Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

zpomalený PC trojan Ex options

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
leos65
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 05 srp 2011 16:48

zpomalený PC trojan Ex options

#1 Příspěvek od leos65 »

Dobrý den.Prosím o radu.Spyware terminator mi našel troj.koně Ex Options který nejde smazat.Na základě přečtení témat ohledně tohoto problému podotýkám že nemám a neměl jsem naistalovaný program od esetu pouze občas použiji on line scaner od výše uvedené firmy .Zasílam log .Děkuji za pomoc.
OTL logfile created on: 5.8.2011 19:21:40 - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\Dokumenty\Stažené soubory
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 58,02% Memory free
3,85 Gb Paging File | 2,97 Gb Available in Paging File | 77,12% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 171,88 Gb Total Space | 121,05 Gb Free Space | 70,43% Space Free | Partition Type: NTFS
Drive D: | 293,88 Gb Total Space | 293,10 Gb Free Space | 99,74% Space Free | Partition Type: NTFS

Computer Name: XXX-EF4A8A80FD1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.08.05 19:21:15 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Dokumenty\Stažené soubory\OTL(1).exe
PRC - [2011.08.01 21:47:36 | 002,183,680 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2011.08.01 21:47:36 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2011.07.20 14:50:16 | 000,884,120 | ---- | M] () -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe
PRC - [2011.07.20 14:50:02 | 002,655,640 | ---- | M] (Ashampoo Development GmbH & Co. KG) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\LiveTuner.exe
PRC - [2011.07.05 21:38:00 | 003,029,208 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2011.06.29 15:59:30 | 000,432,848 | ---- | M] (Sony Ericsson) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2011.06.16 06:30:16 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.06.01 23:48:48 | 001,451,928 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
PRC - [2011.06.01 23:48:26 | 002,090,016 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
PRC - [2011.06.01 23:48:12 | 000,043,936 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
PRC - [2010.12.13 14:52:46 | 000,074,960 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
PRC - [2010.08.05 09:46:02 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.16 09:27:38 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.05.16 09:27:16 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe


========== Modules (SafeList) ==========

MOD - [2011.08.05 19:21:15 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Dokumenty\Stažené soubory\OTL(1).exe
MOD - [2011.06.25 17:15:13 | 000,232,968 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00094_006\midas32.dll
MOD - [2011.05.19 12:21:24 | 000,276,992 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00094_006\plugin_nt.m32
MOD - [2011.03.14 20:36:16 | 000,166,912 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00094_006\plugin_extra.m32
MOD - [2011.03.14 20:35:18 | 000,089,600 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00094_006\plugin_net.m32
MOD - [2011.03.14 20:35:00 | 000,657,408 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00094_006\plugin_fragments.m32
MOD - [2011.03.14 20:34:32 | 000,120,832 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00094_006\plugin_registry.m32
MOD - [2011.03.14 20:34:16 | 000,136,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00094_006\plugin_base.m32
MOD - [2010.08.23 18:12:33 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (nvsvc)
SRV - [2011.08.01 21:47:36 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2011.07.20 14:50:16 | 000,884,120 | ---- | M] () [Auto | Running] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe -- (WO_LiveService)
SRV - [2011.07.05 21:38:00 | 003,029,208 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.06.01 23:48:26 | 002,090,016 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- (VSSERV)
SRV - [2011.06.01 23:48:12 | 000,043,936 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe -- (Updatesrv)
SRV - [2011.05.28 23:39:56 | 000,073,600 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ezGOSvc.dll -- (ezGOSvc)
SRV - [2010.11.30 07:19:06 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2010.08.05 09:46:02 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)


