Kontrolu logu pls

[zac.je.toho.loket]

Zdravím,

pustil jsem bratra k PC a když jsem se vrátil a pustil ho, místo zástupců na ploše jsou všechno poznámkové bloky, po dvokliku se otevře notepad s klikyhákama. Přímo z instalační složek, ale programy a hry spustitlze, takže to vypadá na problém v registrech :-/

Tady je log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:01:39, on 6.3.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\GIGABYTE\ET6\GUI.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\regx32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Windows\system32\conime.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Gigabyte Toolkit - {b681b554-3c5c-491c-b08e-35aebfd5b3bd} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TrialReset] C:\Windows\regx32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6483 bytes

Díky za rychlou odpověď

[Reklama]

[jaro3]

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[zac.je.toho.loket]

Malwarebytes' Anti-Malware 1.34
Verze databáze: 1824
Windows 6.0.6001 Service Pack 1

6.3.2009 18:11:42
mbam-log-2009-03-06 (18-11-42).txt

Typ skenu: Rychlý sken
Objektu skenováno: 57403
Uplynulý cas: 1 minute(s), 41 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[jaro3]

Pokud máš 32 bitovou verzi win, postupuj takto:
Vypni rez. ochrany u ESS.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[zac.je.toho.loket]

ComboFix 09-03-04.01 - D&M 2009-03-06 18:21:49.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1029.18.3325.2368 [GMT 1:00]
Spuštěný z: c:\users\D&M\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *disabled*
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-02-06 do 2009-03-06 )))))))))))))))))))))))))))))))
.

