prosím o kontrolu logu.Náhlé zamrzání prohlížeče FF15.

[hujcza]

Dobrý večer ,prosím o kontrolu logu .už tři dny mi vzdy po 10-15 min zamrzna FF ( i po přeinstalovaní).a Microsoft Sec. Essentials nalezl tyto 4 potvory: 1.Trojandropper:win32/Vundo.H
2.- 3.virtool:win32/ceeInject.cx
4.trojanclicker:win32/yabector.gen

Vše jsem dal odstranit ale FF zase po 10min zamrzla .
log je zde: Děkuji. Radek

Logfile of random's system information tool 1.09 (written by random/random)
Run by hujCZAdmin at 2012-09-26 22:00:03
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (16%) free of 114 GB
Total RAM: 2048 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:01:01, on 26.9.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\windows\system32\svchost.exe
C:\windows\System32\ups.exe
C:\Program Files\VIA\RAID\vialogsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\windows\system32\rundll32.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Documents and Settings\All Users\Data aplikací\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\hujCZAdmin\Plocha\PC TESTING (kvůli vypínani PC\RSIT\RSIT.exe
C:\Program Files\trend micro\hujCZAdmin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [VIARaidUtl] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\Documents and Settings\All Users\Data aplikací\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: REALTEK 11n USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {98B23776-D845-49B4-876F-32486810E89C} (Video Web Phone Installer) - http://160.218.160.89/Install/VWPSetup.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VRAID Log Service - Unknown owner - C:\Program Files\VIA\RAID\vialogsv.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/hujCZAdmin/Dokumenty/Stažen%E9%20soubory/goldfish1_1024%20(Custom).jpg

--
End of file - 9063 bytes

======Scheduled tasks folder======

C:\windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
C:\windows\tasks\Adobe Flash Player Updater.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\Microsoft Antimalware Scheduled Scan.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\hujCZAdmin\Data aplikací\Mozilla\Firefox\Profiles\6nlioq0v.default

prefs.js - "browser.startup.homepage" - "http://www.centrum.cz/?utm_source=ch-to ... paign=home"
prefs.js - "extensions.enabledItems" - "{53A03D43-5363-4669-8190-99061B2DEBA5}:1.4.1, {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8, {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2, {5C46D283-ABDE-4dce-B83C-08881401921C}:2.1.5, {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.7, {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, toolbar@ask.com:3.11.3.15590, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9, pdfforge@mybrowserbar.com:4.3, wtxpcom@mybrowserbar.com:4.3, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://search.centrum.cz/?charset=UTF-8 ... toolbar-ff, search-web&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}"=C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.278 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
msservice.js
nsILegitCheckPlugin.xpt
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npLegitCheckPlugin.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml

C:\Documents and Settings\hujCZAdmin\Data aplikací\Mozilla\Firefox\Profiles\6nlioq0v.default\searchplugins\
icq-search.xml
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.xml
sfd.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
Ad-Aware Security Toolbar - C:\Program Files\adawaretb\adawareDx.dll [2012-04-11 87440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-09-09 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-09-09 157672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{6c97a91e-4524-4019-86af-2aa2d567bf5c} - Ad-Aware Security Toolbar - C:\Program Files\adawaretb\adawareDx.dll [2012-04-11 87440]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-05-05 143360]
"VIARaidUtl"=C:\Program Files\VIA\RAID\raid_tool.exe [2009-02-19 4918936]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=nwiz.exe /install []
"Synchronization Manager"=C:\windows\system32\mobsync.exe [2008-04-14 143872]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"NPSStartup"= []
"NVCLOCK"=rundll32 nvclock.dll,fnNvclock []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-03-27 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2012-03-26 931200]
"Ad-Aware Browsing Protection"=C:\Documents and Settings\All Users\Data aplikací\Ad-Aware Browsing Protection\adawarebp.exe [2011-10-21 198032]
"Ad-Aware Antivirus"=C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher --windows-run []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\PROGRA~1\MICROS~4\wcescomm.exe [2006-11-13 1289000]
"NokiaOviSuite2"=C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2011-07-21 966712]
""= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileUploader]
C:\Documents and Settings\hujCZAdmin\Plocha\SRDownloader.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2011-03-22 74752]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
REALTEK 11n USB Wireless LAN Utility.lnk - C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe

C:\Documents and Settings\hujCZAdmin\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe"="C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan"
"C:\Program Files\adawaretb\dtUser.exe"="C:\Program Files\adawaretb\dtUser.exe:*:Enabled:Ad-Aware Security Toolbar DTX Broker"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MIDI1"=SYNCOR11.DLL
"vidc.tscc"=tsccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux4"=wdmaud.drv
"wave6"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux5"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll

======List of files/folders created in the last 1 month======

2012-09-26 22:00:04 ----D---- C:\Program Files\trend micro
2012-09-26 22:00:03 ----D---- C:\rsit
2012-09-26 20:11:25 ----D---- C:\Documents and Settings\hujCZAdmin\Data aplikací\Malwarebytes
2012-09-26 20:10:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2012-09-26 20:09:55 ----A---- C:\windows\system32\drivers\mbam.sys
2012-09-26 20:09:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-09-25 16:14:59 ----D---- C:\Documents and Settings\hujCZAdmin\Data aplikací\Disruptive Innovations SARL
2012-09-24 22:42:56 ----HDC---- C:\windows\$NtUninstallKB2744842$
2012-09-14 14:23:55 ----HDC---- C:\windows\$NtUninstallKB2736233$
2012-09-09 17:58:02 ----D---- C:\Program Files\Common Files\Java
2012-09-09 17:57:31 ----A---- C:\windows\system32\javaws.exe
2012-09-09 17:57:19 ----A---- C:\windows\system32\WindowsAccessBridge.dll
2012-09-09 17:57:19 ----A---- C:\windows\system32\javaw.exe
2012-09-09 17:57:19 ----A---- C:\windows\system32\java.exe
2012-09-08 15:04:15 ----D---- C:\Documents and Settings\hujCZAdmin\Data aplikací\Sublime Text 2
2012-09-08 15:04:02 ----D---- C:\Program Files\Sublime Text 2
2012-09-07 10:37:33 ----D---- C:\joomla
2012-09-07 05:21:26 ----D---- C:\Documents and Settings\hujCZAdmin\Data aplikací\FileZilla
2012-09-07 01:58:32 ----D---- C:\wamp
2012-09-06 23:02:24 ----D---- C:\ENDORA hosting
2012-09-06 19:19:17 ----D---- C:\Program Files\FileZilla FTP Client
2012-09-06 17:29:07 ----D---- C:\HUJCZA_HOWTO_CZ
2012-09-05 17:55:11 ----D---- C:\Program Files\7-Zip
2012-09-04 19:02:16 ----D---- C:\hujcza99-own-cz_WEB
2012-08-27 18:19:22 ----D---- C:\wordpress
2012-08-27 18:17:47 ----D---- C:\hujcza_ic_web

======List of files/folders modified in the last 1 month======

2012-09-26 22:00:20 ----D---- C:\windows\Prefetch
2012-09-26 22:00:04 ----RD---- C:\Program Files
2012-09-26 21:59:19 ----D---- C:\windows\Temp
2012-09-26 21:34:08 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-09-26 21:33:57 ----D---- C:\Program Files\Mozilla Firefox
2012-09-26 21:18:52 ----SD---- C:\windows\Tasks
2012-09-26 21:15:54 ----D---- C:\WINDOWS
2012-09-26 21:15:54 ----A---- C:\windows\RTacDbg.txt
2012-09-26 21:09:40 ----D---- C:\windows\system32\CatRoot2
2012-09-26 21:08:21 ----D---- C:\windows\system32\drivers
2012-09-26 21:08:21 ----D---- C:\windows\system32
2012-09-26 21:04:57 ----A---- C:\windows\SchedLgU.Txt
2012-09-26 21:02:44 ----HDC---- C:\windows\$NtUninstallKB2183461$
2012-09-26 19:51:36 ----SHD---- C:\System Volume Information
2012-09-26 19:51:36 ----D---- C:\windows\system32\Restore
2012-09-26 10:56:14 ----D---- C:\windows\Debug
2012-09-26 10:40:52 ----D---- C:\Documents and Settings\hujCZAdmin\Data aplikací\Winamp
2012-09-26 10:39:02 ----D---- C:\windows\Logs
2012-09-26 10:39:01 ----D---- C:\windows\Minidump
2012-09-26 10:32:30 ----D---- C:\Program Files\CCleaner
2012-09-24 22:51:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Ad-Aware Browsing Protection
2012-09-24 22:43:19 ----HD---- C:\windows\inf
2012-09-24 22:43:08 ----RSHDC---- C:\windows\system32\dllcache
2012-09-24 22:41:59 ----D---- C:\windows\system32\CatRoot
2012-09-22 18:35:53 ----D---- C:\Documents and Settings\hujCZAdmin\Data aplikací\Adobe
2012-09-22 13:23:14 ----HD---- C:\windows\$hf_mig$
2012-09-21 03:49:24 ----A---- C:\windows\system32\FlashPlayerApp.exe
2012-09-18 01:18:05 ----SHD---- C:\windows\Installer
2012-09-14 14:05:10 ----A---- C:\windows\system32\MRT.exe
2012-09-09 20:01:47 ----D---- C:\Documents and Settings\hujCZAdmin\Data aplikací\PSpad
2012-09-09 18:52:03 ----D---- C:\Program Files\css-menu
2012-09-09 17:58:05 ----SHD---- C:\Config.Msi
2012-09-09 17:58:02 ----D---- C:\Program Files\Common Files
2012-09-09 17:56:37 ----A---- C:\windows\system32\npDeployJava1.dll
2012-09-09 17:56:37 ----A---- C:\windows\system32\deployJava1.dll
2012-09-09 17:56:29 ----D---- C:\Program Files\Java
2012-09-06 19:36:32 ----D---- C:\windows\Help
2012-09-05 17:06:33 ----D---- C:\TEMP
2012-09-05 03:38:19 ----D---- C:\Documents and Settings\hujCZAdmin\Data aplikací\Ad-Aware Antivirus
2012-09-01 20:22:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2012-08-30 22:33:31 ----A---- C:\windows\system32\wininet.dll
2012-08-30 22:33:31 ----A---- C:\windows\system32\urlmon.dll
2012-08-30 22:33:31 ----A---- C:\windows\system32\url.dll
2012-08-30 22:33:30 ----A---- C:\windows\system32\shdocvw.dll
2012-08-30 22:33:30 ----A---- C:\windows\system32\mstime.dll
2012-08-30 22:33:30 ----A---- C:\windows\system32\mshtmled.dll
2012-08-30 22:33:30 ----A---- C:\windows\system32\mshtml.dll
2012-08-30 22:33:29 ----A---- C:\windows\system32\iepeers.dll
2012-08-30 22:33:29 ----A---- C:\windows\system32\ieencode.dll
2012-08-30 22:33:29 ----A---- C:\windows\system32\browseui.dll
2012-08-27 20:19:52 ----D---- C:\Documents and Settings\hujCZAdmin\Data aplikací\GHISLER

