Prosím o pomoc Chyba RunDLL Vyřešeno

[barunka]

ComboFix 08-10-30.06 - Bára 2008-10-30 17:05:57.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1029.18.1598 [GMT 1:00]
Spuštěný z: C:\Users\Bára\Desktop\ComboFix.exe
Použité ovládací přepínače :: C:\Users\Bára\Desktop\CFScript.txt
* Vytvořen nový Bod Obnovení

FILE ::
C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\desktop.ini
C:\Users\Bára\AppData\Local\Microsoft\Windows\Temporary Internet Files\MAILTRAN.INI
C:\Users\Bára\AppData\Local\Microsoft\Windows\Temporary Internet Files\WDICT32.INI
C:\Users\Bára\AppData\Local\Microsoft\Windows\Temporary Internet Files\WTRAN32.INI
C:\Windows\system32\x64
C:\Windows\system32\x64\csnp2uvc.dll
C:\Windows\system32\x64\rsnpvc64.dll
C:\Windows\system32\x64\sncduvc.sys
C:\Windows\system32\x64\snp2uvc.sys
C:\Windows\system32\x64\vsnpvc64.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-09-28 do 2008-10-30 )))))))))))))))))))))))))))))))
.

V tomto časovém úseku nebyly vytvořeny žádné nové soubory.

