalk.sys [2002-01-12 3567]
R3 SaiK0836;SaiK0836;c:\windows\system32\DRIVERS\SaiK0836.sys [2008-09-12 107008]
R3 VF0270Dev;Live! Cam Optia;c:\windows\system32\DRIVERS\V0270Dev.sys [2006-10-16 225632]
R3 VF0270Vfx;VF0270 Video FX;c:\windows\system32\DRIVERS\V0270VFx.sys [2006-06-19 6912]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-01 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-02 691696]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S4 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2422347328-4078365919-150872135-1000Core.job
- c:\users\Lada\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-13 09:03]
.
2011-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2422347328-4078365919-150872135-1000UA.job
- c:\users\Lada\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-13 09:03]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: En&queue current page with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link target with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-cmonywbmlrkt - c:\windows\system32\cmonywbmlrkt.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2422347328-4078365919-150872135-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2d,a3,a6,7b,cc,dc,5f,26,81,d0,43,d2,9c,4d,1c,bd,86,c5,22,2e,22,ae,30,
0b,19,c8,ec,23,d8,58,42,6a,0f,eb,6f,9f,67,9d,1b,4e,12,1c,f4,33,20,5d,f0,cc,\
"??"=hex:dd,fb,e2,9c,8e,01,c2,67,2f,5f,2b,e3,d4,64,80,f8
.
Celkový čas: 2011-06-23 17:14:33
ComboFix-quarantined-files.txt 2011-06-23 15:14
ComboFix2.txt 2011-06-23 09:11
.
Před spuštěním: Volných bajtů: 39 524 024 320
Po spuštění: Volných bajtů: 39 427 403 776
.
- - End Of File - - 62892F16913ACF02FA0C2715BFDD5397

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Pak dej vědět jaký je stav PC.

[Tai1Gunner]

Tak jsem to udělal přesně jak píšeš, restartoval počítač a je to beze změny IE nelze spustit a ani antivir nejde naistalovat. Tak nevim co mam delat?

[Roli]

Dej mi sem ještě aktuální log.txt z Rsit.

V mezičase zkus Internet Explorer přeinstalovat.

K tomu ESETu, máš staženou správnou verzi (32bit - 64bit) podle tvého OS ?

[Tai1Gunner]