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\windows\system32\DRIVERS\MpFilter.sys [2012-03-20 171064]
R0 PxHelp20;PxHelp20; C:\windows\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 viaagp1;VIA AGP Filter; C:\windows\system32\DRIVERS\viaagp1.sys [2003-07-02 27904]
R0 viamraid;viamraid; C:\windows\system32\DRIVERS\viamraid.sys [2008-07-09 117248]
R0 videX32;videX32; C:\windows\system32\DRIVERS\videX32.sys [2009-05-05 13976]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 AmdK7;Ovladač procesoru AMD K7; C:\windows\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 DumaNT;NVIDIA Stereo Helper Service; C:\windows\system32\DRIVERS\dumant.sys [2002-11-18 399700]
R1 MpKsl2ac9ac36;MpKsl2ac9ac36; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{8206FC36-2CEC-4DE4-8281-5B42C220167F}\MpKsl2ac9ac36.sys []
R1 nvport;NVIDIA PORT IO Control Driver; \??\C:\WINDOWS\system32\Drivers\nvport.sys []
R1 sbaphd;sbaphd; C:\windows\system32\drivers\sbaphd.sys [2011-11-29 21240]
R1 SbFw;SbFw; C:\windows\system32\drivers\SbFw.sys [2011-12-19 335224]
R1 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
R1 sbtis;sbtis; C:\windows\system32\drivers\sbtis.sys [2011-12-19 217976]
R1 StarOpen;StarOpen; C:\windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\windows\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 tidnet;TID NDIS Protocol Driver; C:\windows\system32\DRIVERS\tidnet.sys [2009-09-15 19200]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\windows\system32\DRIVERS\AegisP.sys [2012-04-24 21361]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\windows\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\windows\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\windows\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R2 sbapifs;sbapifs; C:\windows\system32\drivers\sbapifs.sys [2011-11-29 77816]
R3 aeaudio;aeaudio; C:\windows\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 BthEnum;Služba Bluetooth Enumerator; C:\windows\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
R3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\windows\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\windows\system32\DRIVERS\fetnd5b.sys [2003-09-04 41984]
R3 MBAMProtector;MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys []
R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 NWRDR;NetWare Rdr; C:\windows\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 pfc;Padus ASPI Shell; C:\windows\system32\drivers\pfc.sys [2006-03-29 9856]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\windows\system32\DRIVERS\RTL8192su.sys [2010-03-10 602912]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport; C:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 94584]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\windows\system32\DRIVERS\seehcri.sys [2010-09-20 27632]
R3 smwdm;smwdm; C:\windows\system32\drivers\smwdm.sys [2003-07-15 578368]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\windows\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\windows\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VGAUTI;VGAUTI; \??\C:\WINDOWS\system32\DRIVERS\VGAUTI.sys []
S0 uagp35;Filtr Microsoft AGPv3.5; C:\windows\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
S0 viasraid;viasraid; C:\windows\system32\DRIVERS\viasraid.sys [2003-10-31 77312]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\windows\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 CCDECODE;Dekodér Closed Caption; C:\windows\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\windows\System32\Drivers\SQcaptur.sys [2003-01-10 30921]
S3 dot4;Ovladač MS IEEE-1284.4; C:\windows\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\windows\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\windows\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\windows\system32\DRIVERS\fetnd5bv.sys [2008-09-22 43520]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\windows\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 ggflt;SEMC USB Flash Driver Filter; C:\windows\system32\DRIVERS\ggflt.sys [2010-09-20 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\windows\system32\DRIVERS\ggsemc.sys [2010-09-20 25512]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 grmnusb;Garmin USB Driver; C:\windows\system32\drivers\grmnusb.sys [2009-04-17 9344]
S3 HidBth;Miniport Bluetooth HID Microsoft; C:\windows\system32\DRIVERS\hidbth.sys [2008-04-14 25600]
S3 HidUsb;Ovladač třídy standardu HID; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\windows\system32\DRIVERS\ewdcsc.sys [2008-09-26 24448]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys [2008-09-26 101376]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 100736]
S3 motccgp;Motorola USB Composite Device Driver; C:\windows\system32\DRIVERS\motccgp.sys []
S3 motccgpfl;MotCcgpFlService; C:\windows\system32\DRIVERS\motccgpfl.sys []
S3 MotDev;Motorola Inc. USB Device; C:\windows\system32\DRIVERS\motodrv.sys []
S3 motmodem;Motorola USB CDC ACM Driver; C:\windows\system32\DRIVERS\motmodem.sys []
S3 motport;Motorola USB Diagnostic Port; C:\windows\system32\DRIVERS\motport.sys []
S3 mouhid;Ovladač myši standardu HID; C:\windows\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\windows\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\windows\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Ovladač programu Sledování sítě; C:\windows\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfd.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\windows\System32\Drivers\RootMdm.sys [2001-10-25 5888]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\windows\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\windows\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\windows\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\windows\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\windows\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\windows\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\windows\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
S3 s125bus;Sony Ericsson Device 125 driver (WDM); C:\windows\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter; C:\windows\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver; C:\windows\system32\DRIVERS\s125mdm.sys [2007-04-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM); C:\windows\system32\DRIVERS\s125mgmt.sys [2007-04-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface; C:\windows\system32\DRIVERS\s125obex.sys [2007-04-24 98696]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\Sandra.sys []
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service; C:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 94584]
S3 sbhips;sbhips; C:\windows\system32\drivers\sbhips.sys [2011-12-19 93816]
S3 SLIP;BDA Slip De-Framer; C:\windows\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\windows\system32\DRIVERS\serscan.sys [2001-10-24 6784]
S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usb_rndisx;Adaptér USB RNDIS; C:\windows\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\windows\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2008-04-13 26112]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\windows\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\windows\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\windows\system32\svchost.exe [2008-04-14 14336]
R2 Ad-Aware Service;Ad-Aware Service; C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe [2012-05-03 1226096]
R2 BthServ;Bluetooth Support Service; C:\windows\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2012-09-09 161768]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-03-26 11552]
R2 NVSvc;NVIDIA Display Driver Service; C:\windows\system32\nvsvc32.exe [2008-05-16 159812]
R2 NWCWorkstation;Klient systému NetWare; C:\windows\system32\svchost.exe [2008-04-14 14336]
R2 NwSapAgent;Agent SAP; C:\windows\system32\svchost.exe [2008-04-14 14336]
R2 SBAMSvc;Ad-Aware; C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 VRAID Log Service;VRAID Log Service; C:\Program Files\VIA\RAID\vialogsv.exe [2008-09-24 52888]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-08 136176]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-03-13 72704]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-08 136176]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LPDSVC;Tiskový server TCP/IP; C:\windows\system32\tcpsvcs.exe [2001-10-25 19456]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-08 114144]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe [2009-08-17 99176]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe [2012-05-13 18432]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [2012-04-19 8177664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[hujcza]