========== Driver Services (SafeList) ==========

DRV - [2011.08.01 21:47:36 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2011.07.20 14:47:48 | 000,012,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerProcessMonitor32.sys -- (LiveTunerPM)
DRV - [2011.06.30 12:35:06 | 000,122,552 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys -- (bdselfpr)
DRV - [2011.06.01 23:48:49 | 000,153,440 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
DRV - [2011.06.01 23:48:17 | 000,306,320 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (Trufos)
DRV - [2011.03.24 15:36:18 | 000,353,096 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys -- (bdfsfltr)
DRV - [2011.02.24 18:41:12 | 000,073,728 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2011.02.16 15:22:48 | 000,138,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2010.11.29 14:12:20 | 001,066,232 | ---- | M] (BitDefender) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
DRV - [2010.11.29 14:12:14 | 000,535,824 | ---- | M] (BitDefender) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\avc3.sys -- (avc3)
DRV - [2010.08.20 18:41:52 | 000,126,800 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (Bdftdif)
DRV - [2010.05.13 17:02:31 | 000,012,960 | ---- | M] (BITDEFENDER LLC) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\bdrawpr.sys -- (BdRawPr)
DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009.08.13 13:51:54 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2009.08.13 13:51:53 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2009.08.13 13:51:53 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2009.08.13 13:51:53 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2009.08.13 13:51:52 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2009.06.02 18:02:46 | 005,085,184 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.10.30 21:14:20 | 000,117,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.04.14 00:14:42 | 000,020,992 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2007.10.01 12:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2006.03.26 14:22:14 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006.03.13 11:38:23 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.06.27 09:14:35 | 000,066,560 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.05.16 15:23:38 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004.05.13 15:00:04 | 000,111,808 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.05.13 13:19:36 | 000,079,488 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003.09.06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2001.10.25 16:00:00 | 000,012,032 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (WS2IFSL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss ... ffID=17981


