MS Removal Tool, neda sa pracovat s ntb

[evolution]

cauko, kamaratke sa dostal na pc tento program/akoze antivirus, po skenovani ukazuje fiktivne virusy a chyby systemu.. a samozrejme treba zaplatit licenciu pre dalsiu pracu s programom, proste neda sa to vypnut, nefunguje spravca uloh, instalacia programov, windows update.. kebyze je to pc vyberem hdd a napojim ho na moj comp

[memphisto]

V jejím PC najeď do nouzového režimu a udělej ...

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[evolution]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 6246

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

02/04/2011 15:11:52
mbam-log-2011-04-02 (15-11-41).txt

Typ kontroly: Rychlý test
Testované objekty: 173776
Uplynulý èas: 1 minut, 45 sekund

Infikované procesy v pamìti: 0
Infikované moduly v pamìti: 0
Infikované klíèe v registru: 0
Infikované hodnoty v registru: 1
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 5

Infikované procesy v pamìti:
(Žádné škodlivé položky nebyly zjištìny)

Infikované moduly v pamìti:
(Žádné škodlivé položky nebyly zjištìny)

Infikované klíèe v registru:
(Žádné škodlivé položky nebyly zjištìny)

Infikované hodnoty v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hEp24512nInJj24512 (Trojan.Agent.Gen) -> Value: hEp24512nInJj24512 -> No action taken.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištìny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištìny)

Infikované soubory:
c:\programdata\hep24512ninjj24512\hep24512ninjj24512.exe (Trojan.Agent.Gen) -> No action taken.
c:\Users\Silvi\downloads\bestantivirus2011(2).exe (Trojan.Agent.Gen) -> No action taken.
c:\Users\Silvi\downloads\bestantivirus2011(3).exe (Trojan.Agent.Gen) -> No action taken.
c:\Users\Silvi\downloads\bestantivirus2011(4).exe (Trojan.Agent.Gen) -> No action taken.
c:\Users\Silvi\downloads\bestantivirus2011.exe (Trojan.Agent.Gen) -> No action taken.

[Žbeky]

Vyřiď kamarádce, že nemá klikat na všechno, co se jí zobrazí

- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[evolution]

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Database version: 6246

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

02/04/2011 15:27:57
mbam-log-2011-04-02 (15-27-57).txt

Scan type: Quick scan
Objects scanned: 173754
Time elapsed: 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hEp24512nInJj24512 (Trojan.Agent.Gen) -> Value: hEp24512nInJj24512 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\hep24512ninjj24512\hep24512ninjj24512.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\Silvi\downloads\bestantivirus2011(2).exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\Silvi\downloads\bestantivirus2011(3).exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\Silvi\downloads\bestantivirus2011(4).exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\Silvi\downloads\bestantivirus2011.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---

ComboFix 11-04-01.01 - Silvi 02/04/2011 16:08:04.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2013.932 [GMT 1:00]
Running from: C:\Users\Silvi\Downloads\ComboFix.exe
AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\ProgramData\FullRemove.exe
C:\Windows\system32\service


((((((((((((((((((((((((( Files Created from 2011-03-02 to 2011-04-02 )))))))))))))))))))))))))))))))