Eset mam ve spravny verzi ale nechapu proc to nejde jsem bez antiviru. Ten IE zkusim preinstalovat a tady je ten log:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Lada at 2011-06-24 14:31:21
Microsoft Windows 7 Professional
System drive C: has 38 GB (32%) free of 120 GB
Total RAM: 2048 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:32:13, on 24.6.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Windows\V0270Mon.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\ProgramData\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Users\Lada\Desktop\RSIT.exe
C:\Program Files\trend micro\Lada.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0270Mon.exe] C:\Windows\V0270Mon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [Badoo Desktop] "C:\ProgramData\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: En&queue current page with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm
O8 - Extra context menu item: Enqueue link target with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
O8 - Extra context menu item: Open &link target with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm
O8 - Extra context menu item: Open current page with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm
O8 - Extra context menu item: Open current page with BID Link Explorer - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - http://content.systemrequirementslab.co ... 1.72.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Auto Power-on (AutoPower) - Unknown owner - C:\Program Files\Auto Power-on\AutoPower.exe
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 6683 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2422347328-4078365919-150872135-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2422347328-4078365919-150872135-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-08 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2006-12-26 196608]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"SoundMan"=C:\Windows\SOUNDMAN.EXE [2009-04-14 604704]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"ProfilerU"=C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [2009-06-03 237568]
"SaiMfd"=C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [2009-06-03 131072]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"AVFX Engine"=C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe [2006-08-16 24576]
"V0270Mon.exe"=C:\Windows\V0270Mon.exe [2006-09-26 32768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2011-03-09 247728]
"Creative Live! Cam Manager"=C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe [2006-09-06 143360]
"Badoo Desktop"=C:\ProgramData\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe [2011-06-07 1017344]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-05-22 203776]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-06-24 14:31:21 ----D---- C:\rsit
2011-06-24 14:31:21 ----D---- C:\Program Files\trend micro
2011-06-23 17:14:40 ----SHD---- C:\$RECYCLE.BIN
2011-06-23 17:14:34 ----A---- C:\ComboFix.txt
2011-06-23 10:47:17 ----D---- C:\Windows\ERDNT
2011-06-22 13:17:20 ----D---- C:\ProgramData\ESET
2011-06-22 12:40:39 ----A---- C:\Windows\CompatibilityIssues.txt
2011-06-19 13:59:10 ----D---- C:\8ffc7fd40e86cbff785c20b3ceff0383
2011-06-16 10:11:55 ----A---- C:\Windows\system32\mshtmled.dll
2011-06-16 10:11:53 ----A---- C:\Windows\system32\jscript9.dll
2011-06-16 10:11:53 ----A---- C:\Windows\system32\jscript.dll
2011-06-16 10:11:53 ----A---- C:\Windows\system32\ieui.dll
2011-06-16 10:11:53 ----A---- C:\Windows\system32\iertutil.dll
2011-06-16 10:11:51 ----A---- C:\Windows\system32\mshtml.dll
2011-06-16 10:11:50 ----A---- C:\Windows\system32\urlmon.dll
2011-06-16 10:11:50 ----A---- C:\Windows\system32\ieframe.dll
2011-06-16 10:09:01 ----A---- C:\Windows\system32\oleaut32.dll
2011-06-16 10:08:59 ----A---- C:\Windows\system32\drivers\dfsc.sys
2011-06-16 10:08:57 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-06-16 10:08:57 ----A---- C:\Windows\system32\drivers\afd.sys
2011-06-16 10:08:55 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-06-16 10:08:55 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-06-16 10:08:55 ----A---- C:\Windows\system32\drivers\srv.sys
2011-06-16 10:08:52 ----A---- C:\Windows\system32\inetcomm.dll
2011-06-16 10:08:51 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-06-16 10:08:51 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-06-16 10:08:51 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-06-10 10:14:35 ----D---- C:\Users\Lada\AppData\Roaming\Apple Computer
2011-06-10 10:13:45 ----A---- C:\Windows\system32\GEARAspi.dll
2011-06-10 10:13:45 ----A---- C:\Windows\system32\drivers\GEARAspiWDM.sys
2011-06-10 10:12:05 ----D---- C:\Program Files\iPod
2011-06-10 10:12:04 ----D---- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-06-10 10:12:04 ----D---- C:\Program Files\iTunes
2011-06-10 10:10:24 ----D---- C:\Program Files\QuickTime
2011-06-10 10:10:22 ----D---- C:\ProgramData\Apple Computer
2011-06-10 10:10:02 ----D---- C:\Program Files\Apple Software Update
2011-06-10 10:09:21 ----D---- C:\Program Files\Bonjour
2011-06-10 10:09:06 ----D---- C:\ProgramData\Apple
2011-06-10 10:09:06 ----D---- C:\Program Files\Common Files\Apple
2011-06-09 18:05:27 ----D---- C:\ProgramData\Badoo
2011-06-02 12:36:50 ----A---- C:\Windows\system32\XAudio2_7.dll
2011-06-02 12:36:50 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2011-06-02 12:36:49 ----A---- C:\Windows\system32\xactengine3_7.dll
2011-06-02 12:36:49 ----A---- C:\Windows\system32\d3dx11_43.dll
2011-06-02 12:36:49 ----A---- C:\Windows\system32\d3dcsx_43.dll
2011-06-02 12:36:49 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2011-06-02 12:36:48 ----A---- C:\Windows\system32\D3DX9_43.dll
2011-06-02 12:36:48 ----A---- C:\Windows\system32\d3dx10_43.dll
2011-06-02 12:36:03 ----HD---- C:\Windows\msdownld.tmp