a zde je jeste log z MBAM jestli to pomůže.

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.0.1400
www.malwarebytes.org

Verze databáze: v2012.09.26.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
hujCZAdmin :: DESKTOP1 [administrátor]

Ochrana: Povolena

26.9.2012 20:37:52
mbam-log-2012-09-26 (21-00-43).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 252028
Uplynulý čas: 17 minut, 49 sekund

Nalezené procesy v paměti: 1
C:\WINDOWS\system32\WinSys.exe (Trojan.Agent) -> 3944 -> Žádná instrukce nebyla provedena.

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WinSys (Trojan.Agent) -> Data: C:\WINDOWS\system32\WinSys.exe -> Žádná instrukce nebyla provedena.

Nalezené datové položky v registru: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Špatný: (0) Dobrý: (1) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Špatný: (1) Dobrý: (0) -> Žádná instrukce nebyla provedena.

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\WINDOWS\system32\WinSys.exe (Trojan.Agent) -> Žádná instrukce nebyla provedena.

(konec)

[vyosek]

Zdravim a pekny vecer preji
Vas log se studuje a pracuje se na nem .
Prosim o strpeni!

[vyosek]

Odinstalujte Lavasoft Ad-Aware Antivirus jelikoz koliduje s MSE

Nalezy MBAMu smazte

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Pockejte na dokonceni PreScanu
• Zvolte moznost Prohledat (scan)
• Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte
• Detailni postup vc. obrazku mate zde http://forum.viry.cz/viewtopic.php?f=24&t=120452

[hujcza]

Moc děkuji. Vše jsem provedl. Zde je log Rkilleru : (btw MbAM uz nic znovu nenasel )

RogueKiller V8.0.5 [09/23/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : hujCZAdmin [Práva správce]
Mód : Kontrola -- Datum : 09/26/2012 23:21:05

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD1200JB-00GVC0 +++++
--- User ---
[MBR] 1b0f12ca4bb516418ea0f41ffc2f1aec
[BSP] 1dad5075badfb52f5889ab02e8675a3e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114463 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: USB 2.0 Flash Disk USB Device +++++
--- User ---
[MBR] 1782f82cd7cb65426baf8f206d64ad18
[BSP] 9bdb69fb7b184e5fc0a3f1b49607bd53 : Standard MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 247 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[1].txt >>
RKreport[1].txt

[vyosek]

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[hujcza]

Dobrý den.Omlouvám se za prodlevu .Zde je ten log z ComboFix: (btw: při tom bodu zotavení mi to vyhodilo hlášku "spoštěcí oddíl se nepodařilo načíst! ". jinak vše jako na odkazu: .../jak-použít-combofix )

