prosím o kontrolu

[Milda86]

Logfile of random's system information tool 1.08 (written by random/random)
Run by Milda at 2012-01-08 16:04:57
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 17 GB (22%) free of 76 GB
Total RAM: 2037 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:05:16, on 8.1.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ChristmasHolidayLaughs_4m\bar\1.bin\4mbrmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Milda\Desktop\Programy\RSIT.exe
C:\Program Files\trend micro\Milda.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {70e20594-23f6-4311-b17a-8fa050be27fc} - C:\Program Files\ChristmasHolidayLaughs_4m\bar\1.bin\4mSrcAs.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Search Assistant BHO - {c4d280aa-92de-425e-b1ac-34367b5a8203} - C:\Program Files\ChristmasHolidayLaughs_4m\bar\1.bin\4mSrcAs.dll
O2 - BHO: Toolbar BHO - {cf98c0c1-d033-482e-a9d0-eaa04d3ad595} - C:\PROGRA~1\CHRIST~2\bar\1.bin\4mbar.dll
O3 - Toolbar: ChristmasHolidayLaughs - {31063c67-aa37-4949-a652-66368f707bb3} - C:\Program Files\ChristmasHolidayLaughs_4m\bar\1.bin\4mbar.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ChristmasHolidayLaughs Search Scope Monitor] "C:\PROGRA~1\CHRIST~2\bar\1.bin\4msrchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [ChristmasHolidayLaughs_4m Browser Plugin Loader] C:\PROGRA~1\CHRIST~2\bar\1.bin\4mbrmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ChristmasHolidayLaughsService (ChristmasHolidayLaughs_4mService) - COMPANYVERS_NAME - C:\PROGRA~1\CHRIST~2\bar\1.bin\4mbarsvc.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5060 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c4d280aa-92de-425e-b1ac-34367b5a8203}]
Search Assistant BHO - C:\Program Files\ChristmasHolidayLaughs_4m\bar\1.bin\4mSrcAs.dll [2011-12-24 62864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf98c0c1-d033-482e-a9d0-eaa04d3ad595}]
Toolbar BHO - C:\PROGRA~1\CHRIST~2\bar\1.bin\4mbar.dll [2011-12-24 689552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{31063c67-aa37-4949-a652-66368f707bb3} - ChristmasHolidayLaughs - C:\Program Files\ChristmasHolidayLaughs_4m\bar\1.bin\4mbar.dll [2011-12-24 689552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
"NPSStartup"= []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"ChristmasHolidayLaughs Search Scope Monitor"=C:\PROGRA~1\CHRIST~2\bar\1.bin\4msrchmn.exe [2011-12-24 38440]
"ChristmasHolidayLaughs_4m Browser Plugin Loader"=C:\PROGRA~1\CHRIST~2\bar\1.bin\4mbrmon.exe [2011-12-24 30096]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-04-02 102400]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2012-01-08 15:45:39 ----DC---- C:\rsit
2011-12-24 13:19:42 ----DC---- C:\Program Files\ChristmasHolidayLaughs_4m
2011-12-24 13:18:54 ----DC---- C:\Program Files\ChristmasHolidayLaughs_4mEI
2011-12-19 17:04:47 ----DC---- C:\ProgramData\HPSSUPPLY
2011-12-19 16:58:21 ----DC---- C:\Program Files\Hewlett-Packard