======List of files/folders modified in the last 1 months======

2011-06-24 14:31:39 ----D---- C:\Windows\Temp
2011-06-24 14:31:21 ----RD---- C:\Program Files
2011-06-24 14:15:57 ----RSD---- C:\Windows\assembly
2011-06-24 14:15:57 ----D---- C:\Windows\Microsoft.NET
2011-06-24 14:11:22 ----D---- C:\Windows\system32\config
2011-06-24 14:08:22 ----D---- C:\ProgramData\NVIDIA
2011-06-24 04:31:02 ----SHD---- C:\Windows\Installer
2011-06-24 04:30:57 ----SHD---- C:\System Volume Information
2011-06-24 04:28:47 ----D---- C:\Config.Msi
2011-06-24 04:28:45 ----D---- C:\Windows\system32\drivers
2011-06-24 04:26:44 ----D---- C:\Windows\system32\DriverStore
2011-06-24 04:26:44 ----D---- C:\Windows\system32\catroot
2011-06-24 04:26:44 ----D---- C:\Windows\inf
2011-06-24 00:43:35 ----D---- C:\Users\Lada\AppData\Roaming\uTorrent
2011-06-24 00:36:02 ----D---- C:\Windows\Prefetch
2011-06-24 00:36:02 ----D---- C:\Windows
2011-06-23 22:05:10 ----D---- C:\Windows\winsxs
2011-06-23 17:11:11 ----N---- C:\Windows\system.ini
2011-06-23 17:11:01 ----D---- C:\Windows\system32\drivers\etc
2011-06-23 17:10:29 ----D---- C:\Windows\System32
2011-06-23 17:10:29 ----D---- C:\Program Files\TNod User & Password Finder
2011-06-23 17:07:23 ----D---- C:\Windows\AppPatch
2011-06-23 17:07:21 ----D---- C:\Program Files\Common Files
2011-06-23 10:50:25 ----D---- C:\Windows\system32\catroot2
2011-06-23 09:58:37 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-06-23 00:26:24 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-06-22 14:15:43 ----D---- C:\Windows\system32\wdi
2011-06-22 14:10:46 ----D---- C:\ProgramData\Microsoft Help
2011-06-22 13:29:12 ----RSD---- C:\Windows\Fonts
2011-06-22 13:29:12 ----D---- C:\Windows\system32\Dism
2011-06-22 13:29:12 ----D---- C:\Windows\system32\cs-CZ
2011-06-22 13:29:12 ----D---- C:\Windows\ehome
2011-06-22 13:29:12 ----D---- C:\Program Files\Windows Media Player
2011-06-22 13:29:12 ----D---- C:\Program Files\Windows Defender
2011-06-22 13:29:12 ----D---- C:\Program Files\DVD Maker
2011-06-22 13:29:11 ----D---- C:\Windows\Tasks
2011-06-22 13:29:11 ----D---- C:\Windows\TAPI
2011-06-22 13:29:11 ----D---- C:\Windows\system32\wfp
2011-06-22 13:29:11 ----D---- C:\Windows\system32\wbem
2011-06-22 13:29:11 ----D---- C:\Windows\system32\sysprep
2011-06-22 13:29:11 ----D---- C:\Windows\system32\sppui
2011-06-22 13:29:11 ----D---- C:\Windows\system32\Setup
2011-06-22 13:29:11 ----D---- C:\Windows\system32\oobe
2011-06-22 13:29:11 ----D---- C:\Windows\system32\migwiz
2011-06-22 13:29:11 ----D---- C:\Windows\system32\migration
2011-06-22 13:29:11 ----D---- C:\Windows\system32\manifeststore
2011-06-22 13:29:11 ----D---- C:\Windows\system32\es-ES
2011-06-22 13:29:11 ----D---- C:\Windows\system32\en-US
2011-06-22 13:29:11 ----D---- C:\Windows\system32\drivers\cs-CZ
2011-06-22 13:29:11 ----D---- C:\Windows\system32\da-DK
2011-06-22 13:29:11 ----D---- C:\Windows\system32\cs
2011-06-22 13:29:10 ----D---- C:\Windows\system32\Boot
2011-06-22 13:29:10 ----D---- C:\Windows\system32\AdvancedInstallers
2011-06-22 13:29:10 ----D---- C:\Windows\servicing
2011-06-22 13:29:10 ----D---- C:\Windows\PolicyDefinitions
2011-06-22 13:29:10 ----D---- C:\Program Files\Windows Sidebar
2011-06-22 13:29:10 ----D---- C:\Program Files\Windows Photo Viewer
2011-06-22 13:29:10 ----D---- C:\Program Files\Windows Mail
2011-06-22 13:29:10 ----D---- C:\Program Files\Windows Journal
2011-06-22 13:29:10 ----D---- C:\Program Files\Internet Explorer
2011-06-22 13:28:50 ----D---- C:\Windows\system32\XPSViewer
2011-06-22 13:28:49 ----D---- C:\Windows\system32\Tasks
2011-06-22 13:28:49 ----D---- C:\Windows\system32\SPReview
2011-06-22 13:28:49 ----D---- C:\Windows\system32\spp
2011-06-22 13:28:48 ----D---- C:\Windows\system32\Speech
2011-06-22 13:28:48 ----D---- C:\Windows\system32\MUI
2011-06-22 13:28:46 ----D---- C:\Windows\system32\CodeIntegrity
2011-06-22 13:28:46 ----D---- C:\Windows\security
2011-06-22 13:28:37 ----D---- C:\Program Files\TomTom HOME 2
2011-06-22 13:27:50 ----D---- C:\Windows\registration
2011-06-22 13:20:44 ----D---- C:\Windows\system32\LogFiles
2011-06-22 13:17:20 ----D---- C:\ProgramData
2011-06-22 13:15:25 ----D---- C:\Program Files\Windows Portable Devices
2011-06-22 12:48:14 ----D---- C:\Windows\debug
2011-06-16 22:55:14 ----D---- C:\Program Files\Microsoft Silverlight
2011-06-16 10:15:22 ----A---- C:\Windows\system32\MRT.exe
2011-06-13 21:35:29 ----D---- C:\Users\Lada\AppData\Roaming\Skype
2011-06-13 21:31:06 ----D---- C:\Users\Lada\AppData\Roaming\skypePM
2011-06-10 10:13:45 ----DC---- C:\Windows\system32\DRVSTORE
2011-06-09 19:45:23 ----D---- C:\Users\Lada\AppData\Roaming\ICQ
2011-06-09 18:05:27 ----SD---- C:\Users\Lada\AppData\Roaming\Microsoft
2011-06-04 12:50:19 ----HD---- C:\Program Files\InstallShield Installation Information
2011-06-02 20:38:52 ----D---- C:\Windows\system32\directx