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-30 16:10 3,145,728 --sha-w C:\Users\Bára\ntuser.dat
2008-10-30 16:10 3,145,728 --sha-w C:\Users\Bára\ntuser.dat
2008-10-30 16:10 --------- d-----w C:\Users\Bára\AppData\Roaming\Skype
2008-10-30 15:03 --------- d-----w C:\Users\Bára\AppData\Roaming\skypePM
2008-10-30 14:24 --------- d-----w C:\Program Files\ICQToolbar
2008-10-30 14:24 --------- d-----w C:\Program Files\ICQ6
2008-10-30 13:50 --------- d-----w C:\Program Files\ICQ6Toolbar
2008-10-30 13:48 --------- d---a-w C:\Program Files\AskSBar
2008-10-30 13:24 --------- d-----w C:\Users\Bára\AppData\Roaming\zweitgeist
2008-10-30 13:03 --------- d-----w C:\Program Files\ICQ6(1)
2008-10-30 12:55 --------- d-----w C:\ProgramData\ICQ
2008-10-30 12:43 --------- d-----w C:\Users\Bára\AppData\Roaming\ICQ
2008-10-30 08:43 --------- d-----w C:\Users\Bára\AppData\Roaming\Malwarebytes
2008-10-30 08:43 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-10-30 08:42 --------- d-----w C:\ProgramData\Malwarebytes
2008-10-29 21:03 --------- d-----w C:\Program Files\Trend Micro
2008-10-27 16:43 --------- d-----w C:\Users\Bára\AppData\Roaming\Azureus
2008-10-23 10:24 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-22 15:10 38,496 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-10-21 13:52 --------- d-----w C:\Program Files\ESET
2008-10-21 13:35 --------- d-----w C:\Program Files\Alwil Software
2008-10-21 13:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-21 13:31 --------- d-----w C:\ProgramData\Symantec
2008-10-20 21:01 --------- d---a-w C:\ProgramData\TEMP
2008-10-20 19:55 --------- d-----w C:\ProgramData\ESET
2008-10-19 16:07 --------- d-----w C:\ProgramData\Microsoft Help
2008-10-19 13:52 --------- d-----w C:\Users\Bára\AppData\Roaming\MyPhoneExplorer
2008-10-15 16:45 --------- d-----w C:\Program Files\Windows Mail
2008-10-12 14:03 --------- d-----w C:\Program Files\Microsoft Works
2008-10-12 14:03 --------- d-----w C:\Program Files\Common Files\Skype
2008-10-07 18:15 --------- d-----w C:\Program Files\Java
2008-10-07 18:13 --------- d-----w C:\Program Files\Common Files\Java
2008-10-04 18:46 --------- d-s---w C:\Users\Bára\AppData\Roaming\Microsoft
2008-10-04 18:40 --------- d-----w C:\Program Files\MSBuild
2008-10-04 18:34 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-10-04 11:04 --------- d-----w C:\Program Files\Microsoft Visual Studio 8(124)
2008-10-02 08:25 --------- d-----w C:\Program Files\Windows Sidebar
2008-10-02 08:25 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-10-02 08:25 --------- d-----w C:\Program Files\Windows Journal
2008-10-02 08:25 --------- d-----w C:\Program Files\Windows Defender
2008-10-02 08:25 --------- d-----w C:\Program Files\Windows Collaboration
2008-10-02 08:23 --------- d-----w C:\Program Files\Windows Calendar
2008-10-02 03:49 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-10-01 21:16 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-10-01 21:16 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-10-01 18:39 --------- d-----w C:\ProgramData\HP
2008-09-18 05:09 3,601,464 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w C:\Windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w C:\Windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w C:\Windows\System32\win32k.sys
2008-09-15 20:53 --------- d-----w C:\Users\Bára\AppData\Roaming\Microsoft Games
2008-09-15 17:24 --------- d-----w C:\Program Files\Microsoft Games
2008-09-15 17:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-15 12:07 --------- d-----w C:\ProgramData\Microsoft Games
2008-09-14 23:05 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-09-14 22:52 --------- d--h--r C:\Users\Bára\AppData\Roaming\SecuROM
2008-09-13 23:24 --------- d-----w C:\Users\Bára\AppData\Roaming\WinBatch
2008-08-12 03:39 443,392 ----a-w C:\Windows\System32\win32spl.dll
2008-08-05 09:49 428,544 ----a-w C:\Windows\System32\EncDec.dll
2008-08-05 09:49 293,376 ----a-w C:\Windows\System32\psisdecd.dll
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-29 14:05 1,296,896 ----a-w C:\Windows\System32\SPort.dll
2008-07-25 08:36 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 21:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 19:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-14 20:38 491,520 ----a-w C:\Windows\WebIE.dll
2008-07-14 20:38 45,056 ----a-w C:\Windows\TRNOEH.DLL
2008-07-14 20:38 356,352 ----a-w C:\Windows\TrnOutl.dll
2008-07-14 20:38 294,912 ----a-w C:\Windows\TrnWord.dll
2008-07-14 20:36 516,096 ----a-w C:\Windows\UN32.EXE
2008-07-13 20:19 9,847,296 ----a-w C:\Windows\System32\NlsData000a.dll
2008-07-13 20:16 988,216 ----a-w C:\Windows\System32\winload.exe
2008-07-13 20:16 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-07-13 20:16 615,992 ----a-w C:\Windows\System32\ci.dll
2008-07-13 20:16 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-07-13 20:16 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-07-13 20:16 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-07-13 20:16 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-07-13 20:16 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-07-13 20:16 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-07-13 20:16 14,848 ----a-w C:\Windows\System32\srdelayed.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [BU]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-09-01 173304]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 C:\Windows\System32\oobefldr.dll]
"Acer Tour Reminder"="" [BU]
"OEXPRESS"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-07 1021224]
"PLFSetL"="C:\Windows\PLFSetL.exe" [2007-07-05 94208]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-26 457216]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-10-17 858632]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [BU]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 35328]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 133656]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2008-01-29 583048]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" [BU]
"eRecoveryService"="" [BU]
"Device Detector"="DevDetect.exe" [BU]
"Skytel"="Skytel.exe" [2007-05-29 C:\Windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9776F41E-EEB2-4B4F-B6B0-49E9786345AF}"= C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{1ACC930A-3AA3-48E7-9477-283BEB1E43C5}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{83B979D5-4EB4-4027-8823-134C8C8399C3}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{48F75EDB-CD1E-4659-BC2F-6BB6CC29304F}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0FE4715E-2412-4F56-8F94-0F52A16A8EDC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C6E38110-4509-421F-93C6-AB7684B50266}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{DA19CD97-D575-4FCC-A72F-EB490BFAEEC1}"= UDP:C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{0C34ADAD-388C-4BED-B3F0-5F2DDF1505EF}"= TCP:C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{C0471328-4792-4CE1-BF8F-4BDB2A94B7D6}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{27281FC0-796D-4160-8E6F-C2252422B080}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C309CE57-950B-4431-A09F-E2255A5988CE}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9222FD0B-FD98-4655-A6FB-A0DE7637C3BA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0B3A8CFF-79B1-44FE-89CF-437FBA556F59}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{058F8A72-2439-4EA8-AFB8-B48CC7304775}C:\\program files\\vuze\\azureus.exe"= UDP:C:\program files\vuze\azureus.exe:Azureus
"UDP Query User{054E063A-D450-429C-946E-1BC3F99A41EA}C:\\program files\\vuze\\azureus.exe"= TCP:C:\program files\vuze\azureus.exe:Azureus