ComboFix 12-09-27.03 - hujCZAdmin 27.09.2012 18:45:04.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2048.1436 [GMT 2:00]
Spuštěný z: c:\documents and settings\hujCZAdmin\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\hujCZAdmin\WINDOWS
c:\windows\system\PHONETIC.FON
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\SET190.tmp
c:\windows\system32\SET194.tmp
c:\windows\system32\SET19C.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\VIRepair
c:\windows\system32\VIRepair\vi.sif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-27 do 2012-09-27 )))))))))))))))))))))))))))))))
.
.
2012-09-26 21:34 . 2012-09-26 21:34 56200 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C7A421D2-A892-433B-BB27-3DDE1F20EA34}\offreg.dll
2012-09-26 21:20 . 2012-09-26 21:20 29904 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C7A421D2-A892-433B-BB27-3DDE1F20EA34}\MpKsl71e713c6.sys
2012-09-26 21:12 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C7A421D2-A892-433B-BB27-3DDE1F20EA34}\mpengine.dll
2012-09-26 20:57 . 2012-09-26 20:57 -------- d-----w- c:\documents and settings\All Users\Data aplikací\GFI Software
2012-09-26 20:00 . 2012-09-26 20:01 -------- d-----w- c:\program files\trend micro
2012-09-26 20:00 . 2012-09-26 20:01 -------- d-----w- C:\rsit
2012-09-26 19:34 . 2012-09-06 01:26 266720 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-09-26 19:34 . 2012-09-06 04:26 884896 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2012-09-26 18:11 . 2012-09-26 18:11 -------- d-----w- c:\documents and settings\hujCZAdmin\Data aplikací\Malwarebytes
2012-09-26 18:10 . 2012-09-26 18:10 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-09-26 18:09 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-26 18:09 . 2012-09-26 18:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-25 20:59 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-25 14:14 . 2012-09-25 14:14 -------- d-----w- c:\documents and settings\hujCZAdmin\Local Settings\Data aplikací\Disruptive Innovations SARL
2012-09-25 14:14 . 2012-09-25 14:14 -------- d-----w- c:\documents and settings\hujCZAdmin\Data aplikací\Disruptive Innovations SARL
2012-09-09 15:58 . 2012-09-09 15:58 -------- d-----w- c:\program files\Common Files\Java
2012-09-09 15:57 . 2012-09-09 15:56 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-08 13:04 . 2012-09-08 13:04 -------- d-----w- c:\documents and settings\hujCZAdmin\Data aplikací\Sublime Text 2
2012-09-08 13:04 . 2012-09-08 13:05 -------- d-----w- c:\program files\Sublime Text 2
2012-09-07 08:37 . 2012-09-07 08:37 -------- d-----w- C:\joomla
2012-09-07 03:21 . 2012-09-26 08:40 -------- d-----w- c:\documents and settings\hujCZAdmin\Data aplikací\FileZilla
2012-09-06 23:58 . 2012-09-09 18:06 -------- d-----w- C:\wamp
2012-09-06 21:02 . 2012-09-06 21:03 -------- d-----w- C:\ENDORA hosting
2012-09-06 17:19 . 2012-09-06 17:19 -------- d-----w- c:\program files\FileZilla FTP Client
2012-09-06 15:29 . 2012-09-06 18:56 -------- d-----w- C:\HUJCZA_HOWTO_CZ
2012-09-05 15:55 . 2012-09-05 15:55 -------- d-----w- c:\program files\7-Zip
2012-09-04 17:02 . 2012-09-06 18:46 -------- d-----w- C:\hujcza99-own-cz_WEB
2012-08-29 19:08 . 2012-09-06 01:24 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 01:49 . 2012-06-06 10:24 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 01:49 . 2011-07-19 01:26 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-09 15:56 . 2011-04-14 11:45 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-09 15:56 . 2012-05-19 15:17 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-09 15:56 . 2010-10-18 04:11 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-30 20:33 . 2004-08-17 13:49 668160 ----a-w- c:\windows\system32\wininet.dll
2012-08-30 20:33 . 2004-08-03 20:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-08-30 20:33 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-08-30 20:30 . 2004-08-17 13:44 370176 ----a-w- c:\windows\system32\html.iec
2012-07-06 13:58 . 2004-08-17 13:49 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2010-03-07 01:30 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2004-08-17 13:44 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-09-06 01:26 . 2012-09-26 19:34 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 1946837F8AB4A7B2A0C326A10C30E322 . 1432576 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 1946837F8AB4A7B2A0C326A10C30E322 . 1432576 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-17 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . 267ECE3D3F4017D27DF08B41688277B6 . 231424 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 267ECE3D3F4017D27DF08B41688277B6 . 231424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[7] 2004-08-17 . CB5A91928D94224E7E30EE277B45E8A3 . 147968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2008-04-14 . 8D02B079A2C8C080ECFCBFF07E2B6703 . 175616 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2004-08-17 . 63E527C26AC3059EAD766C6C11746D07 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-04-11 20:08 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2012-04-11 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\progra~1\MICROS~4\wcescomm.exe" [2006-11-13 1289000]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-07-21 966712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"VIARaidUtl"="c:\program files\VIA\RAID\raid_tool.exe" [2009-02-19 4918936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NVCLOCK"="nvclock.dll" [2003-04-14 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Data aplikací\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\hujCZAdmin\Nabídka Start\Programy\Po spuštění\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