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-10-02 691696]
R1 Amfilter;A4Tech Mouse Filter Driver; C:\Windows\system32\DRIVERS\Amfilter.sys [2006-12-15 8704]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2011-04-06 281760]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2011-04-06 25888]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC.SYS [2009-06-18 4172832]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-12-26 25280]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-14 347264]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 SaiMini;SaiMini; C:\Windows\system32\DRIVERS\SaiMini.sys [2009-06-10 14080]
R3 SaiNtBus;SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [2009-06-10 36992]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2010-04-27 22856]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2010-04-27 66632]
S3 a5i2eoq2;a5i2eoq2; C:\Windows\system32\drivers\a5i2eoq2.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\Windows\system32\DRIVERS\Amusbprt.sys [2006-12-15 13824]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 catchme;catchme; \??\C:\Users\Lada\AppData\Local\Temp\catchme.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 16384]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2010-07-30 18048]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2010-07-30 23040]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PortTalk;PortTalk; C:\Windows\System32\Drivers\PortTalk.sys [2002-01-12 3567]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2009-07-14 5632]
S3 SaiK0836;SaiK0836; C:\Windows\system32\DRIVERS\SaiK0836.sys [2008-09-12 107008]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2009-07-14 28224]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2010-07-30 8192]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2010-07-30 8192]
S3 VF0270Dev;Live! Cam Optia; C:\Windows\system32\DRIVERS\V0270Dev.sys [2006-10-16 225632]
S3 VF0270Vfx;VF0270 Video FX; C:\Windows\system32\DRIVERS\V0270VFx.sys [2006-06-19 6912]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2010-04-27 37704]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2010-04-27 15048]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AutoPower;Auto Power-on; C:\Program Files\Auto Power-on\AutoPower.exe [2005-07-25 544768]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2010-03-25 490280]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-10-16 600680]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe []
S2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-10-17 411432]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-10-02 1343400]

-----------------EOF-----------------

[Tai1Gunner]

ten IE9 jsem zkusil odinstalovat pres programy a funkce v aktualizacich microsoft windows ale neni tam pak jsem zkusil zapnou a vypnout funkce windows IE8 ale nic nepomohlo kdyz si stahnu z webu microsoft instalacku IE9 tak mi napise ze instalace nebyla dokoncena a ze v systemu mam uz nejnovejsi verzi IE.