2009-03-06 18:09 . 2009-03-06 18:09 <DIR> d-------- c:\users\D&M\AppData\Roaming\Malwarebytes
2009-03-06 18:09 . 2009-03-06 18:09 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-03-06 18:09 . 2009-03-06 18:09 <DIR> d-------- c:\programdata\Malwarebytes
2009-03-06 18:09 . 2009-03-06 18:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-06 18:09 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-06 18:09 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-06 17:46 . 2009-03-06 17:46 <DIR> d-------- c:\program files\Trend Micro
2009-03-04 18:40 . 2009-03-04 18:43 <DIR> d-------- c:\program files\VirtualDJ
2009-03-04 18:21 . 2009-03-04 19:01 <DIR> d-------- c:\program files\World of Warcraft
2009-03-04 18:21 . 2009-03-04 18:36 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2009-02-28 12:08 . 2009-02-28 12:36 <DIR> d-------- c:\program files\F.E.A.R. 2
2009-02-27 22:55 . 2009-02-27 22:55 <DIR> d-------- c:\program files\Free MP3 WMA WAV Converter
2009-02-27 22:55 . 2004-12-02 18:20 1,843,200 --a------ c:\windows\System32\NCTAudioFile2.dll
2009-02-27 22:55 . 2002-01-05 15:37 344,064 --a------ c:\windows\System32\msvcr70.dll
2009-02-27 22:55 . 2004-12-02 18:11 315,392 --a------ c:\windows\System32\NCTAudioPlayer2.dll
2009-02-27 22:55 . 2004-05-20 15:24 196,608 --a------ c:\windows\System32\NCTWMAFile2.dll
2009-02-27 22:26 . 2005-11-30 21:20 2,314,332 --a------ c:\windows\System32\LIBMMD.DLL
2009-02-27 22:26 . 1998-06-23 22:00 609,584 --a------ c:\windows\System32\comctl32.ocx
2009-02-27 22:26 . 2001-03-13 11:49 120,320 --a------ c:\windows\System32\comdlg32.ocx
2009-02-27 22:26 . 2000-05-22 15:58 115,920 --a------ c:\windows\System32\msinet.ocx
2009-02-22 20:17 . 2009-02-22 20:17 <DIR> d-------- c:\program files\ESET
2009-02-20 13:22 . 2009-02-20 13:22 <DIR> d-------- c:\users\All Users\Futuremark
2009-02-20 13:22 . 2009-02-20 13:22 <DIR> d-------- c:\programdata\Futuremark
2009-02-20 13:16 . 2009-02-20 13:16 <DIR> d-------- c:\windows\System32\Futuremark
2009-02-20 13:16 . 2009-02-20 13:16 <DIR> d-------- c:\program files\Common Files\Futuremark Shared
2009-02-20 13:16 . 2008-04-22 08:53 27,672 -ra------ c:\windows\System32\drivers\Entech.sys
2009-02-20 13:15 . 2009-02-20 13:15 <DIR> d-------- c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2009-02-20 13:15 . 2009-02-20 13:15 <DIR> d-------- c:\program files\Futuremark
2009-02-19 21:53 . 2009-02-19 21:58 <DIR> d-------- C:\l4d backup
2009-02-19 21:10 . 2009-02-19 21:10 <DIR> d-------- c:\windows\Left 4 Dead
2009-02-19 21:10 . 2009-03-06 16:51 <DIR> d-------- c:\program files\Left 4 Dead
2009-02-16 21:10 . 2009-02-16 21:18 <DIR> d-------- c:\users\D&M\AppData\Roaming\Winamp
2009-02-15 21:16 . 2009-02-15 21:16 <DIR> d-------- c:\users\D&M\AppData\Roaming\Leadertech
2009-02-15 21:11 . 2009-02-15 21:11 <DIR> d-------- c:\program files\EA Sports
2009-02-15 15:58 . 2009-02-15 16:10 <DIR> d-------- c:\program files\Counter-Strike Source
2009-02-12 11:14 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-12 11:14 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-12 11:14 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-12 11:14 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-12 11:14 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-12 11:14 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-12 11:14 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-12 11:14 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-12 11:09 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-12 11:09 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-12 11:09 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-12 11:09 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-12 11:09 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-12 00:55 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-12 00:55 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-12 00:54 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-12 00:54 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-12 00:54 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-11 10:57 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 10:57 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-06 17:18 24,944 ----a-w c:\windows\system32\drivers\GVTDrv.sys
2009-03-06 17:18 16,608 ----a-w c:\windows\gdrv.sys
2009-03-06 15:53 --------- d-----w c:\program files\Opera
2009-03-06 15:31 --------- d---a-w c:\programdata\TEMP
2009-03-05 15:48 --------- d-----w c:\program files\Warcraft III
2009-03-05 13:41 --------- d-----w c:\program files\Garena
2009-03-04 21:56 --------- d-----w c:\users\D&M\AppData\Roaming\BSplayer
2009-03-03 09:13 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-02 20:43 --------- d-----w c:\program files\Zaklínač
2009-03-02 20:34 --------- d-----w c:\programdata\Ubisoft
2009-03-02 20:34 --------- d-----w c:\program files\Ubisoft
2009-02-20 12:52 --------- d-----w c:\programdata\NVIDIA
2009-02-20 12:50 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-20 12:50 --------- d-----w c:\program files\AGEIA Technologies
2009-02-16 23:09 --------- d-----w c:\program files\EA Games
2009-02-16 20:15 --------- d-----w c:\program files\Winamp
2009-02-11 23:53 --------- d-----w c:\program files\Windows Mail
2009-02-05 09:54 453,152 ----a-w c:\windows\System32\nvuninst.exe
2009-01-29 00:00 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2009-01-28 23:40 --------- d-----w c:\program files\Electronic Arts
2009-01-27 11:37 --------- d-----w c:\program files\Common Files\Logishrd
2009-01-27 11:36 --------- d-----w c:\program files\Common Files\Logitech
2009-01-23 20:59 --------- d-----w c:\users\D&M\AppData\Roaming\BSplayer Pro
2009-01-23 20:59 --------- d-----w c:\program files\Webteh
2009-01-23 20:24 --------- d-----w c:\users\D&M\AppData\Roaming\Nokia
2009-01-23 19:58 --------- d-----w c:\users\D&M\AppData\Roaming\PC Suite