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1606980848-2049760794-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
IE - HKU\S-1-5-21-1606980848-2049760794-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-1606980848-2049760794-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-1606980848-2049760794-839522115-500\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1606980848-2049760794-839522115-500\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1606980848-2049760794-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1606980848-2049760794-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2011.06.24 15:10:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2011.08.01 21:48:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.31 13:12:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2011.07.31 13:13:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Extensions
[2011.08.01 18:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\8qs7zrw8.default\extensions
[2011.08.01 18:40:35 | 000,000,000 | ---D | M] (Seznam lištiÄŤka) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\8qs7zrw8.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2011.07.31 13:12:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.07.31 13:12:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011.07.31 13:12:58 | 000,000,000 | ---D | M] (Seznam lištička) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
File not found (No name found) --
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\8QS7ZRW8.DEFAULT\EXTENSIONS\{EA614400-E918-4741-9A97-7A972FF7C30B}
[2011.06.24 15:10:42 | 000,000,000 | ---D | M] ("BitDefender Antiphishing Toolbar") -- C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDAPHFFEXT
[2010.12.12 23:18:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.05.17 11:21:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.06.16 06:30:16 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.09.21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2010.01.01 10:00:00 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2010.01.01 10:00:00 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2010.01.01 10:00:00 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2010.01.01 10:00:00 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2010.01.01 10:00:00 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2001.10.25 16:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (no name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bitdefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (no name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKU\S-1-5-21-1606980848-2049760794-839522115-500\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1606980848-2049760794-839522115-500\..\Toolbar\WebBrowser: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Ashampoo WinOptimizer Live-Tuner] C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\LiveTuner.exe (Ashampoo Development GmbH & Co. KG)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKU\S-1-5-21-1606980848-2049760794-839522115-500..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1606980848-2049760794-839522115-500..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1606980848-2049760794-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1606980848-2049760794-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.18 19:00:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{72e72b56-bbbf-11de-9135-001e0ba7e120}\Shell - "" = AutoRun
O33 - MountPoints2\{72e72b56-bbbf-11de-9135-001e0ba7e120}\Shell\AutoRun\command - "" = J:\LaunchU3.exe
O33 - MountPoints2\{d1b57972-5cf0-11de-8f91-001e0ba7e120}\Shell\AutoRun\command - "" = J:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.08.05 18:53:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha\ruka
[2011.08.05 18:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.08.05 18:20:24 | 000,000,000 | ---D | C] -- C:\rsit
[2011.08.05 17:28:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011.08.05 17:10:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011.08.01 23:32:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.08.01 22:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011.08.01 21:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Crawler lišta
[2011.08.01 21:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\Crawler
[2011.08.01 21:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Spyware Terminator
[2011.08.01 21:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
[2011.08.01 21:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Spyware Terminator
[2011.08.01 21:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2011.08.01 18:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\bdch
[2011.07.31 20:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\YouTube Downloader
[2011.07.31 13:13:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
[2011.07.31 13:12:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011.07.30 12:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\GARMIN
[2011.07.28 10:18:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Data aplikací\QuickScan
[2011.07.19 06:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\DVDVideoSoft
[2011.07.13 07:33:09 | 000,018,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011.07.09 21:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\microsoft
[2011.07.09 21:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Rockstar Games
[2011.07.09 21:15:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Data aplikací\SecuROM
[2011.07.09 21:11:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive
[2011.07.09 21:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2011.07.09 17:54:04 | 000,000,000 | ---D | C] -- C:\TopCD
[2011.07.09 17:54:03 | 000,413,696 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2011.07.09 17:54:02 | 000,110,592 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2011.07.09 17:17:18 | 000,000,000 | ---D | C] -- C:\Program Files\X2CZ
[2011.07.09 14:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Nabídka Start\Programy\Call of Duty
[2011.07.09 14:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\Call of Duty
[2011.07.09 13:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2011.07.09 13:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\DAEMON Tools Lite
[2011.07.09 13:08:56 | 000,000,000 | ---D | C] -- C:\samoradio
[2011.07.09 13:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Code-it Software
[2011.07.09 13:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\Code-it Software
[2009.06.22 08:04:11 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Data aplikací\pcouffin.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.08.05 19:00:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2011.08.05 18:53:14 | 000,242,144 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\ruka.rar
[2011.08.05 18:52:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.05 17:29:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.08.05 17:29:32 | 000,235,289 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011.08.05 17:29:17 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.05 17:29:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.08.05 16:57:41 | 000,444,600 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.08.05 16:57:41 | 000,441,522 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2011.08.05 16:57:41 | 000,084,178 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2011.08.05 16:57:41 | 000,072,476 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.08.05 15:54:41 | 000,000,490 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Administrator.job
[2011.08.04 22:24:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011.08.02 11:48:42 | 000,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2011.08.02 11:07:45 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.01 22:29:53 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011.08.01 22:29:53 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011.08.01 22:25:47 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011.08.01 21:50:14 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Spyware Terminator.lnk
[2011.08.01 21:47:36 | 000,142,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011.07.31 13:13:00 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
[2011.07.30 22:03:06 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.07.24 22:00:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2011.07.18 14:49:31 | 000,001,931 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Sony Ericsson PC Companion 2.0.lnk
[2011.07.16 13:15:57 | 000,001,044 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\vso_ts_preview.xml
[2011.07.13 10:25:00 | 000,247,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.07.13 07:33:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.07.09 21:36:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.07.09 17:54:03 | 000,413,696 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2011.07.09 17:54:02 | 000,110,592 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2011.07.09 14:03:50 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\Call of Duty Single Player.lnk
[2011.07.09 14:03:50 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\Call of Duty Multiplayer.lnk
[2011.07.09 14:03:48 | 000,000,761 | ---- | M] () -- C:\WINDOWS\COD.INI
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.08.05 18:53:11 | 000,242,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\ruka.rar
[2011.08.01 22:29:53 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011.08.01 22:29:53 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011.08.01 22:24:52 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011.08.01 21:50:14 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Spyware Terminator.lnk
[2011.08.01 21:47:36 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011.07.31 13:13:00 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk
[2011.07.31 13:13:00 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
[2011.07.18 14:49:31 | 000,001,931 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Sony Ericsson PC Companion 2.0.lnk
[2011.07.10 10:50:51 | 000,150,168 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2011.07.09 21:36:04 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.07.09 14:03:50 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\Call of Duty Single Player.lnk
[2011.07.09 14:03:50 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\Call of Duty Multiplayer.lnk
[2011.07.09 14:03:48 | 000,000,761 | ---- | C] () -- C:\WINDOWS\COD.INI
[2011.06.27 06:06:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\imwords.dat
[2011.06.27 06:06:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\im_markovian.dat
[2011.05.29 20:34:13 | 000,073,600 | ---- | C] () -- C:\WINDOWS\System32\ezGOSvc.dll
[2011.05.19 17:35:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\imblacklist.dat
[2011.05.19 16:19:04 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2011.05.19 12:10:17 | 000,072,833 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\bdinstall.bin
[2011.04.02 21:00:46 | 000,048,836 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.02.05 14:47:39 | 000,138,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011.02.05 14:47:39 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Data aplikací\PnkBstrK.sys
[2011.02.05 14:47:16 | 000,111,928 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011.02.05 14:47:14 | 000,682,280 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2011.02.05 14:47:14 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010.11.18 21:21:28 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2010.07.08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010.05.15 08:38:47 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Data aplikací\$_hpcst$.hpc
[2009.11.15 10:23:05 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\fusioncache.dat
[2009.09.15 10:26:09 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2009.08.03 09:14:29 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009.07.07 20:23:58 | 001,695,264 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009.07.07 20:23:58 | 000,409,632 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009.07.05 01:05:33 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.03 12:51:31 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2009.06.25 17:29:42 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.06.22 08:04:59 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\Administrator\Data aplikací\vso_ts_preview.xml
[2009.06.22 08:04:11 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Data aplikací\inst.exe
[2009.06.22 08:04:11 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Data aplikací\pcouffin.cat
[2009.06.22 08:04:11 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Data aplikací\pcouffin.inf
[2009.06.22 00:00:26 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.06.21 23:31:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.06.20 08:04:47 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009.06.18 20:39:35 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.06.18 20:38:33 | 000,247,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.06.18 20:11:48 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.06.18 20:07:33 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009.06.18 20:05:47 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.06.18 20:05:47 | 000,548,864 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009.06.18 20:05:47 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.06.18 20:05:46 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.06.18 20:05:46 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.06.18 19:01:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.06.18 18:57:38 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.06.10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.06.10 08:29:34 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009.06.10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.06.10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009.06.10 08:29:34 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009.06.10 08:29:34 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009.06.10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009.06.10 06:03:00 | 001,580,550 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007.01.31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2004.08.17 15:58:58 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.03 23:14:16 | 000,138,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\afd.sys
[2004.08.03 23:07:08 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\vga.sys
[2004.08.02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.05.13 13:19:36 | 000,079,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\prodrv06.sys
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001.10.25 16:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.10.25 16:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.10.25 16:00:00 | 000,444,600 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.10.25 16:00:00 | 000,441,522 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2001.10.25 16:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.10.25 16:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2001.10.25 16:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.10.25 16:00:00 | 000,084,178 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2001.10.25 16:00:00 | 000,072,476 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.10.25 16:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.10.25 16:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2001.10.25 16:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.10.25 16:00:00 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\ws2ifsl.sys
[2001.10.25 16:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.10.25 16:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011.04.02 11:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\BabylonToolbar
[2011.05.19 12:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\BitDefender
[2011.07.09 13:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\DAEMON Tools Lite
[2011.08.02 00:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\DVDVideoSoft
[2011.08.02 00:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\DVDVideoSoftIEHelpers
[2009.06.18 20:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ESET
[2011.07.30 12:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\GARMIN
[2011.07.18 14:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\go
[2011.03.28 00:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Opera
[2011.05.19 12:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\QuickScan
[2009.06.28 10:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Sereniti
[2011.01.04 17:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Software Informer
[2010.12.26 14:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Sony
[2011.08.05 18:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Spyware Terminator
[2010.10.24 11:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Tank Combat
[2011.07.16 13:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Vso
[2011.02.05 13:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2011.06.15 08:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\bdch
[2011.05.19 12:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\BitDefender
[2011.07.09 17:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2011.06.25 17:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Dumps
[2011.06.20 23:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Easybits GO
[2010.10.29 13:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2009.12.25 22:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Fighters
[2011.04.14 21:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\FreeApp
[2011.04.14 21:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IObit
[2010.05.22 19:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\page
[2009.06.23 12:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Simply Super Software
[2011.08.05 16:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
[2010.11.18 22:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.09.01 09:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\vsosdk
[2011.06.19 19:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.09.23 10:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.07.17 22:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011.07.28 10:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\QuickScan
[2011.05.19 12:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\QuickScan
[2011.08.04 22:24:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011.08.05 19:00:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job
[2011.07.24 22:00:00 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D1B5B4F1
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:CB0AACC9
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2

< End of report >
Nahoru
Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13399
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: zpomalený PC trojan Ex options

#2 Příspěvek od Roli »

Zdravím, stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:
Nahoru
leos65
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 05 srp 2011 16:48

Re: zpomalený PC trojan Ex options

#3 Příspěvek od leos65 »

Dobrý den -postupoval jsem dle navodu stažení Combo Fix.Program se rozbalil -nainstaloval si lištu pro zotavení a dale se pustil do vyhledavaní viru.Potud v pořadku.Po cca 6-8 min zmizel program z monitoru a nenajela tabulka s výsledkem hledání který jsem měl vám zaslat :Antivir a štíty byli vypnuty.Poté jsem prohledal Pc antivirem a Spywarem terminatorem a žadný trojan již nebyl nalezen.přesto si myslím že jsem něco udělal špatně .Mám odinstalovat Combo fix a znovu zkoušet ??Děkuji
Nahoru
leos65
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 05 srp 2011 16:48

Re: zpomalený PC trojan Ex options

#4 Příspěvek od leos65 »

Dobrý den.Takže pro jistotu jsem odinstaloval antivir i spyware terminator a program combo Fix již šlape.Posílam logy Combo Fixu. ComboFix 11-08-07.03 - Administrator 08.08.2011 15:13:42.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1479 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Data aplikací\twex.exe
c:\windows\system32\ezGOSvc.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EZGOSVC
-------\Service_ezGOSvc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-08 do 2011-08-08 )))))))))))))))))))))))))))))))
.
.
2011-08-08 13:03 . 2011-08-08 13:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-06 06:16 . 2011-08-06 06:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\!SASCORE
2011-08-05 16:20 . 2011-08-05 16:20 -------- d-----w- c:\program files\trend micro
2011-08-05 16:20 . 2011-08-05 16:21 -------- d-----w- C:\rsit
2011-08-01 21:32 . 2011-08-01 21:32 -------- d-----w- C:\_OTL
2011-08-01 20:24 . 2011-08-01 20:24 -------- d-----w- c:\program files\Lavasoft
2011-08-01 16:46 . 2011-08-01 16:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\bdch
2011-07-31 19:05 . 2011-03-17 13:49 782336 ----a-r- c:\windows\system32\tmp3A5.tmp
2011-07-31 19:04 . 2011-03-17 13:49 782336 ----a-r- c:\windows\system32\tmp3A3.tmp
2011-07-30 13:24 . 2011-07-30 13:24 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-30 10:02 . 2011-07-30 10:02 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\GARMIN
2011-07-28 08:18 . 2011-07-28 08:18 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\QuickScan
2011-07-19 04:53 . 2011-08-01 22:38 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\DVDVideoSoft
2011-07-09 19:17 . 2011-07-09 19:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Rockstar Games
2011-07-09 19:15 . 2011-07-09 19:15 -------- d--h--r- c:\documents and settings\Administrator\Data aplikací\SecuROM
2011-07-09 19:11 . 2011-07-09 19:11 -------- d-----w- c:\windows\system32\xlive
2011-07-09 19:11 . 2011-07-09 19:11 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2011-07-09 15:54 . 2011-07-09 15:54 -------- d-----w- C:\TopCD
2011-07-09 15:54 . 2011-07-09 15:54 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2011-07-09 15:54 . 2011-07-09 15:54 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2011-07-09 15:54 . 2011-03-17 13:49 782336 ----a-r- c:\windows\system32\tmp1A.tmp
2011-07-09 15:54 . 2011-03-17 13:49 782336 ----a-r- c:\windows\system32\tmp19.tmp
2011-07-09 15:17 . 2011-08-01 19:25 -------- d-----w- c:\program files\X2CZ
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-08 13:07 . 2011-05-19 10:10 414730 ----a-w- c:\documents and settings\All Users\Data aplikací\bdinstall.bin
2011-08-01 20:25 . 2011-04-13 17:48 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-07 13:20 . 2011-06-07 13:20 45056 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe1_D9316813509243FDA4C292F72F483E61.exe
2011-06-07 13:20 . 2011-06-07 13:20 45056 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe_D9316813509243FDA4C292F72F483E61.exe
2011-06-07 13:20 . 2011-06-07 13:20 40960 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GSDR.exe_D9316813509243FDA4C292F72F483E61.exe
2011-06-06 11:35 . 2004-08-17 13:44 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-28 21:39 . 2011-05-29 18:34 718208 ----a-w- c:\windows\system32\ezGOSvcApp.exe
2011-06-16 04:30 . 2011-07-31 11:12 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"H/PC Connection Agent"="c:\progra~1\MI3AA1~1\wcescomm.exe" [2006-11-13 1289000]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-06-29 432848]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Ashampoo WinOptimizer Live-Tuner"="c:\program files\Ashampoo\Ashampoo WinOptimizer 8\LiveTuner.exe" [2011-07-20 2655640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-06 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mockba to Berlin\\M2B.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Panzers1\\Run\\panzers.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Ubisoft\\SilentHunterIII\\sh3.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17.2.2010 20:25 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [29.6.2010 19:48 123264]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [23.7.2010 6:57 3029208]
R2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;c:\program files\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerProcessMonitor32.sys [21.6.2011 15:01 12696]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [18.11.2010 21:21 583640]
R2 WO_LiveService;Ashampoo LiveTuner Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe [21.6.2011 15:01 884120]
S1 MpKsl5b7cce01;MpKsl5b7cce01;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{AF856256-956E-4CB0-A7B2-FE28683FA769}\MpKsl5b7cce01.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{AF856256-956E-4CB0-A7B2-FE28683FA769}\MpKsl5b7cce01.sys [?]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21.10.2010 22:37 136176]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [23.7.2010 6:57 73728]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [21.10.2010 22:37 136176]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [25.12.2010 21:17 155344]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-21 20:36]
.
2011-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-21 20:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\8qs7zrw8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
Toolbar-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
WebBrowser-{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-OpenAL - c:\program files\OpenAL\openal.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-08 15:19
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1606980848-2049760794-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,92,0f,15,43,4e,52,42,4b,b3,8b,e0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,16,fb,c3,a4,d7,d1,4f,b7,f5,67,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,92,0f,15,43,4e,52,42,4b,b3,8b,e0,\
.
[HKEY_USERS\S-1-5-21-1606980848-2049760794-839522115-500\Software\SecuROM\License information*]
"datasecu"=hex:d6,f0,d9,8b,ca,de,6a,33,80,3e,9f,ec,57,df,44,44,de,e8,35,83,e2,
5f,2f,e0,f6,33,5b,ac,13,57,7e,99,86,15,a5,2f,b2,2f,77,5a,36,02,b2,c6,d9,f2,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(744)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(1788)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\msiexec.exe
c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
.
**************************************************************************
.
Celkový čas: 2011-08-08 15:22:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-08 13:22
.
Před spuštěním: Volných bajtů: 131 207 639 040
Po spuštění: Volných bajtů: 131 171 622 912
.
- - End Of File - - 8B19C07AF187E215108B7D48D1446505
Po opětovném spuštění programu spyware Terminator již žadný trojský kůn nenalezen .Děkuji za další instrukce
Nahoru
Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13399
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: zpomalený PC trojan Ex options

#5 Příspěvek od Roli »

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

File::
c:\windows\system32\FlashPlayerCPLApp.cpl  
c:\windows\system32\tmp3A5.tmp
c:\windows\system32\tmp3A3.tmp
c:\windows\system32\ConduitEngine.tmp
c:\windows\system32\tmp1A.tmp
c:\windows\system32\tmp19.tmp
c:\windows\system32\ezGOSvcApp.exe
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:

Obrázek

Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:
Nahoru
leos65
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 05 srp 2011 16:48

Re: zpomalený PC trojan Ex options

#6 Příspěvek od leos65 »

Dobrý den .Posílám další logy po předchozí domluvě.ComboFix 11-08-08.03 - Administrator 09.08.2011 11:12:33.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1428 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
.
FILE ::
"c:\windows\system32\ConduitEngine.tmp"
"c:\windows\system32\ezGOSvcApp.exe"
"c:\windows\system32\FlashPlayerCPLApp.cpl"
"c:\windows\system32\tmp19.tmp"
"c:\windows\system32\tmp1A.tmp"
"c:\windows\system32\tmp3A3.tmp"
"c:\windows\system32\tmp3A5.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\ConduitEngine.tmp
c:\windows\system32\ezGOSvcApp.exe
c:\windows\system32\FlashPlayerCPLApp.cpl
c:\windows\system32\tmp19.tmp
c:\windows\system32\tmp1A.tmp
c:\windows\system32\tmp3A3.tmp
c:\windows\system32\tmp3A5.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-09 do 2011-08-09 )))))))))))))))))))))))))))))))
.
.
2011-08-08 13:44 . 2011-08-09 08:43 -------- d-----w- c:\program files\WinClamAVShield
2011-08-08 13:42 . 2011-08-08 13:42 -------- d-----w- c:\program files\Crawler
2011-08-08 13:41 . 2011-08-09 09:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2011-08-08 13:41 . 2011-08-09 08:46 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Spyware Terminator
2011-08-08 13:41 . 2011-08-08 13:41 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-08-08 13:41 . 2011-08-08 13:52 -------- d-----w- c:\program files\Spyware Terminator
2011-08-06 06:16 . 2011-08-06 06:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\!SASCORE
2011-08-05 16:20 . 2011-08-05 16:20 -------- d-----w- c:\program files\trend micro
2011-08-05 16:20 . 2011-08-05 16:21 -------- d-----w- C:\rsit
2011-08-01 21:32 . 2011-08-01 21:32 -------- d-----w- C:\_OTL
2011-08-01 20:24 . 2011-08-01 20:24 -------- d-----w- c:\program files\Lavasoft
2011-08-01 16:46 . 2011-08-01 16:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\bdch
2011-07-30 10:02 . 2011-07-30 10:02 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\GARMIN
2011-07-28 08:18 . 2011-07-28 08:18 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\QuickScan
2011-07-19 04:53 . 2011-08-01 22:38 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\DVDVideoSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-08 15:00 . 2011-05-19 10:10 988391 ----a-w- c:\documents and settings\All Users\Data aplikací\bdinstall.bin
2011-08-01 20:25 . 2011-04-13 17:48 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-09 15:54 . 2011-07-09 15:54 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2011-07-09 15:54 . 2011-07-09 15:54 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2011-06-07 13:20 . 2011-06-07 13:20 45056 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe1_D9316813509243FDA4C292F72F483E61.exe
2011-06-07 13:20 . 2011-06-07 13:20 45056 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe_D9316813509243FDA4C292F72F483E61.exe
2011-06-07 13:20 . 2011-06-07 13:20 40960 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GSDR.exe_D9316813509243FDA4C292F72F483E61.exe
2011-06-06 11:35 . 2004-08-17 13:44 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-16 04:30 . 2011-07-31 11:12 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-08_13.19.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-09 09:17 . 2011-08-09 09:17 16384 c:\windows\Temp\Perflib_Perfdata_690.dat
+ 2010-06-21 09:02 . 2011-08-08 13:22 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2010-06-21 09:02 . 2011-07-13 05:33 23040 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2010-06-21 09:02 . 2011-08-08 13:22 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2010-06-21 09:02 . 2011-07-13 05:33 61440 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2010-06-21 09:02 . 2011-07-13 05:33 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2010-06-21 09:02 . 2011-08-08 13:22 27136 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2010-06-21 09:02 . 2011-07-13 05:33 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2010-06-21 09:02 . 2011-08-08 13:22 11264 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2010-06-21 09:02 . 2011-08-08 13:22 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2010-06-21 09:02 . 2011-07-13 05:33 86016 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2010-06-21 09:02 . 2011-08-08 13:22 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2010-06-21 09:02 . 2011-07-13 05:33 12288 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-09-23 03:47 . 2010-09-23 03:47 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\reader_sl.exe
+ 2010-09-23 02:03 . 2010-09-23 02:03 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\eula.exe
+ 2010-09-20 22:07 . 2010-09-20 22:07 70584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobeextractfiles.dll
+ 2010-09-23 01:52 . 2010-09-23 01:52 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrotextextractor.exe
+ 2010-09-22 17:12 . 2010-09-22 17:12 15800 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32Info.exe
- 2010-06-21 09:02 . 2011-07-13 05:33 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-06-21 09:02 . 2011-08-08 13:22 4096 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2010-06-21 09:02 . 2011-07-13 05:33 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2010-06-21 09:02 . 2011-08-08 13:22 409600 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2010-06-21 09:02 . 2011-08-08 13:22 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2010-06-21 09:02 . 2011-07-13 05:33 286720 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2010-06-21 09:02 . 2011-07-13 05:33 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2010-06-21 09:02 . 2011-08-08 13:22 249856 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2010-06-21 09:02 . 2011-07-13 05:33 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2010-06-21 09:02 . 2011-08-08 13:22 794624 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2010-06-21 09:02 . 2011-07-13 05:33 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2010-06-21 09:02 . 2011-08-08 13:22 135168 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2010-06-21 09:02 . 2011-07-13 05:33 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-06-21 09:02 . 2011-08-08 13:22 593920 c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-09-20 22:07 . 2010-09-20 22:07 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\readerupdater.exe
+ 2010-09-10 17:17 . 2010-09-10 17:17 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\JP2KLib.dll
+ 2010-09-22 19:41 . 2010-09-22 19:41 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AdobeCollabSync.exe
+ 2010-09-20 22:07 . 2010-09-20 22:07 932288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobearm.exe
+ 2010-09-23 03:47 . 2010-09-23 03:47 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32.exe
+ 2010-09-22 17:04 . 2010-09-22 17:04 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroPDF.dll
+ 2010-09-22 18:39 . 2010-09-22 18:39 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobroker.exe
+ 2010-09-20 22:07 . 2010-09-20 22:07 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobatupdater.exe
+ 2010-09-22 17:50 . 2010-09-22 17:50 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\a3dutility.exe
+ 2011-05-17 16:28 . 2011-05-17 16:28 6862848 c:\windows\Installer\32929.msp
+ 2010-09-22 17:05 . 2010-09-22 17:05 2405784 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\rt3d.dll
+ 2010-06-19 16:51 . 2010-06-19 16:51 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AGM.dll
+ 2011-01-31 10:45 . 2011-01-31 10:45 11135488 c:\windows\Installer\376295.msp
+ 2011-06-08 04:39 . 2011-06-08 04:39 19798016 c:\windows\Installer\376294.msp
+ 2011-02-24 07:38 . 2011-02-24 07:38 10984448 c:\windows\Installer\3293f.msp
+ 2010-09-23 02:03 . 2010-09-23 02:03 20460984 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"H/PC Connection Agent"="c:\progra~1\MI3AA1~1\wcescomm.exe" [2006-11-13 1289000]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-06-29 432848]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-08-08 3037696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Ashampoo WinOptimizer Live-Tuner"="c:\program files\Ashampoo\Ashampoo WinOptimizer 8\LiveTuner.exe" [2011-07-20 2655640]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2011-08-08 2183680]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-06 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mockba to Berlin\\M2B.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Panzers1\\Run\\panzers.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Ubisoft\\SilentHunterIII\\sh3.exe"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17.2.2010 20:25 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67664]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8.8.2011 15:41 142592]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [29.6.2010 19:48 123264]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [23.7.2010 6:57 3029208]
R2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;c:\program files\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerProcessMonitor32.sys [21.6.2011 15:01 12696]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [18.11.2010 21:21 583640]
R2 WO_LiveService;Ashampoo LiveTuner Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe [21.6.2011 15:01 884120]
S1 MpKsl5b7cce01;MpKsl5b7cce01;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{AF856256-956E-4CB0-A7B2-FE28683FA769}\MpKsl5b7cce01.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{AF856256-956E-4CB0-A7B2-FE28683FA769}\MpKsl5b7cce01.sys [?]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21.10.2010 22:37 136176]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [23.7.2010 6:57 73728]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [21.10.2010 22:37 136176]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [25.12.2010 21:17 155344]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-21 20:36]
.
2011-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-21 20:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60076
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\8qs7zrw8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-09 11:18
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1606980848-2049760794-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,92,0f,15,43,4e,52,42,4b,b3,8b,e0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,16,fb,c3,a4,d7,d1,4f,b7,f5,67,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,92,0f,15,43,4e,52,42,4b,b3,8b,e0,\
.
[HKEY_USERS\S-1-5-21-1606980848-2049760794-839522115-500\Software\SecuROM\License information*]
"datasecu"=hex:d6,f0,d9,8b,ca,de,6a,33,80,3e,9f,ec,57,df,44,44,de,e8,35,83,e2,
5f,2f,e0,f6,33,5b,ac,13,57,7e,99,86,15,a5,2f,b2,2f,77,5a,36,02,b2,c6,d9,f2,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(744)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(2676)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-08-09 11:21:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-09 09:21
ComboFix2.txt 2011-08-08 13:22
.
Před spuštěním: Volných bajtů: 129 995 603 968
Po spuštění: Volných bajtů: 130 228 117 504
.
- - End Of File - - 0727232B10309E50095AD77B215AE5B4
Děkuji
Nahoru
Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13399
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: zpomalený PC trojan Ex options

#7 Příspěvek od Roli »

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Poslední věc, pokud máš nainstalován WinClamAVShield tak ho přes

Start >> Ovládací panely >> Přidat nebo odebrat odinstaluj,

pokud nee, smaž :

c:\program files\WinClamAVShield.


No a jestli není s PC již žádný problém je to z mé strany vše.
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“