[Roli]

Tohle fixni v HJT :

R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (file missing)

HJT najdeš zde :

C:\Program Files\trend micro\Lada.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


K tomu ESETu, vidíš ho v nainstalovaných programech a instaluješ ho jako admin ?

K tomu IE 9, TENHLE postup nefunguje ?

[Tai1Gunner]

Tak jsem vše udělal jak píšeš ale je to furt bezezměny. A přesně podle toho návodu jak mi dáváš na ten IE jsem dělal anic. Furt to nefunguje ani IE ani ten eset je to nějaké zapeklité, napadá tě ještě něco????

[Tai1Gunner]

Ten eset nevidim v nainstalovanejch programech prestal fungovat tak jsem ho odinstaloval a chtel znova naistalovat a zacal pak psat tu hlasku ze nemam prava. Ale tohle se stalo vlastne kdyz mi windows nabizel nejake aktualizace systemu tak to zaclo vsechno blbnout, pak jsem dal instalacni cd win7 do mechaniky a nacetlo mi to posledni funkcni bod systemu...

[Roli]

Ještě odmažeme nějaké zbytky po ESETu.

Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files 
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\Program Files\ESET\ESET Smart Security
C:\ProgramData\ESET

:services
ekrn

:commands
[purity]
[emptytemp]
[start explorer]

klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\


Nevidím že bys měl nainstalovaný Service Pack 1 tak to naprav.


Také mě napadá, máš aktualizované ovladače od grafiky ?


Dále klikni pravím myšítkem na ikonu IE, vyber Vlastnosti a někde tam je tuším Nastavení grafické akcelerace

a zvol používat Software Rendering.

A nebo ho zkus přes Možnosti internetu resetovat do původního nastavení.

[Tai1Gunner]

Hele kdyz jsem se pokusil nainstalovat SP1 tak mi to napise Ordinalni cislo 379 se nepodarilo v dynamicky propojovane knihovne iertutil.dll nalez a pak vyskoci dalsi okna Program nelze spustit, protoze v pocitaci chybi sqmapi.dll. Pokuste se tento problem vyresit preinstalovanim programu. A kdyz aktualizaci pustim pres windows update tak mi napise ze doslo k nezname chybe?? Jinak ovladace ke grafice jsem zaktualizoval. Jinak v tech vlastnostech IE jsem to nenasel a kdyz jsem chtel dat moznosti internetu tak to nereagovalo klikal jsem na to a chova se to mrtve nic se nespustilo proste IE je mrtvej na nic nereaguje.
A stim esetem po probehnuti programu OTMoveIt a resetu pc se nepodarilo smart security nainstalovat zase se to zaseklo pri spousteni sluzby ekrn a instalace se zrusila. Asi budu muset reinstalovat windowsy.

Jinak tady je ten log:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
C:\WINDOWS\System32\SET6A12.tmp moved successfully.
C:\WINDOWS\System32\SETDD37.tmp moved successfully.
C:\WINDOWS\System32\tmp211D.tmp moved successfully.
C:\WINDOWS\System32\tmp213D.tmp moved successfully.
C:\WINDOWS\System32\tmpC5D3.tmp moved successfully.
C:\WINDOWS\msdownld.tmp folder moved successfully.
File/Folder C:\Program Files\ESET\ESET Smart Security not found.
C:\ProgramData\ESET\ESET Smart Security\SysInspector folder moved successfully.
C:\ProgramData\ESET\ESET Smart Security folder moved successfully.
C:\ProgramData\ESET folder moved successfully.
========== SERVICES/DRIVERS ==========
Service ekrn stopped successfully!
Service ekrn deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lada
->Temp folder emptied: 19467297 bytes
->Temporary Internet Files folder emptied: 9769263 bytes
->Java cache emptied: 152315 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 16211434 bytes
->Flash cache emptied: 5592 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1142174 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 45,00 mb


OTM by OldTimer - Version 3.1.18.0 log created on 06262011_000748

Files moved on Reboot...
File C:\Windows\temp\TMP000000052FBE5BE3A0BB5BB7 not found!

Registry entries deleted on Reboot...