2011-12-19 16:57:37 ----DC---- C:\Program Files\Common Files\HP
2011-12-15 14:57:35 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-12-15 14:57:34 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-12-15 09:04:07 ----A---- C:\Windows\system32\mshtmled.dll
2011-12-15 09:04:07 ----A---- C:\Windows\system32\iertutil.dll
2011-12-15 09:04:05 ----A---- C:\Windows\system32\wininet.dll
2011-12-15 09:04:05 ----A---- C:\Windows\system32\url.dll
2011-12-15 09:04:05 ----A---- C:\Windows\system32\ieui.dll
2011-12-15 09:04:04 ----A---- C:\Windows\system32\jscript9.dll
2011-12-15 09:04:04 ----A---- C:\Windows\system32\jscript.dll
2011-12-15 09:04:03 ----A---- C:\Windows\system32\jsproxy.dll
2011-12-15 09:04:01 ----A---- C:\Windows\system32\urlmon.dll
2011-12-15 09:04:00 ----A---- C:\Windows\system32\mshtml.dll
2011-12-15 09:03:59 ----A---- C:\Windows\system32\ieframe.dll
2011-12-14 20:38:19 ----A---- C:\Windows\system32\EncDec.dll
2011-12-14 20:38:16 ----A---- C:\Windows\system32\win32k.sys
2011-12-14 20:38:06 ----A---- C:\Windows\system32\csrsrv.dll
2011-12-14 20:37:56 ----A---- C:\Windows\system32\drivers\ssadwhnt.sys
2011-12-14 20:37:56 ----A---- C:\Windows\system32\drivers\ssadwh.sys
2011-12-14 20:37:55 ----A---- C:\Windows\system32\WdfCoInstaller01005.dll
2011-12-14 20:37:55 ----A---- C:\Windows\system32\drivers\WdfCoInstaller01005.dll
2011-12-14 20:37:54 ----A---- C:\Windows\system32\drivers\ssadmdm.sys
2011-12-14 20:37:54 ----A---- C:\Windows\system32\drivers\ssadmdfl.sys
2011-12-14 20:37:54 ----A---- C:\Windows\system32\drivers\ssadcmnt.sys
2011-12-14 20:37:54 ----A---- C:\Windows\system32\drivers\ssadcm.sys
2011-12-14 20:37:54 ----A---- C:\Windows\system32\drivers\ssadbus.sys
2011-12-14 20:37:53 ----A---- C:\Windows\system32\drivers\ssadserd.sys
2011-12-14 20:37:53 ----A---- C:\Windows\system32\drivers\ssadadb.sys
2011-12-14 20:36:17 ----A---- C:\Windows\system32\tzres.dll
2011-12-14 20:25:10 ----A---- C:\Windows\system32\drivers\ss_bwhnt.sys
2011-12-14 20:25:10 ----A---- C:\Windows\system32\drivers\ss_bwh.sys
2011-12-14 20:25:10 ----A---- C:\Windows\system32\drivers\ss_bmdm.sys
2011-12-14 20:25:10 ----A---- C:\Windows\system32\drivers\ss_bmdfl.sys
2011-12-14 20:25:10 ----A---- C:\Windows\system32\drivers\ss_bcmnt.sys
2011-12-14 20:25:10 ----A---- C:\Windows\system32\drivers\ss_bcm.sys
2011-12-14 20:25:10 ----A---- C:\Windows\system32\drivers\ss_bbus.sys
2011-12-14 20:05:47 ----DC---- C:\ProgramData\Samsung
2011-12-14 20:03:32 ----DC---- C:\Program Files\Common Files\Samsung
2011-12-11 18:30:26 ----D---- C:\Windows\system32\Samsung_USB_Drivers
2011-12-11 18:29:49 ----A---- C:\Windows\system32\FsUsbExService.Exe
2011-12-11 18:29:49 ----A---- C:\Windows\system32\FsUsbExDisk.Sys
2011-12-11 18:29:49 ----A---- C:\Windows\system32\FsUsbExDevice.Dll
2011-12-11 18:29:30 ----DC---- C:\Users\Milda\AppData\Roaming\Samsung
2011-12-11 18:28:07 ----DC---- C:\Program Files\MarkAny
2011-12-11 18:25:50 ----DC---- C:\Program Files\Samsung