2011-04-02 15:13:58 . 2011-04-02 15:13:58 -------- d-----w- C:\Users\TEMP\AppData\Local\temp
2011-04-02 15:13:58 . 2011-04-02 15:13:58 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-04-02 14:07:45 . 2011-04-02 14:07:45 -------- d-----w- C:\Users\Silvi\AppData\Roaming\Malwarebytes
2011-04-02 14:07:40 . 2010-12-20 17:09:00 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-02 14:07:39 . 2011-04-02 14:07:39 -------- d-----w- C:\ProgramData\Malwarebytes
2011-04-02 14:07:36 . 2011-04-02 14:07:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-04-02 14:07:36 . 2010-12-20 17:08:40 24152 ----a-w- C:\Windows\system32\drivers\mbam.sys
2011-03-31 20:26:50 . 2011-04-02 14:27:57 -------- d-----w- C:\ProgramData\hEp24512nInJj24512
2011-03-10 16:21:41 . 2010-12-23 06:07:50 1118720 ----a-w- C:\Windows\system32\sbe.dll
2011-03-10 16:21:41 . 2010-12-23 06:07:49 961024 ----a-w- C:\Windows\system32\CPFilters.dll
2011-03-10 16:21:41 . 2010-12-23 06:07:49 723968 ----a-w- C:\Windows\system32\EncDec.dll
2011-03-10 16:21:41 . 2010-12-23 05:28:28 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-03-10 16:21:41 . 2010-12-23 05:28:28 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-03-10 16:21:40 . 2010-12-23 06:02:33 259072 ----a-w- C:\Windows\system32\mpg2splt.ax
2011-03-10 16:21:40 . 2010-12-23 05:28:29 850432 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-03-10 16:21:40 . 2010-12-23 05:24:02 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-03-10 16:21:39 . 2010-12-18 06:12:28 3138048 ----a-w- C:\Windows\system32\mstscax.dll
2011-03-10 16:21:38 . 2010-12-18 06:08:15 1097216 ----a-w- C:\Windows\system32\mstsc.exe
2011-03-10 16:21:38 . 2010-12-18 05:30:20 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-03-10 16:21:38 . 2010-12-18 05:26:55 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-02-13 19:39:58 . 2011-02-13 19:18:36 867064 ----a-w- C:\Windows\system32\drivers\sptd.sys
2011-01-07 08:06:50 . 2011-02-12 23:35:52 46080 ----a-w- C:\Windows\system32\atmlib.dll
2011-01-07 07:27:11 . 2011-02-12 23:35:52 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 . 2011-02-12 23:35:52 366080 ----a-w- C:\Windows\system32\atmfd.dll
2011-01-07 05:33:11 . 2011-02-12 23:35:52 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 . 2011-02-12 23:36:22 612352 ----a-w- C:\Windows\system32\vbscript.dll
2011-01-05 05:37:33 . 2011-02-12 23:36:22 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 . 2011-02-12 23:37:50 3127808 ----a-w- C:\Windows\system32\win32k.sys
2009-04-08 17:31:56 . 2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45:20 . 2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08:18 143360 ----a-w- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-07-14 01:39:41 1475072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 05:16:16 222504]
"UpdateP2GoShortCut"="C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 05:16:16 222504]
"Boingo Wi-Fi"="C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-07-10 04:19:31 2429]
"HDAudDeck"="C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-17 07:40:21 2245120]
"HControlUser"="C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 17:29:42 105016]
"ATKOSD2"="C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 16:58:46 6859392]
"ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 03:31:48 170624]
"Malwarebytes' Anti-Malware (reboot)"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 17:08:46 963976]

C:\Users\Silvi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Lingea Update Center.lnk - C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe [2011-2-22 275736]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-7-10 12862]
SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-7-10 156952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [x]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 04:19:12 135664]
R3 ipswuio;ipswuio;C:\Windows\system32\DRIVERS\ipswuio.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 10:41:00 51456888]
R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 21:20:56 174440]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 21:34:24 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
S0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;C:\Windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2007-07-24 18:11:32 14904]
S3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys [x]


Contents of the 'Scheduled Tasks' folder

2011-04-02 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 04:19:14 . 2010-07-10 04:19:12]

2011-04-02 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 04:19:14 . 2010-07-10 04:19:12]


--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52:58 159744 ----a-w- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49:40 70656 ----a-w- C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49:40 70656 ----a-w- C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="C:\Program Files\Elantech\ETDCtrl.exe" [2009-09-30 03:55:25 621440]
"ASUS WebStorage"="C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 01:48:34 1754448]
"AmIcoSinglun64"="C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 07:10:27 323584]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2010-08-26 03:45:04 161304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2010-08-26 03:44:54 386584]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2010-08-26 03:45:00 415256]
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 14:54:26 112512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

------- Supplementary Scan -------

uStart Page = hxxp://asus.msn.com
uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - C:\Users\Silvi\AppData\Roaming\Mozilla\Firefox\Profiles\7hiybbh7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.sympatico.ca/default.aspx
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-ASUS_Screensaver - C:\Windows\system32\ASUS_Screensaver.scr

[memphisto]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Folder::
C:\ProgramData\hEp24512nInJj24512

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=-
"ConsentPromptBehaviorUser"=-
"EnableUIADesktopToggle"=-

File::
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[evolution]

ComboFix 11-04-01.01 - Silvi 02/04/2011 16:50:02.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2013.1006 [GMT 1:00]
Running from: C:\Users\Silvi\Desktop\ComboFix.exe
Command switches used :: C:\Users\Silvi\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job"
"C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job"


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\ProgramData\hEp24512nInJj24512
C:\ProgramData\hEp24512nInJj24512\hEp24512nInJj24512
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

---- Previous Run -------

C:\ProgramData\FullRemove.exe
C:\Windows\system32\service


((((((((((((((((((((((((( Files Created from 2011-03-02 to 2011-04-02 )))))))))))))))))))))))))))))))


2011-04-02 14:07:45 . 2011-04-02 14:07:45 -------- d-----w- C:\Users\Silvi\AppData\Roaming\Malwarebytes
2011-04-02 14:07:40 . 2010-12-20 17:09:00 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-02 14:07:39 . 2011-04-02 14:07:39 -------- d-----w- C:\ProgramData\Malwarebytes
2011-04-02 14:07:36 . 2011-04-02 14:07:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-04-02 14:07:36 . 2010-12-20 17:08:40 24152 ----a-w- C:\Windows\system32\drivers\mbam.sys
2011-03-10 16:21:41 . 2010-12-23 06:07:50 1118720 ----a-w- C:\Windows\system32\sbe.dll
2011-03-10 16:21:41 . 2010-12-23 06:07:49 961024 ----a-w- C:\Windows\system32\CPFilters.dll
2011-03-10 16:21:41 . 2010-12-23 06:07:49 723968 ----a-w- C:\Windows\system32\EncDec.dll
2011-03-10 16:21:41 . 2010-12-23 05:28:28 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-03-10 16:21:41 . 2010-12-23 05:28:28 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-03-10 16:21:40 . 2010-12-23 06:02:33 259072 ----a-w- C:\Windows\system32\mpg2splt.ax
2011-03-10 16:21:40 . 2010-12-23 05:28:29 850432 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-03-10 16:21:40 . 2010-12-23 05:24:02 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-03-10 16:21:39 . 2010-12-18 06:12:28 3138048 ----a-w- C:\Windows\system32\mstscax.dll
2011-03-10 16:21:38 . 2010-12-18 06:08:15 1097216 ----a-w- C:\Windows\system32\mstsc.exe
2011-03-10 16:21:38 . 2010-12-18 05:30:20 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-03-10 16:21:38 . 2010-12-18 05:26:55 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-02-13 19:39:58 . 2011-02-13 19:18:36 867064 ----a-w- C:\Windows\system32\drivers\sptd.sys
2011-01-07 08:06:50 . 2011-02-12 23:35:52 46080 ----a-w- C:\Windows\system32\atmlib.dll
2011-01-07 07:27:11 . 2011-02-12 23:35:52 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 . 2011-02-12 23:35:52 366080 ----a-w- C:\Windows\system32\atmfd.dll
2011-01-07 05:33:11 . 2011-02-12 23:35:52 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 . 2011-02-12 23:36:22 612352 ----a-w- C:\Windows\system32\vbscript.dll
2011-01-05 05:37:33 . 2011-02-12 23:36:22 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 . 2011-02-12 23:37:50 3127808 ----a-w- C:\Windows\system32\win32k.sys
2009-04-08 17:31:56 . 2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45:20 . 2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll


((((((((((((((((((((((((((((( SnapShot@2011-04-02_15.14.06 )))))))))))))))))))))))))))))))))))))))))

+ 2009-07-14 04:54:17 . 2011-04-02 15:55:21 16384 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54:17 . 2011-04-02 15:05:03 16384 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54:17 . 2011-04-02 15:05:03 32768 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54:17 . 2011-04-02 15:55:21 32768 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54:17 . 2011-04-02 15:05:03 16384 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54:17 . 2011-04-02 15:55:21 16384 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-10 02:07:53 . 2011-04-02 15:55:37 16384 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-10 02:07:53 . 2011-04-02 15:05:13 16384 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-10 02:07:53 . 2011-04-02 15:55:37 32768 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-10 02:07:53 . 2011-04-02 15:05:13 32768 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54:19 . 2011-04-02 15:05:13 16384 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54:19 . 2011-04-02 15:55:37 16384 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-09 11:31:59 . 2011-04-02 15:56:20 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-09 11:31:59 . 2011-04-02 15:05:42 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-09 11:31:59 . 2011-04-02 15:05:42 32768 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-09 11:31:59 . 2011-04-02 15:56:20 32768 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-09 11:31:59 . 2011-04-02 15:05:42 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-09 11:31:59 . 2011-04-02 15:56:20 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-09 19:17:50 . 2011-04-02 15:05:44 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-09 19:17:50 . 2011-04-02 15:56:22 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-09 19:17:50 . 2011-04-02 15:05:44 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-09 19:17:50 . 2011-04-02 15:56:22 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-02 15:55:14 . 2011-04-02 15:55:14 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-04-02 15:05:00 . 2011-04-02 15:05:00 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-04-02 15:05:00 . 2011-04-02 15:05:00 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-02 15:55:14 . 2011-04-02 15:55:14 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-13 09:44:09 . 2011-04-02 15:44:15 215104 C:\Windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-07-14 05:12:52 . 2011-04-02 15:05:13 262144 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12:52 . 2011-04-02 15:55:37 262144 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 02:34:08 . 2011-04-02 15:18:11 10223616 C:\Windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34:08 . 2011-04-02 13:25:19 10223616 C:\Windows\system32\SMI\Store\Machine\schema.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08:18 143360 ----a-w- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-07-14 01:39:41 1475072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 05:16:16 222504]
"UpdateP2GoShortCut"="C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 05:16:16 222504]
"Boingo Wi-Fi"="C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-07-10 04:19:31 2429]
"HDAudDeck"="C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-17 07:40:21 2245120]
"HControlUser"="C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 17:29:42 105016]
"ATKOSD2"="C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 16:58:46 6859392]
"ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 03:31:48 170624]
"Malwarebytes' Anti-Malware (reboot)"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 17:08:46 963976]

C:\Users\Silvi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Lingea Update Center.lnk - C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe [2011-2-22 275736]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-7-10 12862]
SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-7-10 156952]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [x]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 04:19:12 135664]
R3 ipswuio;ipswuio;C:\Windows\system32\DRIVERS\ipswuio.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 10:41:00 51456888]
R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 21:20:56 174440]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 21:34:24 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
S0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;C:\Windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2007-07-24 18:11:32 14904]
S3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys [x]



--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52:58 159744 ----a-w- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49:40 70656 ----a-w- C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49:40 70656 ----a-w- C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="C:\Program Files\Elantech\ETDCtrl.exe" [2009-09-30 03:55:25 621440]
"ASUS WebStorage"="C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 01:48:34 1754448]
"AmIcoSinglun64"="C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 07:10:27 323584]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2010-08-26 03:45:04 161304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2010-08-26 03:44:54 386584]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2010-08-26 03:45:00 415256]
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 14:54:26 112512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

------- Supplementary Scan -------

uStart Page = hxxp://asus.msn.com
uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - C:\Users\Silvi\AppData\Roaming\Mozilla\Firefox\Profiles\7hiybbh7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.sympatico.ca/default.aspx
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Toolbar-Locked - (no file)

[memphisto]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials


Jak se chová PC?

[evolution]

zatial ide ok, buduci tyzden si kupuje antivir tak uvidime

[memphisto]

Dej sem ještě log z programu HijackThis. Návod mám v podpise. Dočistíme a uvidíme. Vypadá to už ale ok
Proč kupovat? Vždyť i free varianty jsou dobré

[evolution]

jj tak uz ma norton nainstalovany..

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:39:01, on 06/04/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.0.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.0.0.125\IPS\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.0.0.125\coIEPlg.dll
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: Lingea Update Center.lnk = C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Silvi\Desktop\PartyPoker.lnk
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Silvi\Desktop\PartyPoker.lnk
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\5.0.0.125\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9601 bytes

[Žbeky]

Odinstaluj Google toolbar

V HJT fixni:

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

Pokud s Pc nejsou problémy, je to z naší strany vše a můžeš dát vyřešeno