Prosím o preventivku Vyřešeno

[krtecek36]

Logfile of HijackThis v1.99.1
Scan saved at 20:45:28, on 5.1.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
E:\PC\HijackThis.exe
C:\DOCUME~1\DANULA~1\LOCALS~1\Temp\mexetmp.ex~

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutoRun OSCleaner.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

[Reklama]

[memphisto]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat


Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[krtecek36]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5465

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5.1.2011 21:31:13
mbam-log-2011-01-05 (21-31-13).txt

Typ kontroly: Rychlý test
Testované objekty: 130256
Uplynulý čas: 1 minut, 49 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[memphisto]

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[krtecek36]

ComboFix 11-01-05.01 - Danula Krátká 05.01.2011 22:19:57.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.496 [GMT 1:00]
Spuštěný z: c:\documents and settings\Danula Krátká\Plocha\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\DANULA~1\LOCALS~1\Temp\6EB7C348-39ED05A8-698D1FA0-6E42C088\8d06fd.exe
c:\docume~1\DANULA~1\LOCALS~1\Temp\6EB7C348-39ED05A8-698D1FA0-6E42C088\b9f60_xp.exe
c:\docume~1\DANULA~1\LOCALS~1\Temp\6EB7C348-39ED05A8-698D1FA0-6E42C088\setup.dll
c:\documents and settings\Danula Krátká\Local Settings\Temp\6EB7C348-39ED05A8-698D1FA0-6E42C088\8d06fd.exe
c:\documents and settings\Danula Krátká\Local Settings\Temp\6EB7C348-39ED05A8-698D1FA0-6E42C088\b9f60_xp.exe
c:\documents and settings\Danula Krátká\Local Settings\Temp\6EB7C348-39ED05A8-698D1FA0-6E42C088\setup.dll
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_usnjsvc


((((((((((((((((((((((((( Soubory vytvořené od 2010-12-05 do 2011-01-05 )))))))))))))))))))))))))))))))
.