======List of files/folders modified in the last 1 months======

2012-01-08 16:05:15 ----DC---- C:\Windows\temp
2012-01-08 16:05:03 ----DC---- C:\Program Files\trend micro
2012-01-08 16:03:37 ----D---- C:\Windows\Prefetch
2012-01-08 13:36:35 ----D---- C:\Windows\Minidump
2012-01-08 13:36:05 ----DC---- C:\Windows
2012-01-08 12:40:09 ----D---- C:\Windows\tracing
2012-01-08 09:34:28 ----D---- C:\Windows\system32\drivers
2012-01-08 09:33:56 ----DC---- C:\Program Files\Malwarebytes' Anti-Malware
2012-01-08 09:32:42 ----DC---- C:\Qoobox
2012-01-07 21:27:23 ----SHD---- C:\System Volume Information
2012-01-06 10:26:25 ----D---- C:\Windows\system32\catroot2
2012-01-03 09:49:11 ----D---- C:\Windows\Microsoft.NET
2012-01-03 09:48:35 ----RSDC---- C:\Windows\assembly
2012-01-03 09:37:50 ----D---- C:\Windows\winsxs
2012-01-03 09:37:36 ----SHD---- C:\Windows\Installer
2012-01-03 09:37:36 ----HDC---- C:\Config.Msi
2012-01-03 09:32:45 ----D---- C:\Windows\System32
2012-01-03 09:32:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-01-03 09:32:44 ----D---- C:\Windows\inf
2012-01-03 09:08:29 ----D---- C:\Windows\system32\catroot
2011-12-24 13:19:42 ----DC---- C:\Program Files
2011-12-22 12:16:02 ----DC---- C:\Program Files\Mozilla Firefox
2011-12-19 17:04:48 ----DC---- C:\Program Files\HP
2011-12-19 17:04:47 ----DC---- C:\ProgramData
2011-12-19 17:00:39 ----DC---- C:\ProgramData\HP
2011-12-19 16:58:24 ----D---- C:\Windows\twain_32
2011-12-19 16:57:37 ----DC---- C:\Program Files\Common Files
2011-12-19 12:52:49 ----AC---- C:\Windows\win.ini
2011-12-19 09:29:44 ----D---- C:\Windows\Debug
2011-12-19 09:16:10 ----SDC---- C:\Users\Milda\AppData\Roaming\Microsoft
2011-12-19 09:05:57 ----DC---- C:\Program Files\Opera
2011-12-19 09:03:45 ----DC---- C:\Users\Milda\AppData\Roaming\Image Zone Express
2011-12-19 09:03:44 ----DC---- C:\Users\Milda\AppData\Roaming\Printer Info Cache
2011-12-16 13:01:38 ----DC---- C:\Program Files\Common Files\microsoft shared
2011-12-15 09:14:11 ----D---- C:\Windows\system32\migration
2011-12-15 09:14:10 ----DC---- C:\Program Files\Windows Mail
2011-12-15 09:14:10 ----DC---- C:\Program Files\Internet Explorer
2011-12-15 09:13:30 ----D---- C:\Windows\rescache
2011-12-15 09:10:18 ----DC---- C:\ProgramData\Microsoft Help
2011-12-15 09:05:05 ----A---- C:\Windows\system32\mrt.exe
2011-12-15 08:59:32 ----D---- C:\Windows\system32\cs-CZ
2011-12-14 20:48:44 ----HDC---- C:\Program Files\InstallShield Installation Information
2011-12-14 20:06:23 ----DC---- C:\Program Files\PC Connectivity Solution

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-01-03 691696]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-06-28 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-06-28 165456]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-06-28 46672]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-06-28 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 b57nd60x;%SvcDispName%; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-18 179712]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 534016]
R3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [2010-08-24 18120]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2010-08-24 36640]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-10-18 206848]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-01-09 47360]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2010-07-20 30312]
S3 antw6wyu;antw6wyu; C:\Windows\system32\drivers\antw6wyu.sys []
S3 ayvyc31t;ayvyc31t; C:\Windows\system32\drivers\ayvyc31t.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 534016]
S3 catchme;catchme; \??\C:\Users\Milda\AppData\Local\Temp\catchme.sys []
S3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-18 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-18 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-18 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2012-01-08 40776]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2009-10-06 136704]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 123648]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2010-07-20 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2010-07-20 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2010-07-20 121576]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2010-07-20 98152]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 dgdersvc;Device Error Recovery Service; C:\Windows\system32\dgdersvc.exe [2010-08-24 95568]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2010-08-24 217088]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 ChristmasHolidayLaughs_4mService;ChristmasHolidayLaughsService; C:\PROGRA~1\CHRIST~2\bar\1.bin\4mbarsvc.exe [2011-12-24 42504]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-08-12 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2008-08-12 103736]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

[Mc_Murphy]

Zdravím.

Proč jsi nedokončil poslední prohlídku tohoto počítače s kolegou Roli ?!

[Milda86]

mno vše dle pokynů jsem dokončil, teď nevím co přesně máš na mysli, ale udělal jsem vše, co mi Roli poradil a řekl že mam udělat...

[Mc_Murphy]

Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Nějak tam ten log nevidím. Nebo si myslíš, že tohle byl konec?
To by Ti tam Roli asi napsal nebo? Po ComboFixu je třeba ještě dočistit, pak ho odinstalovat atd...

Reju do toho naprosto schválně, protože to si tu můžeme plácat játra věčně a návody a postupy psát tužkou do větru, když nebudete (uživatelé) dělat, co máte.

[Milda86]

jo sorry, jsem vůl a nejspíš jsem na to pak zapomněl....mám dál teda pokračovat v tom co jsem začal s Rolim, nebo mi s tim pomůžeš ty?

