Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
NOD hlásí, neléčí, nemaže, zpomalení počítače
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
NOD hlásí, neléčí, nemaže, zpomalení počítače
Dobrý den, Nodík mi hlásí infiltrace, ale nemůže je vyléčit ani smazat.
Zde je log z HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:12, on 9.1.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.3.0.4160\NPIEAddOn.dll
O2 - BHO: PremiereAdvertisingPlatform - {547395D9-934A-CED6-B851-F238C86079E5} - C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ExcellentAdDisplay - {F31C8969-83E7-A513-2E11-CB6D1837C2CB} - C:\Program Files\ExcellentAdDisplay\ExcellentAdDisplay.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
--
End of file - 7175 bytes
Snad jsem sem hodil to co potřebujete, předem děkuji
Zde je log z HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:12, on 9.1.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.3.0.4160\NPIEAddOn.dll
O2 - BHO: PremiereAdvertisingPlatform - {547395D9-934A-CED6-B851-F238C86079E5} - C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ExcellentAdDisplay - {F31C8969-83E7-A513-2E11-CB6D1837C2CB} - C:\Program Files\ExcellentAdDisplay\ExcellentAdDisplay.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
--
End of file - 7175 bytes
Snad jsem sem hodil to co potřebujete, předem děkuji
Re: NOD hlásí, neléčí, nemaže, zpomalení počítače
Hezké odpoledne
Co konkrétně hlásí? V jakém souboru?
Poprosím o log ze Rsitu, viz můj podpis
Co konkrétně hlásí? V jakém souboru?
Poprosím o log ze Rsitu, viz můj podpis
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: NOD hlásí, neléčí, nemaže, zpomalení počítače
Objekt: ExcellentAdDisplay.dll
Infiltrace: TrojanClicker.Agent
Objekt: adwpx.exe
Infiltrace: Adware.DoubleD.AC aplikace
a nějaké další adwary, poprve hlasil těch trojanu vic, po restartu už jen tohodle
LOG z Rsitu:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Michal a Radim at 2010-01-09 14:07:01
Microsoft® Windows Vista™ Ultimate
System drive C: has 9 GB (7%) free of 131 GB
Total RAM: 2046 MB (41% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:07:09, on 9.1.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Opera\opera.exe
C:\Users\Michal a Radim\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Michal a Radim.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.3.0.4160\NPIEAddOn.dll
O2 - BHO: PremiereAdvertisingPlatform - {547395D9-934A-CED6-B851-F238C86079E5} - C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ExcellentAdDisplay - {F31C8969-83E7-A513-2E11-CB6D1837C2CB} - C:\Program Files\ExcellentAdDisplay\ExcellentAdDisplay.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
--
End of file - 7294 bytes
======Scheduled tasks folder======
C:\Windows\tasks\AutoSmartDefrag.job
C:\Windows\tasks\SmartDefrag.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35B8D58C-B0CB-46b0-BA64-05B3804E4E86}]
NP Helper Class - C:\Program Files\Internet Saving Optimizer\3.3.0.4160\NPIEAddOn.dll [2009-06-03 196608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{547395D9-934A-CED6-B851-F238C86079E5}]
PremiereAdvertisingPlatform - C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll [2009-07-16 156160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-05-28 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D}]
System Search Dispatcher
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-28 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F31C8969-83E7-A513-2E11-CB6D1837C2CB}]
ExcellentAdDisplay - C:\Program Files\ExcellentAdDisplay\ExcellentAdDisplay.dll [2009-04-25 155136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe [2006-07-27 3142236]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-28 148888]
"WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2007-05-15 204800]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"NeroCheck"=C:\Windows\system32\NeroCheck.exe [2001-07-09 155648]
"RemoteControl8"=C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
"PDVD8LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2008-03-21 91432]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-06-10 1447168]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=c:\program files\steam\steam.exe [2009-11-30 1217808]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
"PlayNC Launcher"= []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe [2006-07-27 3142236]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac370e67-4cfd-11dd-96f0-000854394491}]
shell\AutoRun\command - Z:\autorun.exe
shell\directx\command - Z:\DirectX9\dxsetup.exe
shell\setup\command - Z:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5970f60-2807-11de-8262-000854394491}]
shell\AutoRun\command - E:\autorun.exe -auto
======List of files/folders created in the last 1 months======
2010-01-09 14:07:01 ----D---- C:\rsit
2009-12-27 17:55:48 ----D---- C:\ProgramData\Blizzard Entertainment
2009-12-27 14:28:01 ----D---- C:\ProgramData\Blizzard
2009-12-26 12:27:45 ----A---- C:\Windows\cdplayer.ini
2009-12-26 12:27:15 ----D---- C:\Program Files\Feurio
2009-12-22 18:54:52 ----D---- C:\Program Files\Heroes of Newerth
2009-12-21 14:47:26 ----D---- C:\ATI
2009-12-20 12:38:20 ----D---- C:\ProgramData\BioWare
2009-12-20 11:55:46 ----D---- C:\Windows\1C4551A64743409391E41477CD655043.TMP
2009-12-20 11:55:40 ----D---- C:\ProgramData\Media Center Programs
2009-12-20 10:45:49 ----A---- C:\Windows\system32\d3dx10_41.dll
2009-12-20 10:45:49 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2009-12-20 10:45:47 ----A---- C:\Windows\system32\D3DX9_41.dll
2009-12-20 10:45:46 ----A---- C:\Windows\system32\XAudio2_4.dll
2009-12-20 10:45:46 ----A---- C:\Windows\system32\xactengine3_4.dll
2009-12-20 10:45:46 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2009-12-20 10:45:43 ----A---- C:\Windows\system32\d3dx10_40.dll
2009-12-20 10:45:43 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2009-12-20 10:45:39 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-12-20 10:36:48 ----D---- C:\Windows\system32\AGEIA
2009-12-20 10:36:47 ----D---- C:\Program Files\AGEIA Technologies
2009-12-19 11:21:24 ----D---- C:\Program Files\Creative
2009-12-19 11:21:24 ----A---- C:\Windows\system32\eax.dll
2009-12-19 11:21:22 ----RA---- C:\Windows\system32\MafiaSetup.exe
2009-12-19 10:48:07 ----D---- C:\Program Files\Mafia
2009-12-19 10:47:58 ----RA---- C:\Users\Michal a Radim\AppData\Roaming\MafiaSetup.exe
2009-12-17 22:35:30 ----D---- C:\Program Files\softendo.com
2009-12-17 22:32:51 ----D---- C:\Program Files\Banesoft
2009-12-16 23:10:13 ----D---- C:\ProgramData\WinZip
2009-12-16 23:10:06 ----D---- C:\Program Files\WinZip
2009-12-15 19:10:37 ----D---- C:\Program Files\PremiereAdvertisingPlatform
2009-12-15 19:10:37 ----D---- C:\Program Files\PlayMP3z
======List of files/folders modified in the last 1 months======
2010-01-09 14:07:06 ----D---- C:\Windows\temp
2010-01-09 12:46:56 ----SHD---- C:\System Volume Information
2010-01-09 12:41:03 ----D---- C:\Program Files\Steam
2010-01-09 12:26:12 ----D---- C:\Users\Michal a Radim\AppData\Roaming\Mumble
2010-01-09 11:31:43 ----D---- C:\Windows\Prefetch
2009-12-30 16:19:56 ----D---- C:\Program Files\Common Files\Steam
2009-12-30 14:57:35 ----D---- C:\Program Files\Mozilla Firefox
2009-12-29 22:44:09 ----D---- C:\Windows\system32\catroot2
2009-12-28 14:57:16 ----D---- C:\Program Files\Mumble
2009-12-28 14:57:14 ----D---- C:\Windows\winsxs
2009-12-27 18:57:27 ----D---- C:\Windows
2009-12-27 18:55:06 ----HD---- C:\ProgramData
2009-12-27 15:48:02 ----D---- C:\Program Files\World of Warcraft
2009-12-27 14:27:28 ----RD---- C:\Program Files
2009-12-27 14:27:28 ----D---- C:\Program Files\Common Files
2009-12-26 19:33:27 ----SHD---- C:\Windows\Installer
2009-12-26 19:33:26 ----HD---- C:\Config.Msi
2009-12-26 12:37:04 ----D---- C:\Temp
2009-12-23 18:14:37 ----D---- C:\ProgramData\TrackMania
2009-12-21 15:26:39 ----D---- C:\Windows\System32
2009-12-21 14:49:34 ----D---- C:\Windows\system32\drivers
2009-12-21 14:49:19 ----D---- C:\Windows\system32\catroot
2009-12-21 14:49:18 ----D---- C:\Windows\inf
2009-12-20 17:37:23 ----RSD---- C:\Windows\assembly
2009-12-20 11:55:44 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-12-20 10:45:50 ----D---- C:\Program Files\Electronic Arts
2009-12-20 10:33:17 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-20 10:31:26 ----D---- C:\Users\Michal a Radim\AppData\Roaming\uTorrent
2009-12-15 19:10:37 ----D---- C:\Program Files\Windows Media Player
2009-12-15 19:02:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Amfilter;A4Tech Mouse Filter Driver; C:\Windows\system32\DRIVERS\Amfilter.sys [2007-05-14 9216]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2006-11-02 319488]
R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2008-06-10 53256]
R1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-08-12 5632]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-02-01 41456]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-07-19 281760]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2008-06-10 39944]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-07-19 25888]
R2 RMCAST;Ovladač protokolu RMCAST (Pgm); C:\Windows\system32\DRIVERS\RMCAST.sys [2006-11-02 113664]
R3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\Windows\system32\DRIVERS\Amusbprt.sys [2007-05-14 14336]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-11-25 5143552]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-12-22 25280]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
S3 awt6j2fj;awt6j2fj; C:\Windows\system32\drivers\awt6j2fj.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-11-25 172032]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-06-10 468224]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-08-17 75064]
R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-01-28 185640]
R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-12-29 321320]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-06-10 19200]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2006-11-02 521216]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-19 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2006-11-02 562176]
-----------------EOF-----------------
Infiltrace: TrojanClicker.Agent
Objekt: adwpx.exe
Infiltrace: Adware.DoubleD.AC aplikace
a nějaké další adwary, poprve hlasil těch trojanu vic, po restartu už jen tohodle
LOG z Rsitu:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Michal a Radim at 2010-01-09 14:07:01
Microsoft® Windows Vista™ Ultimate
System drive C: has 9 GB (7%) free of 131 GB
Total RAM: 2046 MB (41% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:07:09, on 9.1.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Opera\opera.exe
C:\Users\Michal a Radim\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Michal a Radim.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.3.0.4160\NPIEAddOn.dll
O2 - BHO: PremiereAdvertisingPlatform - {547395D9-934A-CED6-B851-F238C86079E5} - C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ExcellentAdDisplay - {F31C8969-83E7-A513-2E11-CB6D1837C2CB} - C:\Program Files\ExcellentAdDisplay\ExcellentAdDisplay.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
--
End of file - 7294 bytes
======Scheduled tasks folder======
C:\Windows\tasks\AutoSmartDefrag.job
C:\Windows\tasks\SmartDefrag.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35B8D58C-B0CB-46b0-BA64-05B3804E4E86}]
NP Helper Class - C:\Program Files\Internet Saving Optimizer\3.3.0.4160\NPIEAddOn.dll [2009-06-03 196608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{547395D9-934A-CED6-B851-F238C86079E5}]
PremiereAdvertisingPlatform - C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll [2009-07-16 156160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-05-28 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D}]
System Search Dispatcher
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-28 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F31C8969-83E7-A513-2E11-CB6D1837C2CB}]
ExcellentAdDisplay - C:\Program Files\ExcellentAdDisplay\ExcellentAdDisplay.dll [2009-04-25 155136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe [2006-07-27 3142236]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-28 148888]
"WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2007-05-15 204800]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"NeroCheck"=C:\Windows\system32\NeroCheck.exe [2001-07-09 155648]
"RemoteControl8"=C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
"PDVD8LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2008-03-21 91432]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-06-10 1447168]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=c:\program files\steam\steam.exe [2009-11-30 1217808]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
"PlayNC Launcher"= []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe [2006-07-27 3142236]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac370e67-4cfd-11dd-96f0-000854394491}]
shell\AutoRun\command - Z:\autorun.exe
shell\directx\command - Z:\DirectX9\dxsetup.exe
shell\setup\command - Z:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5970f60-2807-11de-8262-000854394491}]
shell\AutoRun\command - E:\autorun.exe -auto
======List of files/folders created in the last 1 months======
2010-01-09 14:07:01 ----D---- C:\rsit
2009-12-27 17:55:48 ----D---- C:\ProgramData\Blizzard Entertainment
2009-12-27 14:28:01 ----D---- C:\ProgramData\Blizzard
2009-12-26 12:27:45 ----A---- C:\Windows\cdplayer.ini
2009-12-26 12:27:15 ----D---- C:\Program Files\Feurio
2009-12-22 18:54:52 ----D---- C:\Program Files\Heroes of Newerth
2009-12-21 14:47:26 ----D---- C:\ATI
2009-12-20 12:38:20 ----D---- C:\ProgramData\BioWare
2009-12-20 11:55:46 ----D---- C:\Windows\1C4551A64743409391E41477CD655043.TMP
2009-12-20 11:55:40 ----D---- C:\ProgramData\Media Center Programs
2009-12-20 10:45:49 ----A---- C:\Windows\system32\d3dx10_41.dll
2009-12-20 10:45:49 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2009-12-20 10:45:47 ----A---- C:\Windows\system32\D3DX9_41.dll
2009-12-20 10:45:46 ----A---- C:\Windows\system32\XAudio2_4.dll
2009-12-20 10:45:46 ----A---- C:\Windows\system32\xactengine3_4.dll
2009-12-20 10:45:46 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2009-12-20 10:45:43 ----A---- C:\Windows\system32\d3dx10_40.dll
2009-12-20 10:45:43 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2009-12-20 10:45:39 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-12-20 10:36:48 ----D---- C:\Windows\system32\AGEIA
2009-12-20 10:36:47 ----D---- C:\Program Files\AGEIA Technologies
2009-12-19 11:21:24 ----D---- C:\Program Files\Creative
2009-12-19 11:21:24 ----A---- C:\Windows\system32\eax.dll
2009-12-19 11:21:22 ----RA---- C:\Windows\system32\MafiaSetup.exe
2009-12-19 10:48:07 ----D---- C:\Program Files\Mafia
2009-12-19 10:47:58 ----RA---- C:\Users\Michal a Radim\AppData\Roaming\MafiaSetup.exe
2009-12-17 22:35:30 ----D---- C:\Program Files\softendo.com
2009-12-17 22:32:51 ----D---- C:\Program Files\Banesoft
2009-12-16 23:10:13 ----D---- C:\ProgramData\WinZip
2009-12-16 23:10:06 ----D---- C:\Program Files\WinZip
2009-12-15 19:10:37 ----D---- C:\Program Files\PremiereAdvertisingPlatform
2009-12-15 19:10:37 ----D---- C:\Program Files\PlayMP3z
======List of files/folders modified in the last 1 months======
2010-01-09 14:07:06 ----D---- C:\Windows\temp
2010-01-09 12:46:56 ----SHD---- C:\System Volume Information
2010-01-09 12:41:03 ----D---- C:\Program Files\Steam
2010-01-09 12:26:12 ----D---- C:\Users\Michal a Radim\AppData\Roaming\Mumble
2010-01-09 11:31:43 ----D---- C:\Windows\Prefetch
2009-12-30 16:19:56 ----D---- C:\Program Files\Common Files\Steam
2009-12-30 14:57:35 ----D---- C:\Program Files\Mozilla Firefox
2009-12-29 22:44:09 ----D---- C:\Windows\system32\catroot2
2009-12-28 14:57:16 ----D---- C:\Program Files\Mumble
2009-12-28 14:57:14 ----D---- C:\Windows\winsxs
2009-12-27 18:57:27 ----D---- C:\Windows
2009-12-27 18:55:06 ----HD---- C:\ProgramData
2009-12-27 15:48:02 ----D---- C:\Program Files\World of Warcraft
2009-12-27 14:27:28 ----RD---- C:\Program Files
2009-12-27 14:27:28 ----D---- C:\Program Files\Common Files
2009-12-26 19:33:27 ----SHD---- C:\Windows\Installer
2009-12-26 19:33:26 ----HD---- C:\Config.Msi
2009-12-26 12:37:04 ----D---- C:\Temp
2009-12-23 18:14:37 ----D---- C:\ProgramData\TrackMania
2009-12-21 15:26:39 ----D---- C:\Windows\System32
2009-12-21 14:49:34 ----D---- C:\Windows\system32\drivers
2009-12-21 14:49:19 ----D---- C:\Windows\system32\catroot
2009-12-21 14:49:18 ----D---- C:\Windows\inf
2009-12-20 17:37:23 ----RSD---- C:\Windows\assembly
2009-12-20 11:55:44 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-12-20 10:45:50 ----D---- C:\Program Files\Electronic Arts
2009-12-20 10:33:17 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-20 10:31:26 ----D---- C:\Users\Michal a Radim\AppData\Roaming\uTorrent
2009-12-15 19:10:37 ----D---- C:\Program Files\Windows Media Player
2009-12-15 19:02:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Amfilter;A4Tech Mouse Filter Driver; C:\Windows\system32\DRIVERS\Amfilter.sys [2007-05-14 9216]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2006-11-02 319488]
R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2008-06-10 53256]
R1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-08-12 5632]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-02-01 41456]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-07-19 281760]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2008-06-10 39944]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-07-19 25888]
R2 RMCAST;Ovladač protokolu RMCAST (Pgm); C:\Windows\system32\DRIVERS\RMCAST.sys [2006-11-02 113664]
R3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\Windows\system32\DRIVERS\Amusbprt.sys [2007-05-14 14336]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-11-25 5143552]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-12-22 25280]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
S3 awt6j2fj;awt6j2fj; C:\Windows\system32\drivers\awt6j2fj.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-11-25 172032]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-06-10 468224]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-08-17 75064]
R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-01-28 185640]
R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-12-29 321320]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-06-10 19200]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2006-11-02 521216]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-19 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2006-11-02 562176]
-----------------EOF-----------------
Re: NOD hlásí, neléčí, nemaže, zpomalení počítače
Co je jednotka Z?
Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: NOD hlásí, neléčí, nemaže, zpomalení počítače
Pokud to myslíte, jako třeba jednotku C, tak nic takového tu nemám a nechci mít.
LOG z MBAMu:
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3510
Windows 6.0.6000
Internet Explorer 7.0.6000.16386
9.1.2010 21:02:22
mbam-log-2010-01-09 (21-02-19).txt
Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 298953
Uplynulý čas: 1 hour(s), 43 minute(s), 49 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 44
Infikované hodnoty registru: 2
Infikované datové položky registru: 0
Infikované adresáře: 22
Infikované soubory: 42
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_CLASSES_ROOT\excellentaddisplay.excellentaddisplay (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{26f1dc82-56ea-6fb6-89af-b039d3cb9ed9} (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2c8d7294-4f74-4147-277d-3fff39e6eacb} (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f31c8969-83e7-a513-2e11-cb6d1837c2cb} (Adware.PlayMP3z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f31c8969-83e7-a513-2e11-cb6d1837c2cb} (Adware.PlayMP3z) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f31c8969-83e7-a513-2e11-cb6d1837c2cb} (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\excellentaddisplay.excellentaddisplay.1 (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\premiereadvertisingplatform.premiereadvertisingplatform (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{338bfb9a-ea66-7554-fb44-df75ba3936ac} (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1cac32c4-1d91-9430-9efd-947861eb3b39} (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{547395d9-934a-ced6-b851-f238c86079e5} (Adware.PlayMP3z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{547395d9-934a-ced6-b851-f238c86079e5} (Adware.PlayMP3z) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{547395d9-934a-ced6-b851-f238c86079e5} (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\premiereadvertisingplatform.premiereadvertisingplatform.1 (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\AppID\ExcellentAdDisplay.dll (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\PremiereAdvertisingPlatform.dll (Adware.PlayMP3z) -> No action taken.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ExcellentAdDisplay (Adware.PlayMP3z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\PremiereAdvertisingPlatform (Adware.PlayMP3z) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ExcellentAdDisplay (Adware.PlayMP3z) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PLayMP3z) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PremiereAdvertisingPlatform (Adware.PlayMP3z) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> No action taken.
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
C:\Program Files\DoubleD (Adware.DoubleD) -> No action taken.
C:\Program Files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160 (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\Data (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\chrome (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\chrome\content (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790 (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\Data (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome\content (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\PlayMP3z (Adware.PLayMP3z) -> No action taken.
C:\Program Files\PremiereAdvertisingPlatform (Adware.PlayMP3z) -> No action taken.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750 (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data (Adware.DoubleD) -> No action taken.
C:\Users\Michal a Radim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PLayMP3z) -> No action taken.
Infikované soubory:
C:\Program Files\ExcellentAdDisplay\ExcellentAdDisplay.dll (Adware.PlayMP3z) -> No action taken.
C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll (Adware.PlayMP3z) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\NPIEAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.PlayMP3z) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\HPIEAddOn.dll (Trojan.Downloader) -> No action taken.
C:\Users\Michal a Radim\AppData\Roaming\mIRC\bin\dll\SysTray.dll (Backdoor.Bot) -> No action taken.
C:\Windows\Crack\Crack.exe (Worm.VB) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\adwpx.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\NPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\Data\config.md (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\install.rdf (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\HPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\hppx.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\MAHelper.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\Data\config.md (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\install.rdf (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> No action taken.
C:\Program Files\PremiereAdvertisingPlatform\uninstall.exe (Adware.PlayMP3z) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\eacore.mx (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLDynamic.mx (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLStatic.mx (Adware.DoubleD) -> No action taken.
C:\Users\Michal a Radim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.pif (Adware.PLayMP3z) -> No action taken.
LOG z MBAMu:
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3510
Windows 6.0.6000
Internet Explorer 7.0.6000.16386
9.1.2010 21:02:22
mbam-log-2010-01-09 (21-02-19).txt
Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 298953
Uplynulý čas: 1 hour(s), 43 minute(s), 49 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 44
Infikované hodnoty registru: 2
Infikované datové položky registru: 0
Infikované adresáře: 22
Infikované soubory: 42
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_CLASSES_ROOT\excellentaddisplay.excellentaddisplay (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{26f1dc82-56ea-6fb6-89af-b039d3cb9ed9} (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2c8d7294-4f74-4147-277d-3fff39e6eacb} (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f31c8969-83e7-a513-2e11-cb6d1837c2cb} (Adware.PlayMP3z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f31c8969-83e7-a513-2e11-cb6d1837c2cb} (Adware.PlayMP3z) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f31c8969-83e7-a513-2e11-cb6d1837c2cb} (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\excellentaddisplay.excellentaddisplay.1 (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\premiereadvertisingplatform.premiereadvertisingplatform (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{338bfb9a-ea66-7554-fb44-df75ba3936ac} (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1cac32c4-1d91-9430-9efd-947861eb3b39} (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{547395d9-934a-ced6-b851-f238c86079e5} (Adware.PlayMP3z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{547395d9-934a-ced6-b851-f238c86079e5} (Adware.PlayMP3z) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{547395d9-934a-ced6-b851-f238c86079e5} (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\premiereadvertisingplatform.premiereadvertisingplatform.1 (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\AppID\ExcellentAdDisplay.dll (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\PremiereAdvertisingPlatform.dll (Adware.PlayMP3z) -> No action taken.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ExcellentAdDisplay (Adware.PlayMP3z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\PremiereAdvertisingPlatform (Adware.PlayMP3z) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ExcellentAdDisplay (Adware.PlayMP3z) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PLayMP3z) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PremiereAdvertisingPlatform (Adware.PlayMP3z) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> No action taken.
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
C:\Program Files\DoubleD (Adware.DoubleD) -> No action taken.
C:\Program Files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160 (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\Data (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\chrome (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\chrome\content (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790 (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\Data (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome\content (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\PlayMP3z (Adware.PLayMP3z) -> No action taken.
C:\Program Files\PremiereAdvertisingPlatform (Adware.PlayMP3z) -> No action taken.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750 (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data (Adware.DoubleD) -> No action taken.
C:\Users\Michal a Radim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PLayMP3z) -> No action taken.
Infikované soubory:
C:\Program Files\ExcellentAdDisplay\ExcellentAdDisplay.dll (Adware.PlayMP3z) -> No action taken.
C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll (Adware.PlayMP3z) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\NPIEAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.PlayMP3z) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\HPIEAddOn.dll (Trojan.Downloader) -> No action taken.
C:\Users\Michal a Radim\AppData\Roaming\mIRC\bin\dll\SysTray.dll (Backdoor.Bot) -> No action taken.
C:\Windows\Crack\Crack.exe (Worm.VB) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\adwpx.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\NPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\Data\config.md (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\install.rdf (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\HPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\hppx.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\MAHelper.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\Data\config.md (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\install.rdf (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> No action taken.
C:\Program Files\PremiereAdvertisingPlatform\uninstall.exe (Adware.PlayMP3z) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\eacore.mx (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLDynamic.mx (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLStatic.mx (Adware.DoubleD) -> No action taken.
C:\Users\Michal a Radim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.pif (Adware.PLayMP3z) -> No action taken.
Re: NOD hlásí, neléčí, nemaže, zpomalení počítače
Co našel mbam, smažte
Myslím tím, jestli používáte pamět. karty, usb disky, externí disk...když kliknete na tento počítač, tak je vypsané co je které písmeno.
Mě zajímá co je tohle
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac370e67-4cfd-11dd-96f0-000854394491}]
shell\AutoRun\command - Z:\autorun.exe
shell\directx\command - Z:\DirectX9\dxsetup.exe
shell\setup\command - Z:\setup.exe
Myslím tím, jestli používáte pamět. karty, usb disky, externí disk...když kliknete na tento počítač, tak je vypsané co je které písmeno.
Mě zajímá co je tohle
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac370e67-4cfd-11dd-96f0-000854394491}]
shell\AutoRun\command - Z:\autorun.exe
shell\directx\command - Z:\DirectX9\dxsetup.exe
shell\setup\command - Z:\setup.exe
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: NOD hlásí, neléčí, nemaže, zpomalení počítače
Všechno jsem smazal a počítač zatím vypadá v pořádku. O té jednotce Z opravdu nic nevím, nic takového v počítači zapojeného nemám.
Re: NOD hlásí, neléčí, nemaže, zpomalení počítače
Pro jistotu
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: NOD hlásí, neléčí, nemaže, zpomalení počítače
ComboFix 10-01-04.01 - Michal a Radim 10.01.2010 18:04:24.3.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1250.420.1029.18.2046.1119 [GMT 1:00]
Spuštěný z: c:\users\Michal a Radim\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
c:\program files\ExcellentAdDisplay
c:\program files\ExcellentAdDisplay\uninstall.exe
c:\recycler\S-1-5-21-583907252-790525478-682003330-1004
c:\users\Michal a Radim\Documents\cc_20090221_1402.reg
c:\users\Michal a Radim\Documents\cc_20091206_1443.reg
c:\windows\system32\AutoRun.inf
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-10 do 2010-01-10 )))))))))))))))))))))))))))))))
.
2010-01-10 17:12 . 2010-01-10 17:13 -------- d-----w- c:\users\Michal a Radim\AppData\Local\temp
2010-01-10 17:12 . 2010-01-10 17:12 -------- d-----w- c:\users\Jana\AppData\Local\temp
2010-01-10 17:12 . 2010-01-10 17:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-09 17:15 . 2010-01-09 17:15 -------- d-----w- c:\users\Michal a Radim\AppData\Roaming\Malwarebytes
2010-01-09 17:15 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-09 17:15 . 2010-01-09 17:15 -------- d-----w- c:\programdata\Malwarebytes
2010-01-09 17:15 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-09 17:15 . 2010-01-09 17:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-09 13:07 . 2010-01-09 13:07 -------- d-----w- C:\rsit
2009-12-27 16:55 . 2009-12-27 17:55 -------- d-----w- c:\programdata\Blizzard Entertainment
2009-12-27 13:28 . 2009-12-27 13:28 -------- d-----w- c:\programdata\Blizzard
2009-12-26 18:33 . 2009-12-26 18:33 5120 ----a-r- c:\users\Michal a Radim\AppData\Roaming\Microsoft\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
2009-12-26 11:27 . 2009-12-26 11:27 -------- d-----w- c:\program files\Feurio
2009-12-22 17:54 . 2009-12-22 18:02 -------- d-----w- c:\program files\Heroes of Newerth
2009-12-21 13:50 . 2009-12-21 13:50 0 ----a-w- c:\windows\ativpsrm.bin
2009-12-21 13:47 . 2009-12-21 13:47 -------- d-----w- C:\ATI
2009-12-20 11:38 . 2009-12-27 13:27 -------- d-----w- c:\programdata\BioWare
2009-12-20 10:55 . 2009-12-20 10:55 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2009-12-20 10:55 . 2009-12-27 13:26 -------- d-----w- c:\programdata\Media Center Programs
2009-12-20 09:45 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-12-20 09:45 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-12-20 09:45 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-12-20 09:45 . 2009-03-16 13:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-12-20 09:45 . 2009-03-16 13:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-12-20 09:45 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-12-20 09:45 . 2008-10-15 05:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-12-20 09:45 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-12-20 09:45 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-12-20 09:36 . 2009-12-20 09:36 -------- d-----w- c:\windows\system32\AGEIA
2009-12-20 09:36 . 2009-12-20 09:36 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-19 10:21 . 2009-12-19 10:21 -------- d-----w- c:\program files\Creative
2009-12-19 10:21 . 2002-06-06 13:38 139264 ----a-w- c:\windows\system32\eax.dll
2009-12-19 10:21 . 2002-08-29 16:33 319488 ----a-r- c:\windows\system32\MafiaSetup.exe
2009-12-19 09:48 . 2009-12-19 10:16 -------- d-----w- c:\program files\Mafia
2009-12-19 09:47 . 2002-08-29 16:33 319488 ----a-r- c:\users\Michal a Radim\AppData\Roaming\MafiaSetup.exe
2009-12-17 21:35 . 2009-12-17 21:49 -------- d-----w- c:\program files\softendo.com
2009-12-17 21:32 . 2009-12-17 21:48 -------- d-----w- c:\program files\Banesoft
2009-12-16 22:10 . 2009-12-16 22:10 -------- d-----w- c:\programdata\WinZip
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 12:32 . 2009-06-02 13:12 -------- d-----w- c:\users\Michal a Radim\AppData\Roaming\Mumble
2010-01-10 11:43 . 2008-05-26 13:38 -------- d-----w- c:\program files\Steam
2010-01-09 10:31 . 2008-05-26 13:11 1356 ----a-w- c:\users\Michal a Radim\AppData\Local\d3d9caps.dat
2009-12-30 15:19 . 2008-05-26 13:52 -------- d-----w- c:\program files\Common Files\Steam
2009-12-28 13:57 . 2009-06-02 13:12 -------- d-----w- c:\program files\Mumble
2009-12-27 14:48 . 2009-10-19 15:02 -------- d-----w- c:\program files\World of Warcraft
2009-12-23 17:14 . 2009-09-08 19:13 -------- d-----w- c:\programdata\TrackMania
2009-12-20 10:55 . 2008-08-20 08:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-20 09:45 . 2009-05-09 15:56 -------- d-----w- c:\program files\Electronic Arts
2009-12-20 09:33 . 2008-05-26 17:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-20 09:31 . 2008-07-08 13:09 -------- d-----w- c:\users\Michal a Radim\AppData\Roaming\uTorrent
2009-12-15 18:02 . 2007-01-08 21:15 81198 ----a-w- c:\windows\system32\perfc005.dat
2009-12-15 18:02 . 2007-01-08 21:15 473360 ----a-w- c:\windows\system32\perfh005.dat
2009-12-04 20:15 . 2008-08-31 13:27 -------- d-----w- c:\program files\Opera
2009-11-28 19:20 . 2009-11-28 19:18 -------- d-----w- c:\program files\X-ray Anti-Cheat
2009-11-25 03:51 . 2009-11-25 03:51 5143552 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2009-11-25 03:18 . 2008-05-26 14:19 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-11-25 03:17 . 2009-11-25 03:17 368640 ----a-w- c:\windows\system32\atieclxx.exe
2009-11-25 03:17 . 2009-11-25 03:17 172032 ----a-w- c:\windows\system32\atiesrxx.exe
2009-11-25 03:15 . 2007-06-15 01:51 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2009-11-25 03:15 . 2007-06-15 01:51 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2009-11-25 03:15 . 2009-11-25 03:15 274432 ----a-w- c:\windows\system32\Oemdspif.dll
2009-11-25 03:15 . 2009-11-25 03:15 11776 ----a-w- c:\windows\system32\atimuixx.dll
2009-11-25 03:14 . 2007-06-15 01:51 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-11-25 03:12 . 2009-11-25 03:12 3055616 ----a-w- c:\windows\system32\atidxx32.dll
2009-11-25 02:55 . 2009-11-25 02:55 3617792 ----a-w- c:\windows\system32\atiumdag.dll
2009-11-25 02:44 . 2009-11-25 02:44 13487616 ----a-w- c:\windows\system32\atioglxx.dll
2009-11-25 02:37 . 2009-11-25 02:37 2899968 ----a-w- c:\windows\system32\atiumdva.dll
2009-11-25 02:25 . 2009-11-25 02:25 52224 ----a-w- c:\windows\system32\atimpc32.dll
2009-11-25 02:25 . 2009-11-25 02:25 52224 ----a-w- c:\windows\system32\amdpcom32.dll
2009-11-25 02:25 . 2009-11-25 02:25 225280 ----a-w- c:\windows\system32\atiadlxx.dll
2009-11-25 02:21 . 2009-11-25 02:21 53248 ----a-w- c:\windows\system32\aticalrt.dll
2009-11-25 02:21 . 2009-11-25 02:21 53248 ----a-w- c:\windows\system32\aticalcl.dll
2009-11-25 02:20 . 2009-11-25 02:20 3629056 ----a-w- c:\windows\system32\aticaldd.dll
2009-11-25 02:10 . 2009-11-25 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-11-14 15:14 . 2008-08-17 19:59 -------- d-----w- c:\program files\IObit
2009-11-08 11:07 . 2009-11-08 11:07 0 ----a-w- c:\users\Michal a Radim\AppData\Roaming\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2009-10-22 15:59 . 2009-10-22 15:59 196565 ----a-w- c:\windows\system32\atiicdxx.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2009-11-30 1217808]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="c:\program files\ICQLite\ICQLite.exe" [2006-07-27 3142236]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ICQ Lite"="c:\program files\ICQLite\ICQLite.exe" [2006-07-27 3142236]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-28 148888]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-03-21 91432]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [10.6.2008 18:56 34312]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [1.2.2008 17:24 41456]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [25.11.2009 4:17 172032]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [10.6.2008 18:53 468224]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [28.1.2009 8:39 185640]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\System32\drivers\royal.sys [26.5.2008 17:11 240128]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [8.7.2008 11:52 717296]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-10 c:\windows\Tasks\AutoSmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2008-08-17 19:14]
2010-01-03 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2008-08-17 19:14]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.theprizeday.com/today.php
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Michal a Radim\AppData\Roaming\Mozilla\Firefox\Profiles\cwjigt75.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\Mozilla Firefox\extensions\PremiereAdvertisingPlatform@PremiereAdvertisingPlatform\components\PremiereAdvertisingPlatform.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\users\Michal a Radim\AppData\Roaming\Mozilla\Firefox\Profiles\cwjigt75.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-PlayNC Launcher - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 18:13
Windows 6.0.6000 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1101424843-4083499384-2814612065-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E09034D3-7601-B5FE-EDA5-57E1B3A048F9}*]
"nafbpbmacgegjbhhffcglfehihmj"=hex:6b,61,6b,65,67,6d,6b,68,62,65,6f,68,63,6c,
67,62,66,63,6f,62,6f,70,00,00
"oahobpkmpkjooanabbocmcbaomfkao"=hex:6a,61,69,66,6c,61,70,6e,6b,63,62,67,70,6a,
6d,6b,6d,68,62,6f,00,ea
[HKEY_USERS\S-1-5-21-1101424843-4083499384-2814612065-1000\Software\SecuROM\License information*]
"datasecu"=hex:a1,29,8e,70,2b,2e,a4,ec,04,6b,93,8c,86,88,0a,2c,ae,6c,08,5c,24,
1f,94,9b,2c,15,ca,6a,af,db,3a,90,7f,53,68,3a,1d,57,c7,fd,5b,fe,e8,c6,2a,0e,\
"rkeysecu"=hex:b0,0f,fe,3b,db,a4,3e,c1,b6,0e,4e,e5,8d,f9,7e,c4
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-01-10 18:16:55
ComboFix-quarantined-files.txt 2010-01-10 17:16
Před spuštěním: Volných bajtů: 11 670 720 512
Po spuštění: Volných bajtů: 11 513 745 408
- - End Of File - - 0B6AE722F9DDCB959175D8F42F3053D3
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1250.420.1029.18.2046.1119 [GMT 1:00]
Spuštěný z: c:\users\Michal a Radim\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
c:\program files\ExcellentAdDisplay
c:\program files\ExcellentAdDisplay\uninstall.exe
c:\recycler\S-1-5-21-583907252-790525478-682003330-1004
c:\users\Michal a Radim\Documents\cc_20090221_1402.reg
c:\users\Michal a Radim\Documents\cc_20091206_1443.reg
c:\windows\system32\AutoRun.inf
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-10 do 2010-01-10 )))))))))))))))))))))))))))))))
.
2010-01-10 17:12 . 2010-01-10 17:13 -------- d-----w- c:\users\Michal a Radim\AppData\Local\temp
2010-01-10 17:12 . 2010-01-10 17:12 -------- d-----w- c:\users\Jana\AppData\Local\temp
2010-01-10 17:12 . 2010-01-10 17:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-09 17:15 . 2010-01-09 17:15 -------- d-----w- c:\users\Michal a Radim\AppData\Roaming\Malwarebytes
2010-01-09 17:15 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-09 17:15 . 2010-01-09 17:15 -------- d-----w- c:\programdata\Malwarebytes
2010-01-09 17:15 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-09 17:15 . 2010-01-09 17:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-09 13:07 . 2010-01-09 13:07 -------- d-----w- C:\rsit
2009-12-27 16:55 . 2009-12-27 17:55 -------- d-----w- c:\programdata\Blizzard Entertainment
2009-12-27 13:28 . 2009-12-27 13:28 -------- d-----w- c:\programdata\Blizzard
2009-12-26 18:33 . 2009-12-26 18:33 5120 ----a-r- c:\users\Michal a Radim\AppData\Roaming\Microsoft\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
2009-12-26 11:27 . 2009-12-26 11:27 -------- d-----w- c:\program files\Feurio
2009-12-22 17:54 . 2009-12-22 18:02 -------- d-----w- c:\program files\Heroes of Newerth
2009-12-21 13:50 . 2009-12-21 13:50 0 ----a-w- c:\windows\ativpsrm.bin
2009-12-21 13:47 . 2009-12-21 13:47 -------- d-----w- C:\ATI
2009-12-20 11:38 . 2009-12-27 13:27 -------- d-----w- c:\programdata\BioWare
2009-12-20 10:55 . 2009-12-20 10:55 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2009-12-20 10:55 . 2009-12-27 13:26 -------- d-----w- c:\programdata\Media Center Programs
2009-12-20 09:45 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-12-20 09:45 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-12-20 09:45 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-12-20 09:45 . 2009-03-16 13:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-12-20 09:45 . 2009-03-16 13:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-12-20 09:45 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-12-20 09:45 . 2008-10-15 05:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-12-20 09:45 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-12-20 09:45 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-12-20 09:36 . 2009-12-20 09:36 -------- d-----w- c:\windows\system32\AGEIA
2009-12-20 09:36 . 2009-12-20 09:36 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-19 10:21 . 2009-12-19 10:21 -------- d-----w- c:\program files\Creative
2009-12-19 10:21 . 2002-06-06 13:38 139264 ----a-w- c:\windows\system32\eax.dll
2009-12-19 10:21 . 2002-08-29 16:33 319488 ----a-r- c:\windows\system32\MafiaSetup.exe
2009-12-19 09:48 . 2009-12-19 10:16 -------- d-----w- c:\program files\Mafia
2009-12-19 09:47 . 2002-08-29 16:33 319488 ----a-r- c:\users\Michal a Radim\AppData\Roaming\MafiaSetup.exe
2009-12-17 21:35 . 2009-12-17 21:49 -------- d-----w- c:\program files\softendo.com
2009-12-17 21:32 . 2009-12-17 21:48 -------- d-----w- c:\program files\Banesoft
2009-12-16 22:10 . 2009-12-16 22:10 -------- d-----w- c:\programdata\WinZip
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 12:32 . 2009-06-02 13:12 -------- d-----w- c:\users\Michal a Radim\AppData\Roaming\Mumble
2010-01-10 11:43 . 2008-05-26 13:38 -------- d-----w- c:\program files\Steam
2010-01-09 10:31 . 2008-05-26 13:11 1356 ----a-w- c:\users\Michal a Radim\AppData\Local\d3d9caps.dat
2009-12-30 15:19 . 2008-05-26 13:52 -------- d-----w- c:\program files\Common Files\Steam
2009-12-28 13:57 . 2009-06-02 13:12 -------- d-----w- c:\program files\Mumble
2009-12-27 14:48 . 2009-10-19 15:02 -------- d-----w- c:\program files\World of Warcraft
2009-12-23 17:14 . 2009-09-08 19:13 -------- d-----w- c:\programdata\TrackMania
2009-12-20 10:55 . 2008-08-20 08:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-20 09:45 . 2009-05-09 15:56 -------- d-----w- c:\program files\Electronic Arts
2009-12-20 09:33 . 2008-05-26 17:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-20 09:31 . 2008-07-08 13:09 -------- d-----w- c:\users\Michal a Radim\AppData\Roaming\uTorrent
2009-12-15 18:02 . 2007-01-08 21:15 81198 ----a-w- c:\windows\system32\perfc005.dat
2009-12-15 18:02 . 2007-01-08 21:15 473360 ----a-w- c:\windows\system32\perfh005.dat
2009-12-04 20:15 . 2008-08-31 13:27 -------- d-----w- c:\program files\Opera
2009-11-28 19:20 . 2009-11-28 19:18 -------- d-----w- c:\program files\X-ray Anti-Cheat
2009-11-25 03:51 . 2009-11-25 03:51 5143552 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2009-11-25 03:18 . 2008-05-26 14:19 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-11-25 03:17 . 2009-11-25 03:17 368640 ----a-w- c:\windows\system32\atieclxx.exe
2009-11-25 03:17 . 2009-11-25 03:17 172032 ----a-w- c:\windows\system32\atiesrxx.exe
2009-11-25 03:15 . 2007-06-15 01:51 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2009-11-25 03:15 . 2007-06-15 01:51 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2009-11-25 03:15 . 2009-11-25 03:15 274432 ----a-w- c:\windows\system32\Oemdspif.dll
2009-11-25 03:15 . 2009-11-25 03:15 11776 ----a-w- c:\windows\system32\atimuixx.dll
2009-11-25 03:14 . 2007-06-15 01:51 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-11-25 03:12 . 2009-11-25 03:12 3055616 ----a-w- c:\windows\system32\atidxx32.dll
2009-11-25 02:55 . 2009-11-25 02:55 3617792 ----a-w- c:\windows\system32\atiumdag.dll
2009-11-25 02:44 . 2009-11-25 02:44 13487616 ----a-w- c:\windows\system32\atioglxx.dll
2009-11-25 02:37 . 2009-11-25 02:37 2899968 ----a-w- c:\windows\system32\atiumdva.dll
2009-11-25 02:25 . 2009-11-25 02:25 52224 ----a-w- c:\windows\system32\atimpc32.dll
2009-11-25 02:25 . 2009-11-25 02:25 52224 ----a-w- c:\windows\system32\amdpcom32.dll
2009-11-25 02:25 . 2009-11-25 02:25 225280 ----a-w- c:\windows\system32\atiadlxx.dll
2009-11-25 02:21 . 2009-11-25 02:21 53248 ----a-w- c:\windows\system32\aticalrt.dll
2009-11-25 02:21 . 2009-11-25 02:21 53248 ----a-w- c:\windows\system32\aticalcl.dll
2009-11-25 02:20 . 2009-11-25 02:20 3629056 ----a-w- c:\windows\system32\aticaldd.dll
2009-11-25 02:10 . 2009-11-25 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-11-14 15:14 . 2008-08-17 19:59 -------- d-----w- c:\program files\IObit
2009-11-08 11:07 . 2009-11-08 11:07 0 ----a-w- c:\users\Michal a Radim\AppData\Roaming\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2009-10-22 15:59 . 2009-10-22 15:59 196565 ----a-w- c:\windows\system32\atiicdxx.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2009-11-30 1217808]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="c:\program files\ICQLite\ICQLite.exe" [2006-07-27 3142236]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ICQ Lite"="c:\program files\ICQLite\ICQLite.exe" [2006-07-27 3142236]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-28 148888]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-03-21 91432]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [10.6.2008 18:56 34312]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [1.2.2008 17:24 41456]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [25.11.2009 4:17 172032]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [10.6.2008 18:53 468224]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [28.1.2009 8:39 185640]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\System32\drivers\royal.sys [26.5.2008 17:11 240128]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [8.7.2008 11:52 717296]
.
Obsah adresáře 'Naplánované úlohy'
2010-01-10 c:\windows\Tasks\AutoSmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2008-08-17 19:14]
2010-01-03 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2008-08-17 19:14]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.theprizeday.com/today.php
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Michal a Radim\AppData\Roaming\Mozilla\Firefox\Profiles\cwjigt75.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\Mozilla Firefox\extensions\PremiereAdvertisingPlatform@PremiereAdvertisingPlatform\components\PremiereAdvertisingPlatform.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\users\Michal a Radim\AppData\Roaming\Mozilla\Firefox\Profiles\cwjigt75.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-PlayNC Launcher - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 18:13
Windows 6.0.6000 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1101424843-4083499384-2814612065-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E09034D3-7601-B5FE-EDA5-57E1B3A048F9}*]
"nafbpbmacgegjbhhffcglfehihmj"=hex:6b,61,6b,65,67,6d,6b,68,62,65,6f,68,63,6c,
67,62,66,63,6f,62,6f,70,00,00
"oahobpkmpkjooanabbocmcbaomfkao"=hex:6a,61,69,66,6c,61,70,6e,6b,63,62,67,70,6a,
6d,6b,6d,68,62,6f,00,ea
[HKEY_USERS\S-1-5-21-1101424843-4083499384-2814612065-1000\Software\SecuROM\License information*]
"datasecu"=hex:a1,29,8e,70,2b,2e,a4,ec,04,6b,93,8c,86,88,0a,2c,ae,6c,08,5c,24,
1f,94,9b,2c,15,ca,6a,af,db,3a,90,7f,53,68,3a,1d,57,c7,fd,5b,fe,e8,c6,2a,0e,\
"rkeysecu"=hex:b0,0f,fe,3b,db,a4,3e,c1,b6,0e,4e,e5,8d,f9,7e,c4
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-01-10 18:16:55
ComboFix-quarantined-files.txt 2010-01-10 17:16
Před spuštěním: Volných bajtů: 11 670 720 512
Po spuštění: Volných bajtů: 11 513 745 408
- - End Of File - - 0B6AE722F9DDCB959175D8F42F3053D3
Re: NOD hlásí, neléčí, nemaže, zpomalení počítače
Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
otestujte na http://www.virustotal.com
c:\windows\system32\atiicdxx.dat
c:\programdata\id Software\QuakeLive\npquakezero.dll
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
Kód: Vybrat vše
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5970f60-2807-11de-8262-000854394491}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac370e67-4cfd-11dd-96f0-000854394491}]
uRun::
uStart Page = hxxp://www.theprizeday.com/today.php
File::
Z:\autorun.exe
Z:\DirectX9\dxsetup.exe
c:\Autorun.inf
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
G:\Autorun.inf
H:\Autorun.inf
I:\Autorun.inf
K:\Autorun.inf
Z:\Autorun.inf
Folder::
C:\recycler
D:\recycler
e:\recycler
f:\recycler
g:\recycler
h:\recycler
Z:\recycler
C:\resycled
D:\resycled
e:\resycled
f:\resycled
g:\resycled
h:\resycled
Z:\resycled
c:\$recycle.bin
d:\$recycle.bin
e:\$recycle.bin
f:\$recycle.bin
g:\$recycle.bin
h:\$recycle.bin
Z:\$recycle.bin
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
otestujte na http://www.virustotal.com
c:\windows\system32\atiicdxx.dat
c:\programdata\id Software\QuakeLive\npquakezero.dll
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: NOD hlásí, neléčí, nemaže, zpomalení počítače
Po použití combofixu jsem nemohl spustit žádnou aplikaci, takže jsem použil poslední známou funkční konfiguraci.
Soubor atiicdxx.dat přijatý 2010.01.11 14:58:13 (UTC)
Současný stav: Dokončeno
Výsledek: 0/41 (0%)
Soubor npquakezero.dll přijatý 2010.01.11 15:03:36 (UTC)
Současný stav: Dokončeno
Výsledek: 0/41 (0%)
Soubor atiicdxx.dat přijatý 2010.01.11 14:58:13 (UTC)
Současný stav: Dokončeno
Výsledek: 0/41 (0%)
Soubor npquakezero.dll přijatý 2010.01.11 15:03:36 (UTC)
Současný stav: Dokončeno
Výsledek: 0/41 (0%)
Re: NOD hlásí, neléčí, nemaže, zpomalení počítače
A log by nebyl?
Start -> Spustit ->
notepad "C:\ComboFix1.txt"
Enter.
Jak to vypadá s počítačem?
Poprosím o log ze Rsitu
Start -> Spustit ->
notepad "C:\ComboFix1.txt"
Enter.
Jak to vypadá s počítačem?
Poprosím o log ze Rsitu
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.