2030-10-03 09:25 . 2030-10-03 09:25 -------- d-----w- c:\program files\Sun
2030-10-03 09:25 . 2007-09-24 21:31 69632 ----a-w- c:\windows\system32\javacpl.cpl
2030-10-03 09:24 . 2030-10-03 09:25 -------- d-----w- c:\program files\Java
2030-10-03 09:23 . 2030-10-03 09:23 -------- d-----w- c:\program files\Common Files\Java
2030-10-03 09:19 . 2030-10-03 09:19 -------- d-----w- c:\program files\Eee Storage
2030-10-03 09:18 . 2030-10-03 09:18 -------- d-----w- c:\program files\Atheros
2030-10-03 09:18 . 2008-09-18 17:44 1326528 ----a-w- c:\windows\system32\drivers\athw.sys
2030-10-03 09:18 . 2008-09-18 17:44 1326528 ----a-w- c:\windows\system32\athw.sys
2030-10-03 09:18 . 2030-10-03 09:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Atheros
2030-10-03 09:12 . 2030-10-03 09:12 -------- d-----w- c:\program files\Elantech
2030-10-03 09:09 . 2010-08-15 15:48 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Skype
2030-10-03 09:09 . 2008-07-02 07:48 37 ----a-w- c:\windows\AUTO.BAT
2030-10-03 09:09 . 2008-02-19 09:42 256 ----a-w- c:\windows\RUN.REG
2030-10-03 09:09 . 2008-01-24 14:17 124 ----a-w- c:\windows\HW.VBS
2030-10-03 09:09 . 2007-12-14 23:00 49152 ----a-w- c:\windows\INSTALLEEE.EXE
2030-10-03 09:09 . 2007-06-13 14:39 1162 ----a-w- c:\windows\sr.VBS
2030-10-03 09:08 . 2002-11-22 00:57 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2030-10-03 09:08 . 2002-11-22 00:57 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2030-10-03 09:08 . 2002-11-22 00:57 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2030-10-03 09:08 . 2002-11-22 00:57 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2030-10-03 09:08 . 2002-11-22 00:57 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2030-10-03 09:08 . 2002-11-22 00:57 20480 ----a-w- c:\windows\system32\IVIresize.dll
2030-10-03 09:08 . 2030-10-03 09:08 -------- d-----w- c:\program files\InterVideo
2030-10-03 09:08 . 2030-10-03 09:08 -------- d-----w- c:\program files\Common Files\InterVideo
2030-10-03 09:08 . 2008-05-07 08:34 15523560 ----a-w- c:\program files\U1 Setup.exe
2030-10-03 09:07 . 2030-10-03 09:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\WLInstaller
2030-10-03 09:06 . 2010-08-15 17:16 -------- d-----w- c:\program files\Microsoft Works
2030-10-03 09:05 . 2030-10-03 09:05 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2030-10-03 09:04 . 2009-08-06 17:24 22232 ----a-w- c:\windows\system32\wucltui.dll.mui
2030-10-03 09:04 . 2009-08-06 17:24 44768 ----a-w- c:\windows\system32\wups2.dll
2030-10-03 09:04 . 2009-08-06 17:24 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2030-10-03 09:04 . 2009-08-06 17:24 18136 ----a-w- c:\windows\system32\wuaueng.dll.mui
2030-10-03 09:04 . 2009-08-06 17:24 15072 ----a-w- c:\windows\system32\wuapi.dll.mui
2030-10-03 09:03 . 2030-10-03 09:04 -------- d-----w- c:\program files\ASUS
2030-10-03 09:03 . 2008-08-19 14:16 991656 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2030-10-03 09:03 . 2008-08-19 14:16 47272 ----a-w- c:\windows\system32\drivers\btwusb.sys
2030-10-03 09:03 . 2008-07-24 09:37 156816 ----a-w- c:\windows\system32\drivers\btwdndis.sys
2030-10-03 09:03 . 2008-06-11 06:14 89896 ----a-w- c:\windows\system32\drivers\btwsecfl.sys
2030-10-03 09:03 . 2008-05-30 03:46 534568 ----a-w- c:\windows\system32\drivers\btaudio.sys
2030-10-03 09:03 . 2008-02-04 09:57 37160 ----a-w- c:\windows\system32\drivers\btport.sys
2030-10-03 09:03 . 2008-02-04 09:57 37032 ----a-w- c:\windows\system32\drivers\btwmodem.sys
2030-10-03 09:03 . 2007-09-20 03:59 106557 ----a-w- c:\windows\system32\btw_ci.dll
2030-10-03 09:03 . 2030-10-03 09:03 -------- d-----w- c:\program files\WIDCOMM
2030-10-03 09:02 . 2030-10-03 09:02 -------- d-----w- c:\program files\RALINK
2030-10-03 09:02 . 2030-10-03 09:02 -------- d-----w- c:\program files\EeePC
2030-10-03 09:02 . 2008-04-08 13:59 10752 ----a-w- c:\windows\system32\drivers\ASUSACPI.SYS
2030-10-03 09:02 . 2010-09-22 18:30 -------- d-----w- c:\windows\system32\Atheros_L1e
2030-10-03 08:59 . 2030-10-03 09:04 -------- d-----w- c:\program files\Common Files\InstallShield
2030-10-03 08:57 . 2008-06-14 17:35 272128 -c--a-w- c:\windows\system32\dllcache\bthport.sys
2030-10-03 08:57 . 2008-06-14 17:35 272128 ----a-w- c:\windows\system32\drivers\bthport.sys
2030-10-03 08:51 . 2030-10-03 08:51 -------- d-----w- c:\windows\system32\URTTemp
2030-10-03 08:49 . 2001-10-24 09:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2030-10-03 08:49 . 2001-10-24 09:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2030-10-03 08:49 . 2008-04-13 22:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2030-10-03 08:49 . 2008-04-13 22:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-01-05 20:34 . 2011-01-05 20:34 -------- d-----w- c:\documents and settings\Danula Krátká\DoctorWeb
2010-12-13 14:58 . 2010-12-16 16:38 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-12-13 14:51 . 2010-12-13 14:51 -------- d-----w- c:\documents and settings\Danula Krátká\Data aplikací\Malwarebytes
2010-12-13 14:51 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-13 14:51 . 2010-12-13 14:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-13 14:51 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-13 14:51 . 2011-01-05 20:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-12 19:18 . 2010-12-12 19:18 -------- d-----w- c:\documents and settings\Danula Krátká\Data aplikací\SUPERAntiSpyware.com
2010-12-12 19:18 . 2010-12-12 19:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-12 19:01 . 2010-12-12 19:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-30 08:18 . 2010-09-22 19:21 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-11-18 18:15 . 2008-09-09 11:20 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:23 . 2008-05-07 21:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:23 . 2008-05-07 21:57 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:23 . 2008-05-07 21:57 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2008-05-07 21:57 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 18:36 . 2010-08-16 18:47 359016 ----a-w- c:\windows\vncutil.exe
2010-11-02 18:36 . 2010-08-16 18:47 54888 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-11-02 18:36 . 2010-08-16 18:47 129640 ----a-w- c:\windows\RtkAudioService.exe
2010-11-02 15:17 . 2008-05-07 21:57 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-11-01 17:45 . 2010-11-01 17:43 5856076 ----a-w- c:\windows\REGBK04.ZIP
2010-10-28 13:09 . 2008-05-07 21:56 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2008-05-07 21:58 1853312 ----a-w- c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-02-26 2140880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AutoRun OSCleaner.lnk - c:\program files\ASUS\Asus OS Cleaner\AsOSCleaner.exe [2030-10-3 118784]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2030-10-3 311296]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 09:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [26.2.2010 5:41 114984]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 19:41 67656]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [13.12.2010 15:58 2953808]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [26.2.2010 5:41 810120]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [22.9.2010 20:19 10448]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [13.12.2010 15:51 363344]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [23.8.2010 17:18 90112]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13.12.2010 15:51 20952]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [23.8.2010 17:11 27632]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [13.12.2010 15:58 72808]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3.10.2030 10:00 1691480]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [23.8.2010 17:08 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [23.8.2010 17:09 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [23.8.2010 17:09 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [23.8.2010 17:09 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [23.8.2010 17:09 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [23.8.2010 17:09 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [23.8.2010 17:09 115752]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
FF - ProfilePath - c:\documents and settings\Danula Krátká\Data aplikací\Mozilla\Firefox\Profiles\81i0ucq1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... 2.0.0.4&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: WebTran: {003D3EDC-99B9-4a34-9C20-60CB94F7E829} - %profile%\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
FF - Ext: Facicons: {DDABDBA1-2377-4A30-A027-25697B99E254} - %profile%\extensions\{DDABDBA1-2377-4A30-A027-25697B99E254}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-05 22:28
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1308)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

- - - - - - - > 'explorer.exe'(3900)
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Celkový čas: 2011-01-05 22:34:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-05 21:34

Před spuštěním: 6 016 040 960
Po spuštění: 5 946 454 016

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 99D0D1CC34A6145366AB4D76D05CA2AD

[memphisto]

Odinstaluj Emsisoft Anti-Malware. ESET má svůj antispyware štít, tak všechny ostatní odinstaluj nebo zakaž.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\REGBK04.ZIP

DDS::
uStart Page = hxxp://start.icq.com/

Firefox::
FF - ProfilePath - c:\documents and settings\Danula Krátká\Data aplikací\Mozilla\Firefox\Profiles\81i0ucq1.default\
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... 2.0.0.4&q=

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Toto otestuj na Virustotal
c:\windows\AUTO.BAT
c:\windows\RUN.REG
c:\windows\HW.VBS
c:\windows\INSTALLEEE.EXE
c:\windows\sr.VBS

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

[havran31]

ComboFix 11-01-05.01 - Danula Krátká 06.01.2011 3:04.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.607 [GMT 1:00]
Spuštěný z: c:\documents and settings\Danula Krátká\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Danula Krátká\Plocha\CFScript.txt
AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý


FILE ::
"c:\windows\REGBK04.ZIP"
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-12-06 do 2011-01-06 )))))))))))))))))))))))))))))))
.