[Mc_Murphy]

Napíšu mu, jestli bude ochoten pokračovat zde.

[Roli]

Tak jsem tady a fakt budu potřebovat ten log z ComboFix.

[Milda86]

ahoj, díky, e mi chceš ještě pomoct.... rád bych udělal log, ale nejde mi spustit combofix

[Roli]

Tohle fixni v HJT :

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ChristmasHolidayLaughs Search Scope Monitor] "C:\PROGRA~1\CHRIST~2\bar\1.bin\4msrchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [ChristmasHolidayLaughs_4m Browser Plugin Loader] C:\PROGRA~1\CHRIST~2\bar\1.bin\4mbrmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

HJT najdeš zde :

C:\Program Files\trend micro\Milda.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

RegLock::  
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[Milda86]

ComboFix 08-08-30.01 - Milda 2012-01-10 15:08:09.4 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.1.1029.18.1073 [GMT 1:00]
Running from: C:\Users\Milda\Desktop\ggffggiu.exe
Command switches used :: C:\Users\Milda\Desktop\CFScript.lnk
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2011-12-10 to 2012-01-10 )))))))))))))))))))))))))))))))
.

2012-01-09 18:18 . 2012-01-09 18:39 <DIR> d---sc--- C:\32788R22FWJFW
2012-01-08 15:45 . 2012-01-08 15:55 <DIR> d----c--- C:\rsit
2011-12-24 13:19 . 2011-12-24 13:19 <DIR> d----c--- C:\Program Files\ChristmasHolidayLaughs_4m
2011-12-24 13:18 . 2011-12-24 13:18 <DIR> d----c--- C:\Program Files\ChristmasHolidayLaughs_4mEI
2011-12-19 17:04 . 2011-12-19 17:04 <DIR> d----c--- C:\Users\All Users\HPSSUPPLY
2011-12-19 17:04 . 2011-12-19 17:04 <DIR> d----c--- C:\ProgramData\HPSSUPPLY
2011-12-19 16:58 . 2011-12-19 16:58 <DIR> d----c--- C:\Program Files\Hewlett-Packard
2011-12-19 16:57 . 2011-12-19 17:03 <DIR> d----c--- C:\Program Files\Common Files\HP
2011-12-19 16:11 . 2011-12-19 17:15 148,869 --a--c--- C:\Windows\hpoins19.dat
2011-12-19 16:10 . 2007-03-13 20:52 26,952 --a--c--- C:\Windows\hpomdl19.dat
2011-12-15 14:57 . 2011-10-27 09:01 3,602,816 --a------ C:\Windows\System32\ntkrnlpa.exe
2011-12-15 14:57 . 2011-10-27 09:01 3,550,080 --a------ C:\Windows\System32\ntoskrnl.exe
2011-12-15 09:03 . 2011-11-03 23:40 1,427,456 --a------ C:\Windows\System32\inetcpl.cpl
2011-12-14 20:41 . 2011-12-14 20:41 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
2011-12-14 20:38 . 2011-11-23 14:37 2,043,904 --a------ C:\Windows\System32\win32k.sys
2011-12-14 20:38 . 2011-10-14 17:02 429,056 --a------ C:\Windows\System32\EncDec.dll
2011-12-14 20:38 . 2011-10-25 16:56 49,152 --a------ C:\Windows\System32\csrsrv.dll
2011-12-14 20:36 . 2011-11-08 15:42 2,048 --a------ C:\Windows\System32\tzres.dll
2011-12-14 20:25 . 2010-04-27 03:25 123,648 --a------ C:\Windows\System32\drivers\ss_bmdm.sys
2011-12-14 20:25 . 2010-04-27 03:25 98,432 --a------ C:\Windows\System32\drivers\ss_bbus.sys
2011-12-14 20:25 . 2010-04-27 03:25 14,848 --a------ C:\Windows\System32\drivers\ss_bmdfl.sys
2011-12-14 20:25 . 2010-04-27 03:25 12,416 --a------ C:\Windows\System32\drivers\ss_bcmnt.sys
2011-12-14 20:25 . 2010-04-27 03:25 12,416 --a------ C:\Windows\System32\drivers\ss_bcm.sys
2011-12-14 20:25 . 2010-04-27 03:25 12,288 --a------ C:\Windows\System32\drivers\ss_bwhnt.sys
2011-12-14 20:25 . 2010-04-27 03:25 12,288 --a------ C:\Windows\System32\drivers\ss_bwh.sys
2011-12-14 20:05 . 2011-12-14 20:07 <DIR> d----c--- C:\Users\All Users\Samsung
2011-12-14 20:05 . 2011-12-14 20:07 <DIR> d----c--- C:\ProgramData\Samsung
2011-12-14 20:03 . 2011-12-14 20:05 <DIR> d----c--- C:\Program Files\Common Files\Samsung
2011-12-11 18:30 . 2011-12-14 20:25 <DIR> d-------- C:\Windows\System32\Samsung_USB_Drivers
2011-12-11 18:29 . 2011-12-14 20:05 <DIR> d----c--- C:\Users\Milda\AppData\Roaming\Samsung
2011-12-11 18:29 . 2010-08-24 06:14 217,088 --a------ C:\Windows\System32\FsUsbExService.Exe
2011-12-11 18:29 . 2009-03-31 09:39 110,592 --a------ C:\Windows\System32\FsUsbExDevice.Dll
2011-12-11 18:29 . 2010-08-24 06:14 36,640 --a------ C:\Windows\System32\FsUsbExDisk.Sys
2011-12-11 18:28 . 2011-12-11 18:28 <DIR> d----c--- C:\Program Files\MarkAny
2011-12-11 18:25 . 2011-12-14 20:30 <DIR> d----c--- C:\Program Files\Samsung