2009-01-23 19:56 0 ---ha-w c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-01-23 19:56 --------- d-----w c:\programdata\PC Suite
2009-01-23 19:53 --------- d-----w c:\program files\PC Connectivity Solution
2009-01-23 19:53 --------- d-----w c:\program files\Nokia
2009-01-23 19:53 --------- d-----w c:\program files\DIFX
2009-01-23 19:53 --------- d-----w c:\program files\Common Files\PCSuite
2009-01-23 19:53 --------- d-----w c:\program files\Common Files\Nokia
2009-01-23 19:51 --------- d-----w c:\programdata\Installations
2009-01-22 14:21 --------- d-----w c:\program files\PDFCreator
2009-01-22 13:47 --------- d-----w c:\users\D&M\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-01-21 14:52 --------- d-----w c:\users\D&M\AppData\Roaming\Hamachi
2009-01-21 14:43 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-01-16 17:24 70,936 ----a-w c:\windows\System32\PhysXLoader.dll
2009-01-15 21:23 --------- d-----w c:\programdata\Media Center Programs
2009-01-15 21:18 --------- d-----w c:\program files\Sierra Entertainment
2009-01-14 21:57 --------- d-----w c:\program files\Governor of Poker
2009-01-14 09:57 --------- d-----w c:\program files\THQ
2009-01-06 23:50 --------- d-----w c:\program files\NBA 2K9
2008-12-29 20:59 155,648 ----a-w c:\windows\System32\libssl32.dll
2008-12-26 19:23 348,160 ----a-w c:\windows\System32\Msvcr71.dll
2008-12-26 19:23 1,700,352 ----a-w c:\windows\System32\gdiplus.dll
2008-12-26 19:23 1,060,864 ----a-w c:\windows\System32\mfc71.dll
2008-12-26 15:32 159,700 ----a-w c:\windows\Marsu-Fix 2.5 Uninstaller.exe
2008-12-26 15:22 127,034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-12-26 15:18 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-26 15:06 737,280 ----a-w c:\windows\iun6002.exe
2008-12-26 13:42 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-12-26 13:42 315,392 ----a-w c:\windows\HideWin.exe
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTuneVI"="c:\program files\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-26 136600]
"TrialReset"="c:\windows\regx32.exe" [2008-07-03 285327]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-27 570664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 92704]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 c:\windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-26 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-01-27 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D617573A-0CC5-4B2E-813D-B466B4A84D44}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{E19CB15D-00D3-4713-AEEC-C0B44F617DEF}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{6DDF7CC5-55EF-4109-9805-7587E5ECBFDB}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{8AB0C297-8780-4EEB-B046-DCD83DAD71BE}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{6084BDE0-0C09-40C9-9898-D779E7F5C861}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{C2452577-3678-45DC-9431-75B27BEE5F30}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{799401A8-EA6C-4CC8-A6EF-19CE0FA6D1BB}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"{8DDDA2AB-DD86-40C9-91DB-A3A55E963F6B}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"{BCB8696F-EDCA-4E16-A740-59B0AFE174C4}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{01BC6635-B564-4173-9C1C-83CFEDC69AA2}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{F0B037AB-8852-4361-9E72-F8A12B0F19FC}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{C864F506-2907-4443-8C92-15BB6C9DB436}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{09212D73-6B47-4E46-BB2F-3411EEF42C27}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{BA74EAE1-16B5-4967-8885-4EC1A9D515CF}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{DE5C95A2-6328-48BA-BA24-C4063C304E6D}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{1857EE56-FA1F-4E3E-A5B1-296248A043A7}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{FF57FCF4-98F6-4442-8AF4-C5DAF1E771E5}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{E09D3E81-3DBF-4067-B869-6486BF2DF6FE}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{DC5255F3-476C-432A-9EA2-4267B1F3A844}"= UDP:c:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{47E6CA24-E8AA-4843-BF6E-266567F8A340}"= TCP:c:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{DACC86A7-249C-4809-8E53-BDC6C978B48F}"= UDP:c:\program files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{86080382-9EA2-43DB-A216-660FD8E8A6CC}"= TCP:c:\program files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{96B2F3B9-1EE8-438A-962C-09ECF8411734}"= UDP:c:\program files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{1555B58A-58CE-4FD7-9D41-69F791B91587}"= TCP:c:\program files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{998319BD-E2FA-427F-9FDD-ADA17FCD73F6}"= UDP:c:\program files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{708C0EC8-162A-41B4-89B5-44EB023A218D}"= TCP:c:\program files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{E61D46B2-9370-464B-A536-EFCA8F13CE13}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2009\GCP2009.exe:Pro Evolution Soccer 2009
"{A88E9689-200D-4B30-B852-F3A4A9EB06BF}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2009\GCP2009.exe:Pro Evolution Soccer 2009
"{5B7532A4-ED23-4D25-B893-B4874C9F7B5E}"= UDP:c:\users\D&M\Desktop\PES 2009.exe:Pro Evolution Soccer 2009
"{614C2278-11B4-4A59-919B-D9B47ED92A07}"= TCP:c:\users\D&M\Desktop\PES 2009.exe:Pro Evolution Soccer 2009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2008-12-26 72192]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
SUnknown GVTDrv;GVTDrv; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf4d3665-d427-11dd-a8d0-001fd022b85b}]
\shell\AutoRun\command - J:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3affafa-d405-11dd-b3cc-001fd022b85b}]
\shell\AutoRun\command - I:\Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{b681b554-3c5c-491c-b08e-35aebfd5b3bd} - mscoree.dll