REALTEK 11n USB Wireless LAN Utility.lnk - c:\program files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe [2012-5-14 937984]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 12:01 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-22 18:37 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\REALTEK\\11n USB Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\adawaretb\\dtUser.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\windows\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
.
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [7.3.2010 3:48 77312]
R1 MpKsl71e713c6;MpKsl71e713c6;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C7A421D2-A892-433B-BB27-3DDE1F20EA34}\MpKsl71e713c6.sys [26.9.2012 23:20 29904]
R1 tidnet;TID NDIS Protocol Driver;c:\windows\system32\drivers\tidnet.sys [15.9.2009 11:51 19200]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [14.5.2012 17:32 602912]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [20.9.2010 7:34 27632]
R3 VGAUTI;VGAUTI;c:\windows\system32\drivers\vgauti.sys [6.5.2010 20:17 39208]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8.5.2010 22:15 136176]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [26.9.2012 20:09 676936]
S2 VRAID Log Service;VRAID Log Service;c:\program files\VIA\RAID\vialogsv.exe [6.5.2010 0:48 52888]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6.6.2012 12:24 250288]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [13.11.2010 5:14 36608]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [20.9.2010 7:34 13224]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8.5.2010 22:15 136176]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [23.4.2011 13:57 24448]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [14.9.2010 6:27 100736]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.9.2012 20:09 22856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys --> c:\windows\system32\DRIVERS\motport.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [19.6.2012 13:40 114144]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [4.1.2011 9:15 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [4.1.2011 9:15 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [4.1.2011 9:15 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [4.1.2011 9:15 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [4.1.2011 9:15 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [4.1.2011 9:15 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [4.1.2011 9:15 115752]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe [8.9.2010 18:46 99176]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MPKSL71E713C6
*NewlyCreated* - TRUESIGHT
*Deregistered* - MBAMSwissArmy
*Deregistered* - TrueSight
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 01:49]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-08 20:15]
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-08 20:15]
.
2012-09-26 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 15:03]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
DPF: {98B23776-D845-49B4-876F-32486810E89C} - hxxp://160.218.160.89/Install/VWPSetup.cab
FF - ProfilePath - c:\documents and settings\hujCZAdmin\Data aplikací\Mozilla\Firefox\Profiles\6nlioq0v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - prefs.js: browser.search.selectedEngine - Centrum.cz
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/?utm_source=ch-toolbar&u ... paign=home
FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/?charset=UTF-8&channel_id=ch-toolbar-ff,search-web&q=
FF - prefs.js: network.proxy.type - 4
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-NPSStartup - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-FileUploader - c:\documents and settings\hujCZAdmin\Plocha\SRDownloader.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-27 18:53
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
VIARaidUtl = c:\program files\VIA\RAID\raid_tool.exe?cha\VIA_Hy
NVCLOCK = rundll32 nvclock.dll,fnNvclock????????????????????????7~l???f? ?f???E???x? ??? ?? ?f???f???d??????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\cscui.dll
.
Celkový čas: 2012-09-27 18:56:04
ComboFix-quarantined-files.txt 2012-09-27 16:56
.
Před spuštěním: Volných bajtů: 18 934 284 288
Po spuštění: Volných bajtů: 20 768 911 360
.
- - End Of File - - 800ABFEC7AAEF8261DFC3ED1BED4DEA7

[vyosek]

Aplikujte tohle http://www.securitystronghold.com/gates ... alTool.exe

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  FCopy::
  c:\windows\$NtServicePackUninstall$\explorer.exe | c:\windows\explorer.exe
  c:\windows\$NtServicePackUninstall$\explorer.exe | c:\windows\ServicePackFiles\i386\explorer.exe
  c:\windows\$NtServicePackUninstall$\regedit.exe | c:\windows\regedit.exe
  c:\windows\$NtServicePackUninstall$\regedit.exe | c:\windows\ServicePackFiles\i386\regedit.exe
  c:\windows\$NtServicePackUninstall$\iexplore.exe | c:\windows\ServicePackFiles\i386\iexplore.exe
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "NokiaOviSuite2"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "NokiaMServer"=-
  "QuickTime Task"=-
  "DivXUpdate"=-
  "Adobe Reader Speed Launcher"=-
  "Adobe ARM"=-
  "SunJavaUpdateSched"=-
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileUploader]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
  
  Driver::
  gupdate
  gupdatem
  
  File::
  c:\windows\Tasks\Adobe Flash Player Updater.job
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  
  Firefox::
  FF - ProfilePath - c:\documents and settings\hujCZAdmin\Data aplikací\Mozilla\Firefox\Profiles\6nlioq0v.default\
  FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_result ... r=1.3.3&q=
  FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/?utm_source=ch-to ... paign=home
  FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/?charset=UTF-8 ... rch-web&q=
  FF - prefs.js: network.proxy.type - 4
  
  RegLock::
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[hujcza]

dobrý den.tajže adaware removing tool jsem spustil.Ale po tom automatickém scanu a po výpisu souborů a povolbě (next) -> mi to nabídlo pouze možnost nějaké koupě produktu nebo (cancel) ,takže jsem dal cancel a netuším zda to teda něco remove-lo.
a zde je následny log z Combofixu :

ComboFix 12-09-27.03 - hujCZAdmin 28.09.2012 11:00:51.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2048.1532 [GMT 2:00]
Spuštěný z: c:\documents and settings\hujCZAdmin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\hujCZAdmin\Plocha\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\$NtServicePackUninstall$\explorer.exe --> c:\windows\explorer.exe
c:\windows\$NtServicePackUninstall$\explorer.exe --> c:\windows\ServicePackFiles\i386\explorer.exe
c:\windows\$NtServicePackUninstall$\regedit.exe --> c:\windows\regedit.exe
c:\windows\$NtServicePackUninstall$\regedit.exe --> c:\windows\ServicePackFiles\i386\regedit.exe
c:\windows\$NtServicePackUninstall$\iexplore.exe --> c:\windows\ServicePackFiles\i386\iexplore.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-28 do 2012-09-28 )))))))))))))))))))))))))))))))
.
.
2012-09-27 22:50 . 2011-02-17 16:26 81920 ----a-w- c:\windows\eSellerateControl350.dll
2012-09-27 22:50 . 2011-02-17 16:26 356352 ----a-w- c:\windows\eSellerateEngine.dll
2012-09-27 22:50 . 2012-09-28 08:29 -------- d-----w- c:\program files\Adaware Removal Tool
2012-09-27 21:11 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4AA4DD71-A4CC-4CCF-9042-9AA13EBDA854}\mpengine.dll
2012-09-27 17:52 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-26 20:57 . 2012-09-26 20:57 -------- d-----w- c:\documents and settings\All Users\Data aplikací\GFI Software
2012-09-26 20:00 . 2012-09-26 20:01 -------- d-----w- c:\program files\trend micro
2012-09-26 20:00 . 2012-09-26 20:01 -------- d-----w- C:\rsit
2012-09-26 19:34 . 2012-09-06 01:26 266720 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-09-26 19:34 . 2012-09-06 04:26 884896 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2012-09-26 18:11 . 2012-09-26 18:11 -------- d-----w- c:\documents and settings\hujCZAdmin\Data aplikací\Malwarebytes
2012-09-26 18:10 . 2012-09-26 18:10 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-09-26 18:09 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-26 18:09 . 2012-09-26 18:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-25 14:14 . 2012-09-25 14:14 -------- d-----w- c:\documents and settings\hujCZAdmin\Local Settings\Data aplikací\Disruptive Innovations SARL
2012-09-25 14:14 . 2012-09-25 14:14 -------- d-----w- c:\documents and settings\hujCZAdmin\Data aplikací\Disruptive Innovations SARL
2012-09-09 15:58 . 2012-09-09 15:58 -------- d-----w- c:\program files\Common Files\Java
2012-09-09 15:57 . 2012-09-09 15:56 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-08 13:04 . 2012-09-08 13:04 -------- d-----w- c:\documents and settings\hujCZAdmin\Data aplikací\Sublime Text 2
2012-09-08 13:04 . 2012-09-08 13:05 -------- d-----w- c:\program files\Sublime Text 2
2012-09-07 08:37 . 2012-09-07 08:37 -------- d-----w- C:\joomla
2012-09-07 03:21 . 2012-09-26 08:40 -------- d-----w- c:\documents and settings\hujCZAdmin\Data aplikací\FileZilla
2012-09-06 23:58 . 2012-09-09 18:06 -------- d-----w- C:\wamp
2012-09-06 21:02 . 2012-09-06 21:03 -------- d-----w- C:\ENDORA hosting
2012-09-06 17:19 . 2012-09-06 17:19 -------- d-----w- c:\program files\FileZilla FTP Client
2012-09-06 15:29 . 2012-09-06 18:56 -------- d-----w- C:\HUJCZA_HOWTO_CZ
2012-09-05 15:55 . 2012-09-05 15:55 -------- d-----w- c:\program files\7-Zip
2012-09-04 17:02 . 2012-09-06 18:46 -------- d-----w- C:\hujcza99-own-cz_WEB
2012-08-29 19:08 . 2012-09-06 01:24 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 01:49 . 2012-06-06 10:24 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 01:49 . 2011-07-19 01:26 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-09 15:56 . 2011-04-14 11:45 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-09 15:56 . 2012-05-19 15:17 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-09 15:56 . 2010-10-18 04:11 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-30 20:33 . 2004-08-17 13:49 668160 ----a-w- c:\windows\system32\wininet.dll
2012-08-30 20:33 . 2004-08-03 20:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-08-30 20:33 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-08-30 20:30 . 2004-08-17 13:44 370176 ----a-w- c:\windows\system32\html.iec
2012-07-06 13:58 . 2004-08-17 13:49 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2010-03-07 01:30 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2004-08-17 13:44 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-09-06 01:26 . 2012-09-26 19:34 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2004-08-17 . 63E527C26AC3059EAD766C6C11746D07 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
[7] 2004-08-17 . 63E527C26AC3059EAD766C6C11746D07 . 93184 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\iexplore.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-04-11 20:08 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2012-04-11 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\progra~1\MICROS~4\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"VIARaidUtl"="c:\program files\VIA\RAID\raid_tool.exe" [2009-02-19 4918936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NVCLOCK"="nvclock.dll" [2003-04-14 81920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Data aplikací\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\hujCZAdmin\Nabídka Start\Programy\Po spuštění\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
REALTEK 11n USB Wireless LAN Utility.lnk - c:\program files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe [2012-5-14 937984]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 12:01 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\REALTEK\\11n USB Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\adawaretb\\dtUser.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\windows\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
.
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [7.3.2010 3:48 77312]
R1 tidnet;TID NDIS Protocol Driver;c:\windows\system32\drivers\tidnet.sys [15.9.2009 11:51 19200]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [26.9.2012 20:09 676936]
R2 VRAID Log Service;VRAID Log Service;c:\program files\VIA\RAID\vialogsv.exe [6.5.2010 0:48 52888]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.9.2012 20:09 22856]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [14.5.2012 17:32 602912]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [20.9.2010 7:34 27632]
R3 VGAUTI;VGAUTI;c:\windows\system32\drivers\vgauti.sys [6.5.2010 20:17 39208]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6.6.2012 12:24 250288]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [13.11.2010 5:14 36608]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [20.9.2010 7:34 13224]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [23.4.2011 13:57 24448]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [14.9.2010 6:27 100736]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys --> c:\windows\system32\DRIVERS\motport.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [19.6.2012 13:40 114144]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [4.1.2011 9:15 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [4.1.2011 9:15 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [4.1.2011 9:15 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [4.1.2011 9:15 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [4.1.2011 9:15 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [4.1.2011 9:15 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [4.1.2011 9:15 115752]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe [8.9.2010 18:46 99176]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 01:49]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-08 20:15]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-08 20:15]
.
2012-09-27 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 15:03]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
DPF: {98B23776-D845-49B4-876F-32486810E89C} - hxxp://160.218.160.89/Install/VWPSetup.cab
FF - ProfilePath - c:\documents and settings\hujCZAdmin\Data aplikací\Mozilla\Firefox\Profiles\6nlioq0v.default\
FF - prefs.js: browser.search.selectedEngine - Centrum.cz
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-28 11:12
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
VIARaidUtl = c:\program files\VIA\RAID\raid_tool.exe?cha\VIA_Hy
NVCLOCK = rundll32 nvclock.dll,fnNvclock????????????????????????7~l???f? ?f???E???x? ??? ?? ?f???f???d??????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\cscui.dll
.
- - - - - - - > 'explorer.exe'(1280)
c:\documents and settings\All Users\Data aplikací\Ad-Aware Browsing Protection\adawarebp.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETSHELL.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2012-09-28 11:16:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-09-28 09:16
ComboFix2.txt 2012-09-27 16:56
.
Před spuštěním: Volných bajtů: 20 504 649 728
Po spuštění: Volných bajtů: 20 494 688 256
.
- - End Of File - - 6F62293FB683717412A23C5FBE5AC774

[vyosek]

Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe

• Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
• Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

• Kód: Vybrat vše

  :reg
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"=-
  [-HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Ad-Aware Browsing Protection"=-
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"=-
  
  :files
  c:\program files\adawaretb
  c:\documents and settings\All Users\Data aplikací\Ad-Aware Browsing Protection
  c:\windows\Tasks\Adobe Flash Player Updater.job
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  c:\program files\Adaware Removal Tool
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [EMPTYJAVA]

• Kliknete na cervene tlacitko MoveIt!
• Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte