Z vikend 4000 nedorucitelnych mailu

[sartaj]

Zdravim,

jiz nekolikrat jste mi tady pomohli a ja jsem sluzby patricne ocenil a verim, ze i nyni mne zachranite.


Neustale mi chodi zpravy zpravidla oznacene jako "Mail Delivery system" a sdeluji mi, ze zpravy nelze dorucit, jenze ja vedome nic neodesilam. Za vidend jich prislo pres 4 tisice a spravce domeny mi jiz domenu zablokovat, ze rozesilam spamy. Muzete mi s tim prosim pomoci.

Predem mnohokrat dekuji

[Roli]

Zdravím, jelikož z křišťálové koule věštit neumím tak mi sem prosím dej aktuální log z Rsit.

[sartaj]

No jasne jsem tele, tady to je.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Standa at 2013-10-21 11:37:25
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 403 GB (85%) free of 477 GB
Total RAM: 3292 MB (70% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 843019b9-847c-4d4e-9095-a43973afff18.job
C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task a851042c-bbdd-46de-97da-d5c6594b053a.job
C:\WINDOWS\tasks\tmtxnbi.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-02-25 18791456]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2010-04-23 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2010-04-23 174104]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2010-04-23 144920]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2012-11-26 5074384]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-07-25 20684656]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"djolert"=rundll32 C:\Documents and Settings\Standa\Local Settings\Data aplikací\djolert.dll,djolert []
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2013-10-17 5706480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCU]
C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ADnews.lnk]
C:\AUTO-D~2\ADnews.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Service Manager.lnk]
C:\PROGRA~1\MI6841~1\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Standa^Nabídka Start^Programy^Po spuštění^RT-Updater.lnk]
C:\AUTO-D~2\vagcom.exe [2013-01-21 1164288]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
ADnews.lnk - C:\Auto-diagnostika\Auto-diagnostika.exe

C:\Documents and Settings\Standa\Nabídka Start\Programy\Po spuštění
DOSPRN.lnk - C:\Program Files\DOSPRN\DOSprn.exe
RT-Updater.lnk - C:\Auto-diagnostika\vagcom.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\djolert]
C:\Documents and Settings\Standa\Local Settings\Data aplikací\djolert.dll [2013-09-04 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2010-04-21 213504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2013-05-08 115440]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableVirtualization"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\APP\PPS\mozilla.exe"="C:\APP\PPS\mozilla.exe:*:Enabled:Mozilla"
"C:\APPLIC\Portail\mozilla.exe"="C:\APPLIC\Portail\mozilla.exe:*:Enabled:Mozilla"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"="C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection

Server\WinNT\spnsrvnt.exe:*:Enabled:Sentinel Protection Server"
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe"="C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys

Server\sntlkeyssrvr.exe:*:Enabled:Sentinel Keys Server"
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\pemicro\prog08sz\prog08sz.exe"="C:\pemicro\prog08sz\prog08sz.exe:*:Enabled:prog08sz"
"C:\Program Files\Air Live IP Wizard II\IPWizardII.exe"="C:\Program Files\Air Live IP Wizard II\IPWizardII.exe:*:Enabled:IP Wizard II"
"C:\Program Files\VideoViewer\VideoViewer.exe"="C:\Program Files\VideoViewer\VideoViewer.exe:*:Enabled:VideoViewer"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2013-10-21 11:37:25 ----D---- C:\rsit
2013-10-21 09:01:50 ----D---- C:\FRST
2013-10-21 08:43:55 ----D---- C:\AdwCleaner
2013-10-21 07:46:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\iolo
2013-10-16 12:32:55 ----D---- C:\Program Files\Professional Lambda Remover
2013-10-16 12:32:26 ----D---- C:\Program Files\Professional DPF Remover
2013-10-16 12:32:03 ----D---- C:\Program Files\Professional EGR Remover
2013-10-09 09:24:38 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-10-09 07:23:48 ----D---- C:\Dell
2013-10-08 07:46:45 ----D---- C:\Documents and Settings\Standa\Data aplikací\SUPERAntiSpyware.com
2013-10-08 07:45:59 ----D---- C:\Program Files\SUPERAntiSpyware
2013-10-08 07:45:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2013-10-07 16:08:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\ngXrVU33
2013-10-07 10:37:39 ----A---- C:\WINDOWS\system32\wpcap.dll
2013-10-07 10:37:39 ----A---- C:\WINDOWS\system32\Packet.dll
2013-10-07 10:36:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Mozilla