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
.
------- Asociace souborů -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-06 18:23:27
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2009-03-06 18:25:01
ComboFix-quarantined-files.txt 2009-03-06 17:24:59

Před spuštěním: Volných bajtů: 129 126 260 736
Po spuštění: Volných bajtů: 129,089,695,744

232 --- E O F --- 2009-03-06 09:38:00

[zac.je.toho.loket]

stále čekám help pls

[jaro3]

nj, já tady nemůže bejt furt , to snad uznáš..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Folder::
c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP

File::
c:\windows\bwUnin-8.1.1.50-8876480SL.exe
c:\windows\iun6002.exe

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Jo a když jsme u toho , tak si odinstaluj ten cracklej ESET Smart Security a pořiď si něco free, je to lepší.

[zac.je.toho.loket]

ComboFix 09-03-04.01 - D&M 2009-03-07 12:16:30.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1029.18.3325.2401 [GMT 1:00]
Spuštěný z: c:\users\D&M\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\D&M\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated)
FW: ESET Personal firewall *enabled*
* Vytvořen nový Bod Obnovení

FILE ::
c:\windows\bwUnin-8.1.1.50-8876480SL.exe
c:\windows\iun6002.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP
c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP\WiseCustomCalla.dll
c:\windows\bwUnin-8.1.1.50-8876480SL.exe
c:\windows\iun6002.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-07 do 2009-03-07 )))))))))))))))))))))))))))))))
.

2009-03-06 21:03 . 2009-03-06 21:03 <DIR> d-------- c:\program files\VDJ5
2009-03-06 18:09 . 2009-03-06 18:09 <DIR> d-------- c:\users\D&M\AppData\Roaming\Malwarebytes
2009-03-06 18:09 . 2009-03-06 18:09 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-03-06 18:09 . 2009-03-06 18:09 <DIR> d-------- c:\programdata\Malwarebytes
2009-03-06 18:09 . 2009-03-06 18:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-06 18:09 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-06 18:09 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-06 17:46 . 2009-03-06 17:46 <DIR> d-------- c:\program files\Trend Micro
2009-03-04 18:40 . 2009-03-06 21:09 <DIR> d-------- c:\program files\VirtualDJ
2009-03-04 18:21 . 2009-03-04 19:01 <DIR> d-------- c:\program files\World of Warcraft
2009-03-04 18:21 . 2009-03-04 18:36 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2009-02-28 12:08 . 2009-02-28 12:36 <DIR> d-------- c:\program files\F.E.A.R. 2
2009-02-27 22:55 . 2009-02-27 22:55 <DIR> d-------- c:\program files\Free MP3 WMA WAV Converter
2009-02-27 22:55 . 2004-12-02 18:20 1,843,200 --a------ c:\windows\System32\NCTAudioFile2.dll
2009-02-27 22:55 . 2002-01-05 15:37 344,064 --a------ c:\windows\System32\msvcr70.dll
2009-02-27 22:55 . 2004-12-02 18:11 315,392 --a------ c:\windows\System32\NCTAudioPlayer2.dll
2009-02-27 22:55 . 2004-05-20 15:24 196,608 --a------ c:\windows\System32\NCTWMAFile2.dll
2009-02-27 22:26 . 2005-11-30 21:20 2,314,332 --a------ c:\windows\System32\LIBMMD.DLL
2009-02-27 22:26 . 1998-06-23 22:00 609,584 --a------ c:\windows\System32\comctl32.ocx
2009-02-27 22:26 . 2001-03-13 11:49 120,320 --a------ c:\windows\System32\comdlg32.ocx
2009-02-27 22:26 . 2000-05-22 15:58 115,920 --a------ c:\windows\System32\msinet.ocx
2009-02-22 20:17 . 2009-02-22 20:17 <DIR> d-------- c:\program files\ESET
2009-02-20 13:22 . 2009-02-20 13:22 <DIR> d-------- c:\users\All Users\Futuremark
2009-02-20 13:22 . 2009-02-20 13:22 <DIR> d-------- c:\programdata\Futuremark
2009-02-20 13:16 . 2009-02-20 13:16 <DIR> d-------- c:\windows\System32\Futuremark
2009-02-20 13:16 . 2009-02-20 13:16 <DIR> d-------- c:\program files\Common Files\Futuremark Shared
2009-02-20 13:16 . 2008-04-22 08:53 27,672 -ra------ c:\windows\System32\drivers\Entech.sys
2009-02-20 13:15 . 2009-02-20 13:15 <DIR> d-------- c:\program files\Futuremark
2009-02-19 21:53 . 2009-02-19 21:58 <DIR> d-------- C:\l4d backup
2009-02-19 21:10 . 2009-02-19 21:10 <DIR> d-------- c:\windows\Left 4 Dead
2009-02-19 21:10 . 2009-03-06 16:51 <DIR> d-------- c:\program files\Left 4 Dead
2009-02-16 21:10 . 2009-02-16 21:18 <DIR> d-------- c:\users\D&M\AppData\Roaming\Winamp
2009-02-15 21:16 . 2009-02-15 21:16 <DIR> d-------- c:\users\D&M\AppData\Roaming\Leadertech
2009-02-15 21:11 . 2009-02-15 21:11 <DIR> d-------- c:\program files\EA Sports
2009-02-15 15:58 . 2009-02-15 16:10 <DIR> d-------- c:\program files\Counter-Strike Source
2009-02-12 11:14 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-12 11:14 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-12 11:14 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-12 11:14 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-12 11:14 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-12 11:14 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-12 11:14 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-12 11:14 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-12 11:09 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-12 11:09 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-12 11:09 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-12 11:09 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-12 11:09 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-12 00:55 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-12 00:55 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-12 00:54 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-12 00:54 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-12 00:54 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-11 10:57 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 10:57 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 11:07 24,944 ----a-w c:\windows\system32\drivers\GVTDrv.sys
2009-03-07 11:07 16,608 ----a-w c:\windows\gdrv.sys
2009-03-06 20:09 --------- d---a-w c:\programdata\TEMP
2009-03-06 19:15 --------- d-----w c:\program files\Opera
2009-03-05 15:48 --------- d-----w c:\program files\Warcraft III
2009-03-05 13:41 --------- d-----w c:\program files\Garena
2009-03-04 21:56 --------- d-----w c:\users\D&M\AppData\Roaming\BSplayer
2009-03-03 09:13 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-02 20:43 --------- d-----w c:\program files\Zaklínač
2009-03-02 20:34 --------- d-----w c:\programdata\Ubisoft
2009-03-02 20:34 --------- d-----w c:\program files\Ubisoft
2009-02-20 12:52 --------- d-----w c:\programdata\NVIDIA
2009-02-20 12:50 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-20 12:50 --------- d-----w c:\program files\AGEIA Technologies
2009-02-16 23:09 --------- d-----w c:\program files\EA Games
2009-02-16 20:15 --------- d-----w c:\program files\Winamp
2009-02-11 23:53 --------- d-----w c:\program files\Windows Mail
2009-02-05 09:54 453,152 ----a-w c:\windows\System32\nvuninst.exe
2009-01-29 00:00 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2009-01-28 23:40 --------- d-----w c:\program files\Electronic Arts
2009-01-27 11:37 --------- d-----w c:\program files\Common Files\Logishrd
2009-01-27 11:36 --------- d-----w c:\program files\Common Files\Logitech
2009-01-23 20:59 --------- d-----w c:\users\D&M\AppData\Roaming\BSplayer Pro
2009-01-23 20:59 --------- d-----w c:\program files\Webteh
2009-01-23 20:24 --------- d-----w c:\users\D&M\AppData\Roaming\Nokia
2009-01-23 19:58 --------- d-----w c:\users\D&M\AppData\Roaming\PC Suite
2009-01-23 19:56 0 ---ha-w c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-01-23 19:56 --------- d-----w c:\programdata\PC Suite
2009-01-23 19:53 --------- d-----w c:\program files\PC Connectivity Solution
2009-01-23 19:53 --------- d-----w c:\program files\Nokia
2009-01-23 19:53 --------- d-----w c:\program files\DIFX
2009-01-23 19:53 --------- d-----w c:\program files\Common Files\PCSuite
2009-01-23 19:53 --------- d-----w c:\program files\Common Files\Nokia
2009-01-23 19:51 --------- d-----w c:\programdata\Installations
2009-01-22 14:21 --------- d-----w c:\program files\PDFCreator
2009-01-22 13:47 --------- d-----w c:\users\D&M\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-01-21 14:52 --------- d-----w c:\users\D&M\AppData\Roaming\Hamachi
2009-01-21 14:43 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-01-16 17:24 70,936 ----a-w c:\windows\System32\PhysXLoader.dll
2009-01-15 21:23 --------- d-----w c:\programdata\Media Center Programs
2009-01-15 21:18 --------- d-----w c:\program files\Sierra Entertainment
2009-01-14 21:57 --------- d-----w c:\program files\Governor of Poker
2009-01-14 09:57 --------- d-----w c:\program files\THQ
2008-12-29 20:59 155,648 ----a-w c:\windows\System32\libssl32.dll
2008-12-26 19:23 348,160 ----a-w c:\windows\System32\Msvcr71.dll
2008-12-26 19:23 1,700,352 ----a-w c:\windows\System32\gdiplus.dll
2008-12-26 19:23 1,060,864 ----a-w c:\windows\System32\mfc71.dll
2008-12-26 15:32 159,700 ----a-w c:\windows\Marsu-Fix 2.5 Uninstaller.exe
2008-12-26 15:18 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-26 13:42 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-12-26 13:42 315,392 ----a-w c:\windows\HideWin.exe
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-03-06_18.23.42,93 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-06 17:18:11 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-07 11:07:08 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-03-06 17:18:11 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-03-07 11:07:08 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-03-06 17:19:42 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-07 11:08:05 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2009-03-06 17:19:37 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-07 11:07:59 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-07 11:07:59 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-03-06 17:20:50 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-06 20:06:16 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-06 17:20:50 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-06 20:06:16 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-06 17:20:50 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-06 20:06:16 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-06 17:18:14 251,736 ----a-w c:\windows\System32\FNTCACHE.DAT
+ 2009-03-07 11:07:11 252,384 ----a-w c:\windows\System32\FNTCACHE.DAT
- 2009-03-06 17:19:58 6,080 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3993804155-4283008946-2220901371-1000_UserData.bin
+ 2009-03-07 11:08:55 6,112 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3993804155-4283008946-2220901371-1000_UserData.bin
- 2009-03-06 17:19:58 82,536 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-07 11:08:55 82,934 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-03-06 17:19:56 32,776 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-03-07 11:08:54 32,816 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTuneVI"="c:\program files\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-26 136600]
"TrialReset"="c:\windows\regx32.exe" [2008-07-03 285327]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-27 570664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 92704]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 c:\windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-26 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-01-27 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D617573A-0CC5-4B2E-813D-B466B4A84D44}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{E19CB15D-00D3-4713-AEEC-C0B44F617DEF}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{6DDF7CC5-55EF-4109-9805-7587E5ECBFDB}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{8AB0C297-8780-4EEB-B046-DCD83DAD71BE}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{6084BDE0-0C09-40C9-9898-D779E7F5C861}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{C2452577-3678-45DC-9431-75B27BEE5F30}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{799401A8-EA6C-4CC8-A6EF-19CE0FA6D1BB}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"{8DDDA2AB-DD86-40C9-91DB-A3A55E963F6B}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"{BCB8696F-EDCA-4E16-A740-59B0AFE174C4}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{01BC6635-B564-4173-9C1C-83CFEDC69AA2}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{F0B037AB-8852-4361-9E72-F8A12B0F19FC}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{C864F506-2907-4443-8C92-15BB6C9DB436}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{09212D73-6B47-4E46-BB2F-3411EEF42C27}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{BA74EAE1-16B5-4967-8885-4EC1A9D515CF}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{DE5C95A2-6328-48BA-BA24-C4063C304E6D}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{1857EE56-FA1F-4E3E-A5B1-296248A043A7}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{FF57FCF4-98F6-4442-8AF4-C5DAF1E771E5}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{E09D3E81-3DBF-4067-B869-6486BF2DF6FE}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{DC5255F3-476C-432A-9EA2-4267B1F3A844}"= UDP:c:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{47E6CA24-E8AA-4843-BF6E-266567F8A340}"= TCP:c:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{DACC86A7-249C-4809-8E53-BDC6C978B48F}"= UDP:c:\program files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{86080382-9EA2-43DB-A216-660FD8E8A6CC}"= TCP:c:\program files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{96B2F3B9-1EE8-438A-962C-09ECF8411734}"= UDP:c:\program files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{1555B58A-58CE-4FD7-9D41-69F791B91587}"= TCP:c:\program files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{998319BD-E2FA-427F-9FDD-ADA17FCD73F6}"= UDP:c:\program files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{708C0EC8-162A-41B4-89B5-44EB023A218D}"= TCP:c:\program files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{E61D46B2-9370-464B-A536-EFCA8F13CE13}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2009\GCP2009.exe:Pro Evolution Soccer 2009
"{A88E9689-200D-4B30-B852-F3A4A9EB06BF}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2009\GCP2009.exe:Pro Evolution Soccer 2009
"{5B7532A4-ED23-4D25-B893-B4874C9F7B5E}"= UDP:c:\users\D&M\Desktop\PES 2009.exe:Pro Evolution Soccer 2009
"{614C2278-11B4-4A59-919B-D9B47ED92A07}"= TCP:c:\users\D&M\Desktop\PES 2009.exe:Pro Evolution Soccer 2009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2008-12-26 72192]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
SUnknown GVTDrv;GVTDrv; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf4d3665-d427-11dd-a8d0-001fd022b85b}]
\shell\AutoRun\command - J:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3affafa-d405-11dd-b3cc-001fd022b85b}]
\shell\AutoRun\command - I:\Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-07 12:17:57
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2009-03-07 12:19:33
ComboFix-quarantined-files.txt 2009-03-07 11:19:31
ComboFix2.txt 2009-03-06 17:25:02

Před spuštěním: Volných bajtů: 127 548 080 128
Po spuštění: Volných bajtů: 127,523,737,600

258 --- E O F --- 2009-03-06 09:38:00


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:20, on 7.3.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\regx32.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TrialReset] C:\Windows\regx32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5605 bytes

pořád nic, já se z toho zvencnu

[zac.je.toho.loket]

a jinak uznávám, že tu nemůžeš být pořád ale teď bys tu zrovna být moh...mám z toho krámu nervy, asi na něj vezmu kladivo

[jaro3]

Psal jsem abys odinstaloval ten ESS, následně smaž ten crack:
C:\Windows\regx32.exe

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

O4 - HKLM\..\Run: [TrialReset] C:\Windows\regx32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O13 - Gopher Prefix:


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.

Problém s ikonami tedy stále trvá, zkoušel jsi na ploše změnit u ikon příponu na .exe?
Něco pohledám časem na úpravu registru, bohužel máš vistu , na tu nic nemám , tak jedině hledat.

[zac.je.toho.loket]

Tak jsem udělal vše jak bylo naspáno, ale pořád vše při starém

[zac.je.toho.loket]

Vidím to asi na formát a zpět na Win XP SP3