2030-10-03 09:25 . 2030-10-03 09:25 -------- d-----w- c:\program files\Sun
2030-10-03 09:25 . 2007-09-24 21:31 69632 ----a-w- c:\windows\system32\javacpl.cpl
2030-10-03 09:24 . 2030-10-03 09:25 -------- d-----w- c:\program files\Java
2030-10-03 09:23 . 2030-10-03 09:23 -------- d-----w- c:\program files\Common Files\Java
2030-10-03 09:19 . 2030-10-03 09:19 -------- d-----w- c:\program files\Eee Storage
2030-10-03 09:18 . 2030-10-03 09:18 -------- d-----w- c:\program files\Atheros
2030-10-03 09:18 . 2008-09-18 17:44 1326528 ----a-w- c:\windows\system32\drivers\athw.sys
2030-10-03 09:18 . 2008-09-18 17:44 1326528 ----a-w- c:\windows\system32\athw.sys
2030-10-03 09:18 . 2030-10-03 09:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Atheros
2030-10-03 09:12 . 2030-10-03 09:12 -------- d-----w- c:\program files\Elantech
2030-10-03 09:09 . 2010-08-15 15:48 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Skype
2030-10-03 09:09 . 2008-07-02 07:48 37 ----a-w- c:\windows\AUTO.BAT
2030-10-03 09:09 . 2008-02-19 09:42 256 ----a-w- c:\windows\RUN.REG
2030-10-03 09:09 . 2008-01-24 14:17 124 ----a-w- c:\windows\HW.VBS
2030-10-03 09:09 . 2007-12-14 23:00 49152 ----a-w- c:\windows\INSTALLEEE.EXE
2030-10-03 09:09 . 2007-06-13 14:39 1162 ----a-w- c:\windows\sr.VBS
2030-10-03 09:08 . 2002-11-22 00:57 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2030-10-03 09:08 . 2002-11-22 00:57 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2030-10-03 09:08 . 2002-11-22 00:57 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2030-10-03 09:08 . 2002-11-22 00:57 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2030-10-03 09:08 . 2002-11-22 00:57 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2030-10-03 09:08 . 2002-11-22 00:57 20480 ----a-w- c:\windows\system32\IVIresize.dll
2030-10-03 09:08 . 2030-10-03 09:08 -------- d-----w- c:\program files\InterVideo
2030-10-03 09:08 . 2030-10-03 09:08 -------- d-----w- c:\program files\Common Files\InterVideo
2030-10-03 09:08 . 2008-05-07 08:34 15523560 ----a-w- c:\program files\U1 Setup.exe
2030-10-03 09:07 . 2030-10-03 09:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\WLInstaller
2030-10-03 09:06 . 2010-08-15 17:16 -------- d-----w- c:\program files\Microsoft Works
2030-10-03 09:05 . 2030-10-03 09:05 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2030-10-03 09:04 . 2009-08-06 17:24 22232 ----a-w- c:\windows\system32\wucltui.dll.mui
2030-10-03 09:04 . 2009-08-06 17:24 44768 ----a-w- c:\windows\system32\wups2.dll
2030-10-03 09:04 . 2009-08-06 17:24 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2030-10-03 09:04 . 2009-08-06 17:24 18136 ----a-w- c:\windows\system32\wuaueng.dll.mui
2030-10-03 09:04 . 2009-08-06 17:24 15072 ----a-w- c:\windows\system32\wuapi.dll.mui
2030-10-03 09:03 . 2030-10-03 09:04 -------- d-----w- c:\program files\ASUS
2030-10-03 09:03 . 2008-08-19 14:16 991656 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2030-10-03 09:03 . 2008-08-19 14:16 47272 ----a-w- c:\windows\system32\drivers\btwusb.sys
2030-10-03 09:03 . 2008-07-24 09:37 156816 ----a-w- c:\windows\system32\drivers\btwdndis.sys
2030-10-03 09:03 . 2008-06-11 06:14 89896 ----a-w- c:\windows\system32\drivers\btwsecfl.sys
2030-10-03 09:03 . 2008-05-30 03:46 534568 ----a-w- c:\windows\system32\drivers\btaudio.sys
2030-10-03 09:03 . 2008-02-04 09:57 37160 ----a-w- c:\windows\system32\drivers\btport.sys
2030-10-03 09:03 . 2008-02-04 09:57 37032 ----a-w- c:\windows\system32\drivers\btwmodem.sys
2030-10-03 09:03 . 2007-09-20 03:59 106557 ----a-w- c:\windows\system32\btw_ci.dll
2030-10-03 09:03 . 2030-10-03 09:03 -------- d-----w- c:\program files\WIDCOMM
2030-10-03 09:02 . 2030-10-03 09:02 -------- d-----w- c:\program files\RALINK
2030-10-03 09:02 . 2030-10-03 09:02 -------- d-----w- c:\program files\EeePC
2030-10-03 09:02 . 2008-04-08 13:59 10752 ----a-w- c:\windows\system32\drivers\ASUSACPI.SYS
2030-10-03 09:02 . 2010-09-22 18:30 -------- d-----w- c:\windows\system32\Atheros_L1e
2030-10-03 08:59 . 2030-10-03 09:04 -------- d-----w- c:\program files\Common Files\InstallShield
2030-10-03 08:57 . 2008-06-14 17:35 272128 -c--a-w- c:\windows\system32\dllcache\bthport.sys
2030-10-03 08:57 . 2008-06-14 17:35 272128 ----a-w- c:\windows\system32\drivers\bthport.sys
2030-10-03 08:51 . 2030-10-03 08:51 -------- d-----w- c:\windows\system32\URTTemp
2030-10-03 08:49 . 2001-10-24 09:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2030-10-03 08:49 . 2001-10-24 09:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2030-10-03 08:49 . 2008-04-13 22:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2030-10-03 08:49 . 2008-04-13 22:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-01-05 20:34 . 2011-01-05 20:34 -------- d-----w- c:\documents and settings\Danula Krátká\DoctorWeb
2010-12-13 14:51 . 2010-12-13 14:51 -------- d-----w- c:\documents and settings\Danula Krátká\Data aplikací\Malwarebytes
2010-12-13 14:51 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-13 14:51 . 2010-12-13 14:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-13 14:51 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-13 14:51 . 2011-01-05 20:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-12 19:18 . 2010-12-12 19:18 -------- d-----w- c:\documents and settings\Danula Krátká\Data aplikací\SUPERAntiSpyware.com
2010-12-12 19:18 . 2010-12-12 19:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-12 19:01 . 2010-12-12 19:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-30 08:18 . 2010-09-22 19:21 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-11-18 18:15 . 2008-09-09 11:20 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:23 . 2008-05-07 21:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:23 . 2008-05-07 21:57 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:23 . 2008-05-07 21:57 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2008-05-07 21:57 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 18:36 . 2010-08-16 18:47 359016 ----a-w- c:\windows\vncutil.exe
2010-11-02 18:36 . 2010-08-16 18:47 54888 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-11-02 18:36 . 2010-08-16 18:47 129640 ----a-w- c:\windows\RtkAudioService.exe
2010-11-02 15:17 . 2008-05-07 21:57 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-11-01 17:45 . 2010-11-01 17:43 5856076 ----a-w- c:\windows\REGBK04.ZIP
2010-10-28 13:09 . 2008-05-07 21:56 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2008-05-07 21:58 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2011-01-05_21.28.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-07 21:58 . 2011-01-05 21:34 53942 c:\windows\system32\perfc009.dat
- 2008-05-07 21:58 . 2011-01-05 21:11 53942 c:\windows\system32\perfc009.dat
+ 2008-05-07 21:59 . 2011-01-05 21:34 63526 c:\windows\system32\perfc005.dat
- 2008-05-07 21:59 . 2011-01-05 21:11 63526 c:\windows\system32\perfc005.dat
+ 2008-05-07 21:58 . 2011-01-05 21:34 383588 c:\windows\system32\perfh009.dat
- 2008-05-07 21:58 . 2011-01-05 21:11 383588 c:\windows\system32\perfh009.dat
+ 2008-05-07 21:59 . 2011-01-05 21:34 383060 c:\windows\system32\perfh005.dat
- 2008-05-07 21:59 . 2011-01-05 21:11 383060 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-02-26 2140880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AutoRun OSCleaner.lnk - c:\program files\ASUS\Asus OS Cleaner\AsOSCleaner.exe [2030-10-3 118784]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2030-10-3 311296]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 09:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [26.2.2010 5:41 114984]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 19:41 67656]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [26.2.2010 5:41 810120]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [22.9.2010 20:19 10448]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [13.12.2010 15:51 363344]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [23.8.2010 17:18 90112]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13.12.2010 15:51 20952]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [23.8.2010 17:11 27632]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3.10.2030 10:00 1691480]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [23.8.2010 17:08 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [23.8.2010 17:09 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [23.8.2010 17:09 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [23.8.2010 17:09 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [23.8.2010 17:09 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [23.8.2010 17:09 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [23.8.2010 17:09 115752]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
FF - ProfilePath - c:\documents and settings\Danula Krátká\Data aplikací\Mozilla\Firefox\Profiles\81i0ucq1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: WebTran: {003D3EDC-99B9-4a34-9C20-60CB94F7E829} - %profile%\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
FF - Ext: Facicons: {DDABDBA1-2377-4A30-A027-25697B99E254} - %profile%\extensions\{DDABDBA1-2377-4A30-A027-25697B99E254}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-06 03:11
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1304)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

- - - - - - - > 'explorer.exe'(3352)
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Celkový čas: 2011-01-06 03:16:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-06 02:16
ComboFix2.txt 2011-01-05 21:34

Před spuštěním: 6 035 632 128
Po spuštění: 6 021 214 208

- - End Of File - - 8CCFF0EC6D2E93FBC62B0BA62928706D

[havran31]

Soubory jsou čisté.
c:\windows\INSTALLEEE.EXE nejde otestovat, objeví se -

Bad Gateway

The proxy server received an invalid response from an upstream serve

[havran31]

Tak uz to slo - taky cisty.

[memphisto]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials


+ HJT novější verze ale.Máš starou

Jak se chová PC?

[krtecek36]

Odinstalováno, promazáno, posílám log.
PC se chová vypadá normálně.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:46:13, on 6.1.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Danula Krátká\Dokumenty\Stažené soubory\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoRun OSCleaner.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9270 bytes

[memphisto]

FIxni:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab


Pokud nejsou problémy, dej vyřešeno (zelená fajka)