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-08 15:05 --------- dc----w C:\Program Files\trend micro
2012-01-08 12:26 40,776 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2012-01-08 08:33 --------- dc----w C:\Program Files\Malwarebytes' Anti-Malware
2011-12-24 12:19 --------- dc----w C:\Program Files\ChristmasHolidayLaughs_4m
2011-12-19 16:04 --------- dc----w C:\Program Files\HP
2011-12-19 16:00 --------- dc----w C:\ProgramData\HP
2011-12-19 08:05 --------- dc----w C:\Program Files\Opera
2011-12-19 08:03 --------- dc----w C:\Users\Milda\AppData\Roaming\Printer Info Cache
2011-12-19 08:03 --------- dc----w C:\Users\Milda\AppData\Roaming\Image Zone Express
2011-12-15 08:14 --------- dc----w C:\Program Files\Windows Mail
2011-12-15 08:10 --------- dc----w C:\ProgramData\Microsoft Help
2011-12-14 19:48 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2011-12-14 19:06 --------- dc----w C:\Program Files\PC Connectivity Solution
2011-12-10 14:24 20,464 ----a-w C:\Windows\system32\drivers\mbam.sys
2011-11-30 12:35 --------- dc----w C:\Program Files\XTB-Trader
2011-11-25 17:14 --------- dc----w C:\Users\Milda\AppData\Roaming\LangSoft
2011-11-22 19:31 --------- dc----w C:\Users\Milda\AppData\Roaming\Skype
2011-11-10 14:55 --------- dc----w C:\Program Files\EA SPORTS
2011-11-03 22:47 1,798,144 ----a-w C:\Windows\System32\jscript9.dll
2011-11-03 22:39 1,127,424 ----a-w C:\Windows\System32\wininet.dll
2010-01-09 14:57 47,360 -c--a-w C:\Users\Milda\AppData\Roaming\pcouffin.sys
2008-08-12 20:41 22,328 -c--a-w C:\Users\Milda\AppData\Roaming\PnkBstrK.sys
2008-08-07 20:16 56 -c-ha-w C:\Users\All Users\ezsidmv.dat
2008-08-07 20:16 56 -c-ha-w C:\ProgramData\ezsidmv.dat
2008-08-07 07:29 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{70e20594-23f6-4311-b17a-8fa050be27fc}"= "C:\Program Files\ChristmasHolidayLaughs_4m\bar\1.bin\4mSrcAs.dll" [2011-12-24 13:19 62864]

[HKEY_CLASSES_ROOT\clsid\{70e20594-23f6-4311-b17a-8fa050be27fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4d280aa-92de-425e-b1ac-34367b5a8203}]
2011-12-24 13:19 62864 --a--c--- C:\Program Files\ChristmasHolidayLaughs_4m\bar\1.bin\4mSrcAs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf98c0c1-d033-482e-a9d0-eaa04d3ad595}]
2011-12-24 13:19 689552 --a--c--- C:\PROGRA~1\CHRIST~2\bar\1.bin\4mbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{31063c67-aa37-4949-a652-66368f707bb3}"= "C:\Program Files\ChristmasHolidayLaughs_4m\bar\1.bin\4mbar.dll" [2011-12-24 13:19 689552]