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-26 20776]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-26 16680]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-26 60712]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
.
Obsah adresáře 'Naplánované úlohy'

2008-10-30 C:\Windows\Tasks\User_Feed_Synchronization-{6E0A6DFF-F317-4319-AC6E-69AFC47A7A2F}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 08:33]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 17:10:43
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


C:\Windows\TEMP\TMP000000733F187F4C063A64A4

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
Celkový čas: 2008-10-30 17:12:54
ComboFix-quarantined-files.txt 2008-10-30 16:12:50
ComboFix2.txt 2008-10-30 12:20:05

Před spuštěním: Systém nemůže nalézt text zprávy číslo 0x2379 v souboru zpráv pro Application.
Po spuštění: Volných bajtů: 67,933,065,216

218

[Reklama]

[barunka]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:04:03, on 29.10.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Users\BRA~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cs.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\mlJApPGv.dll,#1
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [Microsoft IT Update] COPYOF~3.EXE
O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\BRA~1\AppData\Local\Temp\byXOiFvS.dll,c
O4 - HKCU\..\Run: [2aa81b5c] rundll32.exe "C:\Users\BRA~1\AppData\Local\Temp\satyxkqm.dll",b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11088 bytes

[jaro3]

Ještě jednou:odinstaluj Ask Toolbar
Log z CF není celý, zkus ještě jednou.
Koukni se zda tam máš stále toto:
C:\Windows\system32\mlJApPGv.dll,#1

[barunka]

Ale ja uz ten Ask Toolbar v programech nemam..
Ten soubor uz tam neni

[barunka]

ComboFix 08-10-30.06 - Bára 2008-10-30 17:59:32.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1029.18.1729 [GMT 1:00]
Spuštěný z: C:\Users\Bára\Desktop\ComboFix.exe
Použité ovládací přepínače :: C:\Users\Bára\Desktop\CFScript.txt
* Vytvořen nový Bod Obnovení

FILE ::
C:\Program Files\desktop.ini
.

((((((((((((((((((((((((( Soubory vytvořené od 2008-09-28 do 2008-10-30 )))))))))))))))))))))))))))))))
.

V tomto časovém úseku nebyly vytvořeny žádné nové soubory.

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-30 17:03 3,145,728 --sha-w C:\Users\Bára\ntuser.dat
2008-10-30 17:03 3,145,728 --sha-w C:\Users\Bára\ntuser.dat
2008-10-30 16:54 --------- d-s---w C:\Users\Bára\AppData\Roaming\Microsoft
2008-10-30 16:50 --------- d-----w C:\Users\Bára\AppData\Roaming\Skype
2008-10-30 15:03 --------- d-----w C:\Users\Bára\AppData\Roaming\skypePM
2008-10-30 14:24 --------- d-----w C:\Program Files\ICQToolbar
2008-10-30 14:24 --------- d-----w C:\Program Files\ICQ6
2008-10-30 13:48 --------- d---a-w C:\Program Files\AskSBar
2008-10-30 13:24 --------- d-----w C:\Users\Bára\AppData\Roaming\zweitgeist
2008-10-30 12:55 --------- d-----w C:\ProgramData\ICQ
2008-10-30 12:43 --------- d-----w C:\Users\Bára\AppData\Roaming\ICQ
2008-10-30 08:43 --------- d-----w C:\Users\Bára\AppData\Roaming\Malwarebytes
2008-10-30 08:43 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-10-30 08:42 --------- d-----w C:\ProgramData\Malwarebytes
2008-10-29 21:03 --------- d-----w C:\Program Files\Trend Micro
2008-10-27 16:43 --------- d-----w C:\Users\Bára\AppData\Roaming\Azureus
2008-10-23 10:24 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-22 15:10 38,496 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-10-21 13:52 --------- d-----w C:\Program Files\ESET
2008-10-21 13:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-21 13:31 --------- d-----w C:\ProgramData\Symantec
2008-10-20 21:01 --------- d---a-w C:\ProgramData\TEMP
2008-10-20 19:55 --------- d-----w C:\ProgramData\ESET
2008-10-19 16:07 --------- d-----w C:\ProgramData\Microsoft Help
2008-10-19 13:52 --------- d-----w C:\Users\Bára\AppData\Roaming\MyPhoneExplorer
2008-10-15 16:45 --------- d-----w C:\Program Files\Windows Mail
2008-10-12 14:03 --------- d-----w C:\Program Files\Microsoft Works
2008-10-12 14:03 --------- d-----w C:\Program Files\Common Files\Skype
2008-10-07 18:15 --------- d-----w C:\Program Files\Java
2008-10-07 18:13 --------- d-----w C:\Program Files\Common Files\Java
2008-10-04 18:40 --------- d-----w C:\Program Files\MSBuild
2008-10-04 18:34 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-10-04 11:04 --------- d-----w C:\Program Files\Microsoft Visual Studio 8(124)
2008-10-02 08:25 --------- d-----w C:\Program Files\Windows Sidebar
2008-10-02 08:25 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-10-02 08:25 --------- d-----w C:\Program Files\Windows Journal
2008-10-02 08:25 --------- d-----w C:\Program Files\Windows Defender
2008-10-02 08:25 --------- d-----w C:\Program Files\Windows Collaboration
2008-10-02 08:23 --------- d-----w C:\Program Files\Windows Calendar
2008-10-02 03:49 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-10-01 21:16 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-10-01 21:16 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-10-01 18:39 --------- d-----w C:\ProgramData\HP
2008-09-18 05:09 3,601,464 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w C:\Windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w C:\Windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w C:\Windows\System32\win32k.sys
2008-09-15 20:53 --------- d-----w C:\Users\Bára\AppData\Roaming\Microsoft Games
2008-09-15 17:24 --------- d-----w C:\Program Files\Microsoft Games
2008-09-15 17:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-15 12:07 --------- d-----w C:\ProgramData\Microsoft Games
2008-09-14 23:05 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-09-14 22:52 --------- d--h--r C:\Users\Bára\AppData\Roaming\SecuROM
2008-09-13 23:24 --------- d-----w C:\Users\Bára\AppData\Roaming\WinBatch
2008-08-12 03:39 443,392 ----a-w C:\Windows\System32\win32spl.dll
2008-08-05 09:49 428,544 ----a-w C:\Windows\System32\EncDec.dll
2008-08-05 09:49 293,376 ----a-w C:\Windows\System32\psisdecd.dll
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-29 14:05 1,296,896 ----a-w C:\Windows\System32\SPort.dll
2008-07-25 08:36 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 21:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 19:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-14 20:38 491,520 ----a-w C:\Windows\WebIE.dll
2008-07-14 20:38 45,056 ----a-w C:\Windows\TRNOEH.DLL
2008-07-14 20:38 356,352 ----a-w C:\Windows\TrnOutl.dll
2008-07-14 20:38 294,912 ----a-w C:\Windows\TrnWord.dll
2008-07-14 20:36 516,096 ----a-w C:\Windows\UN32.EXE
2008-07-13 20:19 9,847,296 ----a-w C:\Windows\System32\NlsData000a.dll
2008-07-13 20:16 988,216 ----a-w C:\Windows\System32\winload.exe
2008-07-13 20:16 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-07-13 20:16 615,992 ----a-w C:\Windows\System32\ci.dll
2008-07-13 20:16 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-07-13 20:16 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-07-13 20:16 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-07-13 20:16 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-07-13 20:16 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-07-13 20:16 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-07-13 20:16 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-07-13 20:15 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-07-13 20:14 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-07-13 20:13 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
.

((((((((((((((((((((((((((((( snapshot@2008-10-30_17.11.38.78 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-30 15:58:41 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-30 16:47:04 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-10-30 15:58:41 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-30 16:47:04 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-10-30 16:00:21 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-30 16:48:14 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-10-30 15:59:42 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-30 16:48:08 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-30 16:48:08 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-10-30 16:05:37 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-10-30 16:59:11 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2008-10-30 16:04:58 119,090 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-30 16:53:07 119,090 ----a-w C:\Windows\System32\perfc009.dat
- 2008-10-30 16:04:58 634,204 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-30 16:53:07 634,204 ----a-w C:\Windows\System32\perfh009.dat
- 2008-10-30 16:00:49 13,124 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2157242134-1255572189-1706231899-1003_UserData.bin
+ 2008-10-30 16:49:09 13,132 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2157242134-1255572189-1706231899-1003_UserData.bin
- 2008-10-30 16:00:48 80,292 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-30 16:49:09 80,292 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-10-30 16:00:41 62,036 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-30 16:49:02 62,036 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [BU]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-09-01 173304]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 C:\Windows\System32\oobefldr.dll]
"Acer Tour Reminder"="" [BU]
"OEXPRESS"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-07 1021224]
"PLFSetL"="C:\Windows\PLFSetL.exe" [2007-07-05 94208]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-26 457216]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-10-17 858632]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [BU]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 35328]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 133656]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2008-01-29 583048]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" [BU]
"eRecoveryService"="" [BU]
"Device Detector"="DevDetect.exe" [BU]
"Skytel"="Skytel.exe" [2007-05-29 C:\Windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9776F41E-EEB2-4B4F-B6B0-49E9786345AF}"= C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{1ACC930A-3AA3-48E7-9477-283BEB1E43C5}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{83B979D5-4EB4-4027-8823-134C8C8399C3}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{48F75EDB-CD1E-4659-BC2F-6BB6CC29304F}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0FE4715E-2412-4F56-8F94-0F52A16A8EDC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C6E38110-4509-421F-93C6-AB7684B50266}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{DA19CD97-D575-4FCC-A72F-EB490BFAEEC1}"= UDP:C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{0C34ADAD-388C-4BED-B3F0-5F2DDF1505EF}"= TCP:C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{C0471328-4792-4CE1-BF8F-4BDB2A94B7D6}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{27281FC0-796D-4160-8E6F-C2252422B080}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C309CE57-950B-4431-A09F-E2255A5988CE}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9222FD0B-FD98-4655-A6FB-A0DE7637C3BA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0B3A8CFF-79B1-44FE-89CF-437FBA556F59}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{058F8A72-2439-4EA8-AFB8-B48CC7304775}C:\\program files\\vuze\\azureus.exe"= UDP:C:\program files\vuze\azureus.exe:Azureus
"UDP Query User{054E063A-D450-429C-946E-1BC3F99A41EA}C:\\program files\\vuze\\azureus.exe"= TCP:C:\program files\vuze\azureus.exe:Azureus

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-26 20776]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-26 16680]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-26 60712]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
.
Obsah adresáře 'Naplánované úlohy'

2008-10-30 C:\Windows\Tasks\User_Feed_Synchronization-{6E0A6DFF-F317-4319-AC6E-69AFC47A7A2F}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 08:33]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 18:03:38
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2008-10-30 18:06:00
ComboFix-quarantined-files.txt 2008-10-30 17:05:48
ComboFix2.txt 2008-10-30 16:12:55
ComboFix3.txt 2008-10-30 12:20:05

Před spuštěním: Systém nemůže nalézt text zprávy číslo 0x2379 v souboru zpráv pro Application.
Po spuštění: Volných bajtů: 68,082,855,936

226

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

Fix v HJT:

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\mlJApPGv.dll,#1
O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKCU\..\Run: [2aa81b5c] rundll32.exe "C:\Users\BRA~1\AppData\Local\Temp\satyxkqm.dll",b
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O13 - Gopher Prefix:

vyčisti systém CCleanerem
viewtopic.php?t=5130
a použij i T-Cleaner
http://www.sweb.cz/Marinus/T-Cleaner.exe
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Vlož sem pak nový log z HJT.

[barunka]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:04:03, on 29.10.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Users\BRA~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cs.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\mlJApPGv.dll,#1
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [Microsoft IT Update] COPYOF~3.EXE
O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\BRA~1\AppData\Local\Temp\byXOiFvS.dll,c
O4 - HKCU\..\Run: [2aa81b5c] rundll32.exe "C:\Users\BRA~1\AppData\Local\Temp\satyxkqm.dll",b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11088 bytes

[jaro3]

Ten fix v HJT byl proveden? Všechno zbylo..

[barunka]

A v tom Hjt mam dat Fix Checked ty zeleny soubory, ktery si mi poslal?

[jaro3]

Musíš rozjet HJT a dát jen scan only, zatrhnout vše co jsem sem vložil a klik na fix checked, návod je zde:
viewtopic.php?f=70&t=5119

[barunka]

Ale oni tam nejsou vsechny z tech co si mi sem dal...
Nasla sem jen 3...

[jaro3]

Tak fixni ty , co tam jsou. Zavři HJT a pak ho znovu rozjeď a pošli nový log.
Pokud pracuješ s HJT, máš mít zavřeny všechny ostatní aplikace a prohlížeče!