======List of files/folders modified in the last 1 months======

2013-10-21 11:37:26 ----D---- C:\Program Files\trend micro
2013-10-21 11:37:11 ----D---- C:\A lek
2013-10-21 11:31:01 ----D---- C:\Carprog
2013-10-21 11:17:43 ----D---- C:\WINDOWS\temp
2013-10-21 11:13:20 ----D---- C:\Documents and Settings\Standa\Data aplikací\Skype
2013-10-21 09:02:56 ----D---- C:\WINDOWS
2013-10-21 08:49:23 ----A---- C:\WINDOWS\win.ini
2013-10-21 08:48:28 ----D---- C:\Temp
2013-10-21 08:48:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\organiser
2013-10-21 08:48:27 ----A---- C:\WINDOWS\BRMFBIDI.INI
2013-10-21 08:48:10 ----RD---- C:\Program Files
2013-10-21 08:47:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-10-21 08:41:22 ----D---- C:\WINDOWS\system32\CatRoot2
2013-10-21 08:25:27 ----A---- C:\WINDOWS\uPD78dash.ini
2013-10-21 07:53:04 ----D---- C:\WINDOWS\system32
2013-10-21 07:51:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-21 07:49:45 ----D---- C:\WINDOWS\Prefetch
2013-10-21 07:46:43 ----D---- C:\WINDOWS\system32\drivers
2013-10-18 14:13:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2013-10-18 13:10:31 ----D---- C:\Documents and Settings\Standa\Data aplikací\DAEMON Tools Lite
2013-10-18 11:24:34 ----D---- C:\Program Files\VideoViewer
2013-10-18 11:24:34 ----A---- C:\WINDOWS\PP2CAN.INI
2013-10-11 19:15:14 ----D---- C:\Documents and Settings\Standa\Data aplikací\vlc
2013-10-10 13:16:02 ----SHD---- C:\WINDOWS\Installer
2013-10-09 10:24:28 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-09 07:19:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2013-10-09 07:19:06 ----D---- C:\Config.Msi
2013-10-09 07:19:03 ----RD---- C:\Program Files\Skype
2013-10-08 11:00:06 ----D---- C:\Firma
2013-10-08 08:10:12 ----D---- C:\Auto-diagnostika
2013-10-08 07:54:54 ----D---- C:\WINDOWS\SoftwareDistribution
2013-10-08 07:54:54 ----D---- C:\WINDOWS\Minidump
2013-10-08 07:54:54 ----D---- C:\WINDOWS\Debug
2013-10-08 07:46:53 ----SD---- C:\WINDOWS\Tasks
2013-10-08 07:32:23 ----D---- C:\WINDOWS\Resources
2013-10-08 07:14:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-10-07 15:46:00 ----A---- C:\WINDOWS\hc08.ini
2013-10-07 09:25:15 ----D---- C:\Program Files\Immo Bypass v2.0.0.1
2013-10-04 12:26:41 ----D---- C:\ADCDA2
2013-09-27 11:31:31 ----D---- C:\Program Files\MultiProg
2013-09-26 18:26:30 ----A---- C:\WINDOWS\hc912.ini
2013-09-26 13:38:48 ----D---- C:\Program Files\Immo Bypass v3.4

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AppleCharger;AppleCharger; C:\WINDOWS\system32\DRIVERS\AppleCharger.sys [2010-04-27 19496]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-10-11 232512]
R1 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2012-10-08 159832]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2012-10-08 121216]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2012-10-08 104736]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2010-03-19 23360]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 DS1410D;DS1410D; C:\WINDOWS\SYSTEM32\drivers\DS1410D.SYS [2005-07-07 6689]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2004-07-21 9856]
R2 pardrv;pardrv; C:\WINDOWS\system32\drivers\pardrv.sys [2008-01-23 9728]
R2 PEDRV;P&E Microcomputer System PCI Driver.; C:\WINDOWS\system32\drivers\PEDRV.sys [2009-10-16 28080]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2008-07-11 92712]
R2 STM Parallel Driver;STM Parallel Driver; \??\C:\WINDOWS\system32\drivers\parstm.sys []
R2 zntport;NTPort Library Driver; \??\C:\WINDOWS\system32\drivers\zntport.sys []
R3 adatadrv;Autodata Protection Service; C:\WINDOWS\system32\DRIVERS\adatadrv.sys [2009-07-01 762112]
R3 afcdp;afcdp; C:\WINDOWS\system32\DRIVERS\afcdp.sys [2011-07-19 160288]
R3 BrUsbScn;Ovladač skeneru Brother MFC USB; C:\WINDOWS\System32\Drivers\BrUsbScn.sys [2001-08-17 10368]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2004-07-22 26240]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2010-04-21 1917344]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-02-25 5864480]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 PciPPorts;PCI ECP Parallel Port; C:\WINDOWS\system32\DRIVERS\PciPPorts.sys [2009-07-23 82944]
R3 PciSPorts;High-Speed PCI Serial Port; C:\WINDOWS\system32\DRIVERS\PciSPorts.sys [2008-12-19 115200]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2010-03-08 220112]
R3 SNTNLUSB;SafeNet USB SuperPro/UltraPro/HardwareKey; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2008-07-11 37088]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2010-11-08 199912]
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 31744]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 AMTCAR;Amt-Cartech System Driver (AmtCar.Sys); C:\WINDOWS\System32\Drivers\AmtCar.sys [2007-03-03 31712]
S3 BTCFilterService;USB Networking Driver Filter Service; C:\WINDOWS\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CTU2K;CTU2K.SYS CTU2K device driver; C:\WINDOWS\System32\Drivers\CTU2K.sys [2003-01-24 24197]
S3 CYUSB3;UPA-USB3.0 Driver; C:\WINDOWS\System32\Drivers\UPAUSB.sys [2013-02-05 49320]
S3 ezusb;ezusb; C:\WINDOWS\system32\DRIVERS\ezusb.sys []
S3 FTD2XX;VAGUSB.sys VAG-Com USB driver; C:\WINDOWS\System32\Drivers\VAGUSB.sys [2003-10-30 25596]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2011-03-18 61704]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2011-08-25 73096]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 GIVEIO;GIVEIO; \??\C:\WINDOWS\SYSTEM32\DRIVERS\GIVEIO.SYS []
S3 HS4l;Handyscope HS4 driver (before renumeration); C:\WINDOWS\system32\DRIVERS\HS4l.sys [2010-02-26 18944]
S3 HS4r;Handyscope HS4 driver; C:\WINDOWS\system32\DRIVERS\HS4r.sys [2010-02-26 19840]
S3 jlink;J-Link driver; C:\WINDOWS\System32\Drivers\jlink.sys [2009-10-12 14208]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2012-06-11 20864]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2012-01-25 8448]
S3 MotoSwitchService;MotoSwitch Service; C:\WINDOWS\system32\DRIVERS\motswch.sys [2012-06-08 6656]
S3 Motousbnet;Motorola USB Networking Driver Service; C:\WINDOWS\system32\DRIVERS\Motousbnet.sys [2012-06-08 23808]
S3 motusbdevice;Motorola USB Dev Driver; C:\WINDOWS\system32\DRIVERS\motusbdevice.sys [2011-11-08 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-08-17 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-08-17 23168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2011-08-17 137472]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2011-08-17 8576]
S3 NPF;WinPcap Packet Driver (NPF); C:\WINDOWS\system32\drivers\NPF.sys [2013-10-07 50704]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RT-USB;Ross-Tech USB driver; C:\WINDOWS\system32\drivers\RT-USB.SYS [2010-06-16 59464]
S3 SIUSBXP;SIUSBXP; C:\WINDOWS\system32\drivers\SiUSBXp.sys [2011-10-10 14592]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SmokXX;SmokXX.SYS FT8U2XX device driver; C:\WINDOWS\System32\Drivers\SmokXX.sys [2011-08-18 29292]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 umpusbxp;VCP Serial Port Driver; C:\WINDOWS\system32\DRIVERS\umpusbxp.sys [2007-08-21 76768]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-08-17 8192]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-08-17 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 VCommUSB;Service for ACTIA USB Devices; C:\WINDOWS\System32\Drivers\VCommUSB.sys [2008-12-15 40576]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 zlportio;zlportio; \??\Z:\Car\Dashboard\Utility\Calculators\Licznik 8 novy !!!!\Licznik 8\licznic686\licznik8\zlportio.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]
R2 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe [2009-11-26 661008]
R2 afcdpsrv;Acronis Nonstop Backup service; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-07-19 2480048]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2010-03-18 126976]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2012-11-26 1329304]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\APP\FIREBIRD\bin\fbguard.exe [2007-01-31 65536]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-03 153376]
R2 LcSvrAdm;ELSA Administration Service; C:\ElsaWin\bin\LcSvrAdm.exe [2009-07-06 147456]
R2 LcSvrDba;ELSA DBA Server; C:\ElsaWin\bin\LcSvrDba.exe [2009-07-06 241664]
R2 LcSvrHis;ELSA Historie Server; C:\ElsaWin\bin\LcSvrHis.exe [2009-07-06 217088]
R2 LcSvrPAS;ELSA PASS Server; C:\ElsaWin\bin\LcSvrPas.exe [2009-07-06 368640]
R2 LcSvrSaz;ELSA APOSpro Server; C:\ElsaWin\bin\LcSvrSaz.exe [2009-07-06 258048]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 Motorola Device Manager;Motorola Device Manager Service; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-24 120728]
R2 MSSQL$SFN;MSSQL$SFN; C:\Program Files\Microsoft SQL Server\MSSQL$SFN\Binn\sqlservr.exe [2002-12-17 7520337]
R2 SentinelKeysServer;Sentinel Keys Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2008-07-11 328992]
R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2008-07-11 226592]
R2 VSGate;ELSA Vaudis Service; C:\ElsaWin\bin\VSgate.exe [2009-07-06 81920]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\APP\FIREBIRD\bin\fbserver.exe [2007-01-31 1527893]
R3 LcSvrAuf;ELSA Auftragsverwaltungs Service; C:\ElsaWin\bin\LcSvrAuf.exe [2009-07-06 1306624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-08 116648]
S2 ivscheduler;Mcontrol; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-07-25 162672]
S2 W8335XP;Hsfhwazl; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 WorkshopDBService;WorkshopDBService; C:\PROGRA~1\VIVIDW~1\WORKSH~1.EXE [2011-11-28 114688]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09 257416]
S3 AppleChargerSrv;AppleChargerSrv; C:\WINDOWS\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-08 116648]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-10-27 718384]
S3 SQLAgent$SFN;SQLAgent$SFN; C:\Program Files\Microsoft SQL Server\MSSQL$SFN\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-04-18 754856]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Roli]

Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Stáhni a ulož na plochu AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po té proběhne sken a po jeho skončení klikni na Report a to co na Tebe vypadne mi sem zkopíruj.


Koukám, že tam máš Mbam, našel něco ?


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.


P.S. měj trpělivost, budu tady zase až k večeru

[sartaj]

# AdwCleaner v3.010 - Report created 21/10/2013 at 12:29:34
# Updated 20/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Standa - STANIK
# Running from : C:\A lek\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v30.0.1599.101

[ File : C:\Documents and Settings\Standa\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1844 octets] - [21/10/2013 08:43:58]
AdwCleaner[R1].txt - [698 octets] - [21/10/2013 12:29:34]
AdwCleaner[S0].txt - [1935 octets] - [21/10/2013 08:47:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [817 octets] ##########

[sartaj]

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2013.10.21.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Standa :: STANIK [administrátor]

21.10.2013 12:38:40
mbam-log-2013-10-21 (12-38-40).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 219700
Uplynulý čas: 4 minut, 24 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

[sartaj]

Tak a Combofix identifikoval ROOT Kill a vypada ze se s nim dokazal vyporadat. Zde je log

ComboFix 13-10-19.02 - Standa 21.10.2013 12:54:34.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3292.2802 [GMT 2:00]
Spuštěný z: c:\documents and settings\Standa\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Standa\Local Settings\Data aplikací\MSGBOX.EXE
c:\documents and settings\Standa\WINDOWS
c:\windows\iun6002.exe
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-21 do 2013-10-21 )))))))))))))))))))))))))))))))
.
.
2013-10-21 09:37 . 2013-10-21 09:37 -------- d-----w- C:\rsit
2013-10-21 07:01 . 2013-10-21 07:01 -------- d-----w- C:\FRST
2013-10-21 06:43 . 2013-10-21 10:30 -------- d-----w- C:\AdwCleaner
2013-10-21 05:46 . 2013-10-21 05:46 -------- d-----w- c:\documents and settings\Standa\Local Settings\Data aplikací\iolo
2013-10-21 05:46 . 2013-10-21 05:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\iolo
2013-10-16 10:32 . 2013-10-16 10:32 -------- d-----w- c:\program files\Professional Lambda Remover
2013-10-16 10:32 . 2013-10-16 10:32 -------- d-----w- c:\program files\Professional DPF Remover
2013-10-16 10:32 . 2013-10-16 10:32 -------- d-----w- c:\program files\Professional EGR Remover
2013-10-09 07:24 . 2013-10-09 08:24 17813896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-10-09 05:23 . 2013-10-09 05:23 -------- d-----w- C:\Dell
2013-10-08 05:46 . 2013-10-08 05:46 -------- d-----w- c:\documents and settings\Standa\Data aplikací\SUPERAntiSpyware.com
2013-10-08 05:45 . 2013-10-17 07:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-10-08 05:45 . 2013-10-08 05:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2013-10-07 14:08 . 2013-10-07 14:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ngXrVU33
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 08:24 . 2012-06-26 05:03 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 08:24 . 2011-05-18 05:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-04 14:46 . 2013-09-04 14:46 24576 ----a-w- c:\documents and settings\Standa\Local Settings\Data aplikací\djolert.dll
2013-08-13 09:31 . 2011-01-24 12:44 178863 ----a-w- c:\windows\Multi Protocol Programming System Uninstaller.exe
2013-08-09 01:56 . 2004-08-17 13:49 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:09 . 2004-08-17 13:44 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 06:05 . 2004-08-17 13:49 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2004-08-17 13:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2004-08-17 13:49 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 00:02 . 2004-08-17 13:44 385024 ----a-w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2004-08-17 13:49 1289216 ----a-w- c:\windows\system32\ole32.dll
2013-08-02 23:48 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-07-25 20684656]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"djolert"="c:\documents and settings\Standa\Local Settings\Data aplikací\djolert.dll" [2013-09-04 24576]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-10-17 5706480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-02-25 18791456]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 144920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-11-26 5074384]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Standa\Nabídka Start\Programy\Po spuštění\
DOSPRN.lnk - c:\program files\DOSPRN\DOSprn.exe [2011-1-24 815104]
RT-Updater.lnk - c:\auto-diagnostika\vagcom.exe Update [2013-1-21 1164288]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
ADnews.lnk - c:\auto-diagnostika\Auto-diagnostika.exe [2013-1-31 1368632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableVirtualization"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ADnews.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\ADnews.lnk
backup=c:\windows\pss\ADnews.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Service Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Standa^Nabídka Start^Programy^Po spuštění^RT-Updater.lnk]
path=c:\documents and settings\Standa\Nabídka Start\Programy\Po spuštění\RT-Updater.lnk
backup=c:\windows\pss\RT-Updater.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Služba Acronis Scheduler2"="c:\program files\Common Files\Acronis\Plán2\schedhlp.exe"
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe"
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"PsaStart"=c:\applic\ddc\bin\psastart.exe c:\applic\ddc\bin\psaagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\APP\\PPS\\mozilla.exe"=
"c:\\APPLIC\\Portail\\mozilla.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\pemicro\\prog08sz\\prog08sz.exe"=
"c:\\Program Files\\Air Live IP Wizard II\\IPWizardII.exe"=
"c:\\Program Files\\VideoViewer\\VideoViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [19.7.2011 7:42 911680]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [23.1.2011 22:53 19496]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [11.10.2011 7:42 232512]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [8.10.2012 9:21 121216]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8.10.2012 9:21 104736]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 23:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [23.5.2013 22:11 119056]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [19.7.2011 7:42 2480048]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [26.11.2012 14:34 1329304]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\app\FIREBIRD\bin\fbguard.exe -s --> c:\app\FIREBIRD\bin\fbguard.exe -s [?]
R2 LcSvrAdm;ELSA Administration Service;c:\elsawin\bin\LcSvrAdm.exe [8.4.2013 8:37 147456]
R2 LcSvrDba;ELSA DBA Server;c:\elsawin\bin\LcSvrDba.exe [8.4.2013 8:37 241664]
R2 LcSvrHis;ELSA Historie Server;c:\elsawin\bin\LcSvrHis.exe [8.4.2013 8:37 217088]
R2 LcSvrPAS;ELSA PASS Server;c:\elsawin\bin\LcSvrPas.exe [8.4.2013 8:37 368640]
R2 LcSvrSaz;ELSA APOSpro Server;c:\elsawin\bin\LcSvrSaz.exe [8.4.2013 8:37 258048]
R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [24.10.2012 0:58 120728]
R2 MSSQL$SFN;MSSQL$SFN;c:\program files\Microsoft SQL Server\MSSQL$SFN\Binn\sqlservr.exe -sSFN --> c:\program files\Microsoft SQL Server\MSSQL$SFN\Binn\sqlservr.exe -sSFN [?]
R2 pardrv;pardrv;c:\windows\system32\drivers\pardrv.sys [24.1.2011 8:11 9728]
R2 PEDRV;P&E Microcomputer System PCI Driver.;c:\windows\system32\drivers\pedrv.sys [16.10.2009 16:28 28080]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [11.7.2008 2:02 328992]
R2 STM Parallel Driver;STM Parallel Driver;c:\windows\system32\drivers\parstm.sys [3.7.2012 15:19 35040]
R2 VSGate;ELSA Vaudis Service;c:\elsawin\bin\VSGate.exe [8.4.2013 8:37 81920]
R3 adatadrv;Autodata Protection Service;c:\windows\system32\drivers\adatadrv.sys [15.2.2011 15:09 762112]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [19.7.2011 7:42 160288]
R3 BrUsbScn;Ovladač skeneru Brother MFC USB;c:\windows\system32\drivers\BrUsbScn.sys [24.1.2011 9:27 10368]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\app\FIREBIRD\bin\fbserver.exe -s --> c:\app\FIREBIRD\bin\fbserver.exe -s [?]
R3 LcSvrAuf;ELSA Auftragsverwaltungs Service;c:\elsawin\bin\LcSvrAuf.exe [8.4.2013 8:37 1306624]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5.3.2012 12:06 22856]
R3 PciPPorts;PCI ECP Parallel Port;c:\windows\system32\drivers\PciPPorts.sys [23.1.2011 23:00 82944]
R3 PciSPorts;High-Speed PCI Serial Port;c:\windows\system32\drivers\PciSPorts.sys [23.1.2011 23:00 115200]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5.3.2012 12:06 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [25.7.2013 8:52 162672]
S2 WorkshopDBService;WorkshopDBService;c:\progra~1\VIVIDW~1\WORKSH~1.EXE -zglaxservice WorkshopDBService --> c:\progra~1\VIVIDW~1\WORKSH~1.EXE -zglaxservice WorkshopDBService [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [23.1.2011 22:41 1691480]
S3 AMTCAR;Amt-Cartech System Driver (AmtCar.Sys);c:\windows\system32\drivers\AmtCar.sys [22.4.2009 13:27 31712]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [29.11.2012 10:02 6016]
S3 CTU2K;CTU2K.SYS CTU2K device driver;c:\windows\system32\drivers\CTU2K.sys [24.1.2011 12:20 24197]
S3 CYUSB3;UPA-USB3.0 Driver;c:\windows\system32\drivers\UPAUSB.sys [13.9.2013 17:50 49320]
S3 ezusb;ezusb;c:\windows\system32\DRIVERS\ezusb.sys --> c:\windows\system32\DRIVERS\ezusb.sys [?]
S3 FTD2XX;VAGUSB.sys VAG-Com USB driver;c:\windows\system32\drivers\VAGUSB.sys [24.1.2011 12:19 25596]
S3 HS4l;Handyscope HS4 driver (before renumeration);c:\windows\system32\drivers\HS4l.sys [12.5.2011 13:37 18944]
S3 HS4r;Handyscope HS4 driver;c:\windows\system32\drivers\HS4r.sys [12.5.2011 13:37 19840]
S3 jlink;J-Link driver;c:\windows\system32\drivers\jlink.sys [7.10.2011 8:15 14208]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [29.11.2012 10:02 20864]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [29.11.2012 10:02 8448]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [29.11.2012 10:02 23808]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [29.11.2012 10:02 11008]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [13.12.2011 8:16 137472]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [13.12.2011 8:16 8576]
S3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB.SYS [28.3.2012 13:45 59464]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [20.1.2012 12:10 14592]
S3 SmokXX;SmokXX.SYS FT8U2XX device driver;c:\windows\system32\drivers\SmokXX.sys [3.9.2012 9:26 29292]
S3 SQLAgent$SFN;SQLAgent$SFN;c:\program files\Microsoft SQL Server\MSSQL$SFN\Binn\sqlagent.EXE -i SFN --> c:\program files\Microsoft SQL Server\MSSQL$SFN\Binn\sqlagent.EXE -i SFN [?]
S3 VCommUSB;Service for ACTIA USB Devices;c:\windows\system32\drivers\VCommUSB.sys [24.1.2011 13:57 40576]
S3 zlportio;zlportio;\??\z:\car\Dashboard\Utility\Calculators\Licznik 8 novy !!!!\Licznik 8\licznic686\licznik8\zlportio.sys --> z:\car\Dashboard\Utility\Calculators\Licznik 8 novy !!!!\Licznik 8\licznic686\licznik8\zlportio.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 10:16 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 08:24]
.
2013-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-08 05:47]
.
2013-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-08 05:47]
.
2013-10-08 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 843019b9-847c-4d4e-9095-a43973afff18.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
2013-10-21 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task a851042c-bbdd-46de-97da-d5c6594b053a.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {336C9D79-263A-4D75-AA7C-60DAF945AE67} - hxxp://178.72.207.174/classes/OvisLinkCamV_H264.cab
DPF: {971FC730-55F1-461F-83FD-B3BF5E1F039E} - hxxp://192.168.1.109/AVC_AX_742.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-BCU - c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe
AddRemove-Carteclef_1.4 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-21 13:03
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(764)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Acronis\Plán2\schedul2.exe
c:\windows\system32\crypserv.exe
c:\app\FIREBIRD\bin\fbguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Microsoft SQL Server\MSSQL$SFN\Binn\sqlservr.exe
c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\windows\system32\BRMFRSMG.EXE
c:\app\FIREBIRD\bin\fbserver.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Celkový čas: 2013-10-21 13:07:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-10-21 11:07
.
Před spuštěním: Volných bajtů: 422 757 740 544
Po spuštění: Volných bajtů: 422 676 201 472
.
- - End Of File - - 770740DB922CA0705888FB94B08F7BF0
413FC2A0C716421B3158746D63736515

[sartaj]

Takze vsechno asi spatne, Combofix porad identifikuje Rootkit a v exploreru mi stale jednou za cas vyskakuji takove ty male okna jako ze sem vyhral iPhone apod. Jo a kdyz kliknu na odkaz nejakeho downloadu, proste chci stahnout nekakou utilitu na cisteni kompu nebo jiny programek, tak me to obcas presmeruje na jiny download a nuti mi to instalaci kdovi ceho.

[Roli]

Takze vsechno asi spatne, ..........

Však jsme také ještě nezkončili.


Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

KillAll::

File::  
c:\documents and settings\Standa\Local Settings\Data aplikací\djolert.dll
C:\WINDOWS\tasks\tmtxnbi.job

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"djolert"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\djolert]

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci


Pak se zeptám, tohle znáš :

C:\Documents and Settings\All Users\Data aplikací\ngXrVU33

[sartaj]

Pak se zeptám, tohle znáš :

C:\Documents and Settings\All Users\Data aplikací\ngXrVU33[/quote]


Neznam, a ta ikona jednoho souboru v tom adresare je mi hodne povedoma. Mam to smazat??

[sartaj]

ComboFix 13-10-21.01 - Standa 22.10.2013 8:05.6.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3292.2799 [GMT 2:00]
Spuštěný z: c:\documents and settings\Standa\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Standa\Plocha\CFScript.txt.txt
AV: ESET NOD32 Antivirus 6.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
.
FILE ::
"c:\documents and settings\Standa\Local Settings\Data aplikací\djolert.dll"
"c:\windows\tasks\tmtxnbi.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-22 do 2013-10-22 )))))))))))))))))))))))))))))))
.
.
2013-10-21 17:10 . 2013-10-21 17:10 -------- d-----w- C:\30e5266ce5920a3c32
2013-10-21 13:19 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2013-10-21 13:18 . 2013-07-17 00:58 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys
2013-10-21 13:18 . 2013-07-17 00:58 46848 -c----w- c:\windows\system32\dllcache\irbus.sys
2013-10-21 13:18 . 2013-07-17 00:58 60160 -c----w- c:\windows\system32\dllcache\usbaudio.sys
2013-10-21 13:18 . 2013-08-09 00:55 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2013-10-21 13:18 . 2013-08-09 00:55 32384 -c----w- c:\windows\system32\dllcache\usbccgp.sys
2013-10-21 13:18 . 2013-08-09 00:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2013-10-21 13:18 . 2009-03-18 11:02 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
2013-10-21 09:37 . 2013-10-21 09:37 -------- d-----w- C:\rsit
2013-10-21 07:01 . 2013-10-21 07:01 -------- d-----w- C:\FRST
2013-10-21 06:43 . 2013-10-21 10:30 -------- d-----w- C:\AdwCleaner
2013-10-21 05:46 . 2013-10-21 05:46 -------- d-----w- c:\documents and settings\Standa\Local Settings\Data aplikací\iolo
2013-10-21 05:46 . 2013-10-21 05:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\iolo
2013-10-16 10:32 . 2013-10-16 10:32 -------- d-----w- c:\program files\Professional Lambda Remover
2013-10-16 10:32 . 2013-10-16 10:32 -------- d-----w- c:\program files\Professional DPF Remover
2013-10-16 10:32 . 2013-10-16 10:32 -------- d-----w- c:\program files\Professional EGR Remover
2013-10-09 07:24 . 2013-10-09 08:24 17813896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-10-09 05:23 . 2013-10-09 05:23 -------- d-----w- C:\Dell
2013-10-08 05:46 . 2013-10-08 05:46 -------- d-----w- c:\documents and settings\Standa\Data aplikací\SUPERAntiSpyware.com
2013-10-08 05:45 . 2013-10-17 07:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-10-08 05:45 . 2013-10-08 05:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2013-10-07 14:08 . 2013-10-07 14:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ngXrVU33
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 08:24 . 2012-06-26 05:03 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 08:24 . 2011-05-18 05:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 18:25 . 2004-08-17 13:49 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:25 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:25 . 2004-08-17 13:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 18:25 . 2004-08-17 13:49 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2004-08-17 13:44 385024 ----a-w- c:\windows\system32\html.iec
2013-09-04 14:46 . 2013-09-04 14:46 24576 ----a-w- c:\documents and settings\Standa\Local Settings\Data aplikací\djolert.dll
2013-08-29 07:01 . 2004-08-17 13:44 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-29 00:56 . 2011-12-13 06:19 26240 ----a-w- c:\windows\system32\drivers\usbser.sys
2013-08-13 09:31 . 2011-01-24 12:44 178863 ----a-w- c:\windows\Multi Protocol Programming System Uninstaller.exe
2013-08-09 01:56 . 2004-08-17 13:49 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2004-08-03 21:08 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2011-01-24 07:27 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2001-10-25 12:00 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30 . 2004-08-17 13:49 1289216 ----a-w- c:\windows\system32\ole32.dll
2013-08-02 23:48 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-07-25 20684656]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-10-17 5706480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-02-25 18791456]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 144920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-11-26 5074384]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Standa\Nabídka Start\Programy\Po spuštění\
DOSPRN.lnk - c:\program files\DOSPRN\DOSprn.exe [2011-1-24 815104]
RT-Updater.lnk - c:\auto-diagnostika\vagcom.exe Update [2013-1-21 1164288]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
ADnews.lnk - c:\auto-diagnostika\Auto-diagnostika.exe [2013-1-31 1368632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableVirtualization"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ADnews.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\ADnews.lnk
backup=c:\windows\pss\ADnews.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Service Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Standa^Nabídka Start^Programy^Po spuštění^RT-Updater.lnk]
path=c:\documents and settings\Standa\Nabídka Start\Programy\Po spuštění\RT-Updater.lnk
backup=c:\windows\pss\RT-Updater.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Služba Acronis Scheduler2"="c:\program files\Common Files\Acronis\Plán2\schedhlp.exe"
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe"
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"PsaStart"=c:\applic\ddc\bin\psastart.exe c:\applic\ddc\bin\psaagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\APP\\PPS\\mozilla.exe"=
"c:\\APPLIC\\Portail\\mozilla.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\pemicro\\prog08sz\\prog08sz.exe"=
"c:\\Program Files\\Air Live IP Wizard II\\IPWizardII.exe"=
"c:\\Program Files\\VideoViewer\\VideoViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [19.7.2011 7:42 911680]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [23.1.2011 22:53 19496]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [11.10.2011 7:42 232512]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [8.10.2012 9:21 121216]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8.10.2012 9:21 104736]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 23:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [23.5.2013 22:11 119056]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [19.7.2011 7:42 2480048]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [26.11.2012 14:34 1329304]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\app\FIREBIRD\bin\fbguard.exe -s --> c:\app\FIREBIRD\bin\fbguard.exe -s [?]
R2 LcSvrAdm;ELSA Administration Service;c:\elsawin\bin\LcSvrAdm.exe [8.4.2013 8:37 147456]
R2 LcSvrDba;ELSA DBA Server;c:\elsawin\bin\LcSvrDba.exe [8.4.2013 8:37 241664]
R2 LcSvrHis;ELSA Historie Server;c:\elsawin\bin\LcSvrHis.exe [8.4.2013 8:37 217088]
R2 LcSvrPAS;ELSA PASS Server;c:\elsawin\bin\LcSvrPas.exe [8.4.2013 8:37 368640]
R2 LcSvrSaz;ELSA APOSpro Server;c:\elsawin\bin\LcSvrSaz.exe [8.4.2013 8:37 258048]
R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [24.10.2012 0:58 120728]
R2 MSSQL$SFN;MSSQL$SFN;c:\program files\Microsoft SQL Server\MSSQL$SFN\Binn\sqlservr.exe -sSFN --> c:\program files\Microsoft SQL Server\MSSQL$SFN\Binn\sqlservr.exe -sSFN [?]
R2 pardrv;pardrv;c:\windows\system32\drivers\pardrv.sys [24.1.2011 8:11 9728]
R2 PEDRV;P&E Microcomputer System PCI Driver.;c:\windows\system32\drivers\pedrv.sys [16.10.2009 16:28 28080]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [11.7.2008 2:02 328992]
R2 STM Parallel Driver;STM Parallel Driver;c:\windows\system32\drivers\parstm.sys [3.7.2012 15:19 35040]
R2 VSGate;ELSA Vaudis Service;c:\elsawin\bin\VSGate.exe [8.4.2013 8:37 81920]
R3 adatadrv;Autodata Protection Service;c:\windows\system32\drivers\adatadrv.sys [15.2.2011 15:09 762112]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [19.7.2011 7:42 160288]
R3 BrUsbScn;Ovladač skeneru Brother MFC USB;c:\windows\system32\drivers\BrUsbScn.sys [24.1.2011 9:27 10368]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\app\FIREBIRD\bin\fbserver.exe -s --> c:\app\FIREBIRD\bin\fbserver.exe -s [?]
R3 LcSvrAuf;ELSA Auftragsverwaltungs Service;c:\elsawin\bin\LcSvrAuf.exe [8.4.2013 8:37 1306624]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5.3.2012 12:06 22856]
R3 PciPPorts;PCI ECP Parallel Port;c:\windows\system32\drivers\PciPPorts.sys [23.1.2011 23:00 82944]
R3 PciSPorts;High-Speed PCI Serial Port;c:\windows\system32\drivers\PciSPorts.sys [23.1.2011 23:00 115200]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5.3.2012 12:06 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [25.7.2013 8:52 162672]
S2 WorkshopDBService;WorkshopDBService;c:\progra~1\VIVIDW~1\WORKSH~1.EXE -zglaxservice WorkshopDBService --> c:\progra~1\VIVIDW~1\WORKSH~1.EXE -zglaxservice WorkshopDBService [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [23.1.2011 22:41 1691480]
S3 AMTCAR;Amt-Cartech System Driver (AmtCar.Sys);c:\windows\system32\drivers\AmtCar.sys [22.4.2009 13:27 31712]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [29.11.2012 10:02 6016]
S3 CTU2K;CTU2K.SYS CTU2K device driver;c:\windows\system32\drivers\CTU2K.sys [24.1.2011 12:20 24197]
S3 CYUSB3;UPA-USB3.0 Driver;c:\windows\system32\drivers\UPAUSB.sys [13.9.2013 17:50 49320]
S3 ezusb;ezusb;c:\windows\system32\DRIVERS\ezusb.sys --> c:\windows\system32\DRIVERS\ezusb.sys [?]
S3 FTD2XX;VAGUSB.sys VAG-Com USB driver;c:\windows\system32\drivers\VAGUSB.sys [24.1.2011 12:19 25596]
S3 HS4l;Handyscope HS4 driver (before renumeration);c:\windows\system32\drivers\HS4l.sys [12.5.2011 13:37 18944]
S3 HS4r;Handyscope HS4 driver;c:\windows\system32\drivers\HS4r.sys [12.5.2011 13:37 19840]
S3 jlink;J-Link driver;c:\windows\system32\drivers\jlink.sys [7.10.2011 8:15 14208]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [29.11.2012 10:02 20864]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [29.11.2012 10:02 8448]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [29.11.2012 10:02 23808]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [29.11.2012 10:02 11008]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [13.12.2011 8:16 137472]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [13.12.2011 8:16 8576]
S3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB.SYS [28.3.2012 13:45 59464]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [20.1.2012 12:10 14592]
S3 SmokXX;SmokXX.SYS FT8U2XX device driver;c:\windows\system32\drivers\SmokXX.sys [3.9.2012 9:26 29292]
S3 SQLAgent$SFN;SQLAgent$SFN;c:\program files\Microsoft SQL Server\MSSQL$SFN\Binn\sqlagent.EXE -i SFN --> c:\program files\Microsoft SQL Server\MSSQL$SFN\Binn\sqlagent.EXE -i SFN [?]
S3 VCommUSB;Service for ACTIA USB Devices;c:\windows\system32\drivers\VCommUSB.sys [24.1.2011 13:57 40576]
S3 zlportio;zlportio;\??\z:\car\Dashboard\Utility\Calculators\Licznik 8 novy !!!!\Licznik 8\licznic686\licznik8\zlportio.sys --> z:\car\Dashboard\Utility\Calculators\Licznik 8 novy !!!!\Licznik 8\licznic686\licznik8\zlportio.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 10:16 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 08:24]
.
2013-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-08 05:47]
.
2013-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-08 05:47]
.
2013-10-08 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 843019b9-847c-4d4e-9095-a43973afff18.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
2013-10-22 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task a851042c-bbdd-46de-97da-d5c6594b053a.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {336C9D79-263A-4D75-AA7C-60DAF945AE67} - hxxp://178.72.207.174/classes/OvisLinkCamV_H264.cab
DPF: {971FC730-55F1-461F-83FD-B3BF5E1F039E} - hxxp://192.168.1.109/AVC_AX_742.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-22 08:13
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2768)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Acronis\Plán2\schedul2.exe
c:\windows\system32\crypserv.exe
c:\app\FIREBIRD\bin\fbguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Microsoft SQL Server\MSSQL$SFN\Binn\sqlservr.exe
c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\windows\system32\BRMFRSMG.EXE
c:\app\FIREBIRD\bin\fbserver.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Celkový čas: 2013-10-22 08:16:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-10-22 06:16
ComboFix2.txt 2013-10-21 14:25
ComboFix3.txt 2013-10-21 13:17
ComboFix4.txt 2013-10-21 11:07
.
Před spuštěním: Volných bajtů: 421 514 539 008
Po spuštění: Volných bajtů: 421 585 997 824
.
- - End Of File - - 29434D28CBABD32E0DB095F8073A3F98
413FC2A0C716421B3158746D63736515

[sartaj]

Halo halo je tu nekdo, pomozte mi to prosim doresit. Je to komp v praci jsem bez nej nahrany.

Diky

[cernohous13]

Zdravím a kolega promine

Výňatek z našich pravidel, která sis bohužel nepřečetl.

6. Fórum viry.cz se nezabývá odvirováním firemních PC - na toto jsou ve firmách placení (a někdy až hodně nadstandardně) IT technici, případně si je firma může najmout. My jsme tu zdarma a ve svém volném čase, nehodláme dělat práci za někoho jiného, kdo si pak jen slízne smetánku a plat. Taktéž ani neposkytujeme poradenství v oblasti zabezpečení firemních sítí či nastavení firemních sítí. Zkrátka a jednoduše, naše fórum poskytuje podporu pouze domácím uživatelům.

Je na rozhodnutí řešitele jestli budete pokračovat - ale až on bude mít volno a chuť, tlačit na nás nemůžeš

[Roli]

Halo halo je tu nekdo, pomozte mi to prosim doresit. Je to komp v praci jsem bez nej nahrany.

Jak již psal cernohous13, když to tak pospíchá a je to firemní PC tak si na to zavolej nějakého IT technika který nebude zrovna levný, já jsem tu ve svém volném čase a zadarmo aby bylo jasno. Ty sis to docela zaneřádil stahováním nevím čeho a když to mám dát dohromady tak mě laskavě nehoň.

Pak se zeptám, tohle znáš :

C:\Documents and Settings\All Users\Data aplikací\ngXrVU33

Neznam, a ta ikona jednoho souboru v tom adresare je mi hodne povedoma. Mam to smazat??

No když je Ti tam něco povědomé asi bych to nemazal, ptal jsem se proto, že máš nějaký softík na diagnostiku aut a u něho nevím co si kam a pod jakým názvem ukládá tak aby nebyl problém když by se to smázlo a patřilo to zrovna k němu. Když tak ty soubory v té složce otestuj na VIRUSTOTAL


Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files 
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
c:\documents and settings\Standa\Local Settings\Data aplikací\djolert.dll

:reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"djolert"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\djolert]

:commands
[purity]
[emptytemp]
[start explorer]

klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\

[sartaj]

All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
File/Folder C:\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
DllUnregisterServer procedure not found in c:\documents and settings\Standa\Local Settings\Data aplikací\djolert.dll
c:\documents and settings\Standa\Local Settings\Data aplikací\djolert.dll moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\djolert not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\djolert\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: Standa
->Temp folder emptied: 116938 bytes
->Temporary Internet Files folder emptied: 17474551 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3310 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3072 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 17,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 10222013_103826

Files moved on Reboot...

Registry entries deleted on Reboot...