[HKEY_CLASSES_ROOT\clsid\{31063c67-aa37-4949-a652-66368f707bb3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{31063C67-AA37-4949-A652-66368F707BB3}"= "C:\Program Files\ChristmasHolidayLaughs_4m\bar\1.bin\4mbar.dll" [2011-12-24 13:19 689552]

[HKEY_CLASSES_ROOT\clsid\{31063c67-aa37-4949-a652-66368f707bb3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 19:13 166424]
"avast5"="C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 21:57 2837864]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2006-11-02 00:46 215552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm
"vidc.iv32"= C:\Windows\system32\ir32_32.dll
"vidc.iv31"= C:\Windows\system32\ir32_32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):06,a8,58,5a,df,69,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{42E9140B-D2BB-419E-9C5E-AF8DA2D6C59A}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{223BAEE6-D451-4549-B6DA-F09D39119DD0}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{037BEC0F-3FFB-4ADD-897B-1E2A518EF717}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{639E2293-310E-4400-8309-248CC2C90401}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EA354A84-2C86-4273-8E27-E047EB8FC0A4}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6E7C0034-1131-4E7A-B4A1-498ADF9E8687}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{FE0DA891-28E3-46F5-90C5-069DEF6F8899}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{0A755819-C49D-4B45-B96B-C55624EC1BBC}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{DC7C9ACF-EEF8-4587-AC00-C664C2A92051}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{3C2A2EBB-86FA-42FC-A1D6-F11235B3AD03}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{904E1B51-9ABB-484E-80D2-1E2A235CDA84}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent (TCP-In)
"{209923C6-8961-4B29-A6F7-F002C154A0B2}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent (UDP-In)
"TCP Query User{ADDDF84B-356C-4BF3-B003-539DFB405B78}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{BC2D5D09-85BF-474F-9CFC-1897C59703D6}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{6B23F173-C8DD-4168-9005-1BC6232073D8}"= UDP:C:\Program Files\Opera\opera.exe:Opera Internet Browser
"{CAC90FB0-5607-4DF7-A7FA-9D8C452C4275}"= TCP:C:\Program Files\Opera\opera.exe:Opera Internet Browser
"{28B05FC7-2059-48E7-BFCE-A3CC76151CF3}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2011\fm.exe:Football Manager 2011
"{8859891A-A545-4D14-937F-DE613C721683}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2011\fm.exe:Football Manager 2011
"{B17DF590-7ED2-46FF-998C-33B419D03B16}"= UDP:C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{E25B621D-A10C-45F0-9ACA-52A64B708586}"= TCP:C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{5AE1F7A2-200F-4016-90E7-EEF1ED20EA02}"= UDP:C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{E5A58CB2-F2C2-4262-9C31-5627D81326C6}"= TCP:C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{0119E6E6-33C2-42B6-95C9-F3F7ED7DAADA}"= UDP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player
"{D2E51E46-AAD9-4F49-8BEE-E0B5D4475880}"= TCP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys [2010-06-28 21:37]
R1 PSched;Plánovač paketů technologie QoS;C:\Windows\system32\DRIVERS\pacer.sys [2009-04-11 05:45]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys [2010-06-28 21:32]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2010-06-28 21:32]
R2 dgdersvc;Device Error Recovery Service;C:\Windows\system32\dgdersvc.exe [2010-08-24 06:16]
R2 FontCache;Mezipaměť písem Windows;C:\Windows\system32\svchost.exe [2008-01-18 22:33]
R2 FsUsbExService;FsUsbExService;C:\Windows\system32\FsUsbExService.Exe [2010-08-24 06:14]
R3 b57nd60x;%SvcDispName%;C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-18 19:25]
R3 dgderdrv;dgderdrv;C:\Windows\system32\drivers\dgderdrv.sys [2010-08-24 06:16]
R3 FsUsbExDisk;FsUsbExDisk;C:\Windows\system32\FsUsbExDisk.SYS [2010-08-24 06:14]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 13:16]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys [2010-07-20 11:38]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\system32\drivers\mbamswissarmy.sys [2012-01-08 13:26]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsu.sys [2009-10-06 10:56]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 03:25]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 03:25]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 03:25]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys [2010-07-20 11:38]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys [2010-07-20 11:38]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys [2010-07-20 11:38]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys [2010-07-20 11:38]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 13:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - (no file)
ShellIconOverlayIdentifiers-{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} - %SystemRoot%\system32\EhStorShell.dll
HKLM-Run-NPSStartup - (no file)



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-10 15:09:03
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2012-01-10 15:14:09
ComboFix-quarantined-files.txt 2012-01-10 14:13:55

Pre-Run: Volných bajtů: 16,188,469,248
Post-Run: Volných bajtů: 16,063,377,408

189 --- E O F --- 2012-01-10 13:42:27

[Roli]

Pro velký úspěch ještě jdnou, jen s jiným skriptem.

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

Folder::
C:\Program Files\ChristmasHolidayLaughs_4m
C:\Program Files\ChristmasHolidayLaughs_4mEI

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{70e20594-23f6-4311-b17a-8fa050be27fc}"=-
[-HKEY_CLASSES_ROOT\clsid\{70e20594-23f6-4311-b17a-8fa050be27fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4d280aa-92de-425e-b1ac-34367b5a8203}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf98c0c1-d033-482e-a9d0-eaa04d3ad595}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{31063c67-aa37-4949-a652-66368f707bb3}"=-

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[Milda86]

tak bohužel, druhý script mi tam spustit nejde. píše to: Warning! Do not run ComboFix in Compatibility Mode. Doing so may damage the machine.

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall případně ggffggiu /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Znovu stáhni a ulož na plochu ComboFix

a pak použij skript stejným způsobem znovu, klidně i v Nouzovém režimu.

[Milda86]

ComboFix 12-01-10.02 - Milda 11.01.2012 17:32:55.5.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.2037.910 [GMT 1:00]
Spuštěný z: c:\users\Milda\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Milda\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ChristmasHolidayLaughs_4m
c:\program files\ChristmasHolidayLaughs_4m\bar\1.bin\4mbar.dll
c:\program files\ChristmasHolidayLaughs_4m\bar\1.bin\4mSrcAs.dll
c:\program files\ChristmasHolidayLaughs_4m\bar\1.bin\T8RES.DLL
c:\program files\ChristmasHolidayLaughs_4mEI
c:\windows\system32\CF21297.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\muzapp.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-11 do 2012-01-11 )))))))))))))))))))))))))))))))
.
.
2012-01-11 16:46 . 2012-01-11 16:46 -------- dc----w- c:\users\Milda\AppData\Local\temp
2012-01-11 16:14 . 2011-12-24 12:19 161744 -c--a-w- c:\program files\4mres.dll
2012-01-11 16:14 . 2011-12-24 12:19 689552 -c--a-w- c:\program files\4mUninstall ChristmasHolidayLaughs.dll
2012-01-11 14:47 . 2012-01-11 14:47 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FF9B91F-B12D-480C-BFD1-5B62E33F42BD}\offreg.dll
2012-01-10 20:38 . 2012-01-10 20:38 -------- dc----w- C:\ggffggiu
2012-01-10 13:42 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FF9B91F-B12D-480C-BFD1-5B62E33F42BD}\mpengine.dll
2012-01-08 14:45 . 2012-01-08 14:55 -------- dc----w- C:\rsit
2011-12-19 16:04 . 2011-12-19 16:04 -------- dc----w- c:\programdata\HPSSUPPLY
2011-12-19 15:58 . 2011-12-19 15:58 -------- dc----w- c:\program files\Hewlett-Packard
2011-12-19 15:57 . 2011-12-19 16:03 -------- dc----w- c:\program files\Common Files\HP
2011-12-15 13:57 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 13:57 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 08:03 . 2011-11-03 22:40 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 19:38 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 19:38 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 19:38 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-14 19:38 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 19:37 . 2010-07-20 10:38 10216 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2011-12-14 19:37 . 2010-07-20 10:38 10216 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2011-12-14 19:37 . 2010-07-20 10:38 1416680 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2011-12-14 19:37 . 2010-07-20 10:38 1416680 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2011-12-14 19:37 . 2010-07-20 10:38 96488 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2011-12-14 19:37 . 2010-07-20 10:38 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2011-12-14 19:37 . 2010-07-20 10:38 121576 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2011-12-14 19:37 . 2010-07-20 10:38 10344 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2011-12-14 19:37 . 2010-07-20 10:38 10344 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2011-12-14 19:37 . 2010-07-20 10:38 98152 ----a-w- c:\windows\system32\drivers\ssadserd.sys
2011-12-14 19:37 . 2010-07-20 10:38 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2011-12-14 19:36 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 19:25 . 2010-04-27 02:25 98432 ----a-w- c:\windows\system32\drivers\ss_bbus.sys
2011-12-14 19:25 . 2010-04-27 02:25 14848 ----a-w- c:\windows\system32\drivers\ss_bmdfl.sys
2011-12-14 19:25 . 2010-04-27 02:25 12416 ----a-w- c:\windows\system32\drivers\ss_bcmnt.sys
2011-12-14 19:25 . 2010-04-27 02:25 12416 ----a-w- c:\windows\system32\drivers\ss_bcm.sys
2011-12-14 19:25 . 2010-04-27 02:25 123648 ----a-w- c:\windows\system32\drivers\ss_bmdm.sys
2011-12-14 19:25 . 2010-04-27 02:25 12288 ----a-w- c:\windows\system32\drivers\ss_bwhnt.sys
2011-12-14 19:25 . 2010-04-27 02:25 12288 ----a-w- c:\windows\system32\drivers\ss_bwh.sys
2011-12-14 19:05 . 2011-12-14 19:07 -------- dc----w- c:\programdata\Samsung
2011-12-14 19:03 . 2011-12-14 19:05 -------- dc----w- c:\program files\Common Files\Samsung
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-08 12:26 . 2010-10-28 15:15 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-10 14:24 . 2010-10-28 15:15 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-06 15:36 . 2011-11-06 15:36 161792 ----a-w- c:\windows\system32\msls31.dll
2011-11-06 15:36 . 2011-11-06 15:36 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-11-06 15:36 . 2011-11-06 15:36 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-06 15:36 . 2011-11-06 15:36 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-11-06 15:36 . 2011-11-06 15:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-11-06 15:36 . 2011-11-06 15:36 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-11-06 15:36 . 2011-11-06 15:36 367104 ----a-w- c:\windows\system32\html.iec
2011-11-06 15:36 . 2011-11-06 15:36 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-11-06 15:36 . 2011-11-06 15:36 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-06 15:36 . 2011-11-06 15:36 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-11-06 15:36 . 2011-11-06 15:36 152064 ----a-w- c:\windows\system32\wextract.exe
2011-11-06 15:36 . 2011-11-06 15:36 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-11-06 15:36 . 2011-11-06 15:36 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-06 15:36 . 2011-11-06 15:36 11776 ----a-w- c:\windows\system32\mshta.exe
2011-11-06 15:36 . 2011-11-06 15:36 101888 ----a-w- c:\windows\system32\admparse.dll
2011-11-06 15:36 . 2011-11-06 15:36 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-11-06 15:36 . 2011-11-06 15:36 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-01 215552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.252 10.0.0.254
FF - ProfilePath - c:\users\Milda\AppData\Roaming\Mozilla\Firefox\Profiles\cpuvkxiv.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=0A2520DC-CDC3-4027-B4A0-D129F5E28192&n=77df4bb1&ind=2011122609&id=9Uxdm007YYcz&ptnrS=9Uxdm007YYcz&searchfor=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - c:\program files\Mozilla Firefox\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-11 17:46
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1187109235-2803622219-269265546-1000\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:00000020
.
[HKEY_USERS\S-1-5-21-1187109235-2803622219-269265546-1000\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000003
"State"=dword:0000000b
.
[HKEY_USERS\S-1-5-21-1187109235-2803622219-269265546-1000\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000002
"State"=dword:0000000b
.
[HKEY_USERS\S-1-5-21-1187109235-2803622219-269265546-1000\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2012-01-11 17:54:38
ComboFix-quarantined-files.txt 2012-01-11 16:54
ComboFix2.txt 2012-01-10 14:14
.
Před spuštěním: Volných bajtů: 16 891 838 464
Po spuštění: Volných bajtů: 16 870 428 672
.
- - End Of File - - E96C0DDD9CB1628ECC794D8CFAD193F4

[Roli]

Kde se ti tam ten nepořádek bere ?


Tak ještě jednou si otevři Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

File::
c:\program files\4mUninstall ChristmasHolidayLaughs.dll

Folder::
c:\program files\4mUninstall ChristmasHolidayLaughs.dll
C:\ggffggiu

FireFox::
FF - ProfilePath - c:\users\Milda\AppData\Roaming\Mozilla\Firefox\Profiles\cpuvkxiv.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsear ... searchfor=

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci