NOD hlásí, neléčí, nemaže, zpomalení počítače

[repingl]

Dobrý den, Nodík mi hlásí infiltrace, ale nemůže je vyléčit ani smazat.

Zde je log z HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:12, on 9.1.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.3.0.4160\NPIEAddOn.dll
O2 - BHO: PremiereAdvertisingPlatform - {547395D9-934A-CED6-B851-F238C86079E5} - C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ExcellentAdDisplay - {F31C8969-83E7-A513-2E11-CB6D1837C2CB} - C:\Program Files\ExcellentAdDisplay\ExcellentAdDisplay.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 7175 bytes

Snad jsem sem hodil to co potřebujete, předem děkuji

[motji]

Hezké odpoledne
Co konkrétně hlásí? V jakém souboru?
Poprosím o log ze Rsitu, viz můj podpis

[repingl]

Objekt: ExcellentAdDisplay.dll
Infiltrace: TrojanClicker.Agent

Objekt: adwpx.exe
Infiltrace: Adware.DoubleD.AC aplikace

a nějaké další adwary, poprve hlasil těch trojanu vic, po restartu už jen tohodle

LOG z Rsitu:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Michal a Radim at 2010-01-09 14:07:01
Microsoft® Windows Vista™ Ultimate
System drive C: has 9 GB (7%) free of 131 GB
Total RAM: 2046 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:07:09, on 9.1.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Opera\opera.exe
C:\Users\Michal a Radim\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Michal a Radim.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.3.0.4160\NPIEAddOn.dll
O2 - BHO: PremiereAdvertisingPlatform - {547395D9-934A-CED6-B851-F238C86079E5} - C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ExcellentAdDisplay - {F31C8969-83E7-A513-2E11-CB6D1837C2CB} - C:\Program Files\ExcellentAdDisplay\ExcellentAdDisplay.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 7294 bytes

======Scheduled tasks folder======

C:\Windows\tasks\AutoSmartDefrag.job
C:\Windows\tasks\SmartDefrag.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35B8D58C-B0CB-46b0-BA64-05B3804E4E86}]
NP Helper Class - C:\Program Files\Internet Saving Optimizer\3.3.0.4160\NPIEAddOn.dll [2009-06-03 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{547395D9-934A-CED6-B851-F238C86079E5}]
PremiereAdvertisingPlatform - C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll [2009-07-16 156160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-05-28 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D}]
System Search Dispatcher

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-28 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F31C8969-83E7-A513-2E11-CB6D1837C2CB}]
ExcellentAdDisplay - C:\Program Files\ExcellentAdDisplay\ExcellentAdDisplay.dll [2009-04-25 155136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe [2006-07-27 3142236]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-28 148888]
"WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2007-05-15 204800]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"NeroCheck"=C:\Windows\system32\NeroCheck.exe [2001-07-09 155648]
"RemoteControl8"=C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
"PDVD8LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2008-03-21 91432]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-06-10 1447168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=c:\program files\steam\steam.exe [2009-11-30 1217808]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
"PlayNC Launcher"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe [2006-07-27 3142236]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac370e67-4cfd-11dd-96f0-000854394491}]
shell\AutoRun\command - Z:\autorun.exe
shell\directx\command - Z:\DirectX9\dxsetup.exe
shell\setup\command - Z:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5970f60-2807-11de-8262-000854394491}]
shell\AutoRun\command - E:\autorun.exe -auto


======List of files/folders created in the last 1 months======

2010-01-09 14:07:01 ----D---- C:\rsit
2009-12-27 17:55:48 ----D---- C:\ProgramData\Blizzard Entertainment
2009-12-27 14:28:01 ----D---- C:\ProgramData\Blizzard
2009-12-26 12:27:45 ----A---- C:\Windows\cdplayer.ini
2009-12-26 12:27:15 ----D---- C:\Program Files\Feurio
2009-12-22 18:54:52 ----D---- C:\Program Files\Heroes of Newerth
2009-12-21 14:47:26 ----D---- C:\ATI
2009-12-20 12:38:20 ----D---- C:\ProgramData\BioWare
2009-12-20 11:55:46 ----D---- C:\Windows\1C4551A64743409391E41477CD655043.TMP
2009-12-20 11:55:40 ----D---- C:\ProgramData\Media Center Programs
2009-12-20 10:45:49 ----A---- C:\Windows\system32\d3dx10_41.dll
2009-12-20 10:45:49 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2009-12-20 10:45:47 ----A---- C:\Windows\system32\D3DX9_41.dll
2009-12-20 10:45:46 ----A---- C:\Windows\system32\XAudio2_4.dll
2009-12-20 10:45:46 ----A---- C:\Windows\system32\xactengine3_4.dll
2009-12-20 10:45:46 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2009-12-20 10:45:43 ----A---- C:\Windows\system32\d3dx10_40.dll
2009-12-20 10:45:43 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2009-12-20 10:45:39 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-12-20 10:36:48 ----D---- C:\Windows\system32\AGEIA
2009-12-20 10:36:47 ----D---- C:\Program Files\AGEIA Technologies
2009-12-19 11:21:24 ----D---- C:\Program Files\Creative
2009-12-19 11:21:24 ----A---- C:\Windows\system32\eax.dll
2009-12-19 11:21:22 ----RA---- C:\Windows\system32\MafiaSetup.exe
2009-12-19 10:48:07 ----D---- C:\Program Files\Mafia
2009-12-19 10:47:58 ----RA---- C:\Users\Michal a Radim\AppData\Roaming\MafiaSetup.exe
2009-12-17 22:35:30 ----D---- C:\Program Files\softendo.com
2009-12-17 22:32:51 ----D---- C:\Program Files\Banesoft
2009-12-16 23:10:13 ----D---- C:\ProgramData\WinZip
2009-12-16 23:10:06 ----D---- C:\Program Files\WinZip
2009-12-15 19:10:37 ----D---- C:\Program Files\PremiereAdvertisingPlatform
2009-12-15 19:10:37 ----D---- C:\Program Files\PlayMP3z

======List of files/folders modified in the last 1 months======

2010-01-09 14:07:06 ----D---- C:\Windows\temp
2010-01-09 12:46:56 ----SHD---- C:\System Volume Information
2010-01-09 12:41:03 ----D---- C:\Program Files\Steam
2010-01-09 12:26:12 ----D---- C:\Users\Michal a Radim\AppData\Roaming\Mumble
2010-01-09 11:31:43 ----D---- C:\Windows\Prefetch
2009-12-30 16:19:56 ----D---- C:\Program Files\Common Files\Steam
2009-12-30 14:57:35 ----D---- C:\Program Files\Mozilla Firefox
2009-12-29 22:44:09 ----D---- C:\Windows\system32\catroot2
2009-12-28 14:57:16 ----D---- C:\Program Files\Mumble
2009-12-28 14:57:14 ----D---- C:\Windows\winsxs
2009-12-27 18:57:27 ----D---- C:\Windows
2009-12-27 18:55:06 ----HD---- C:\ProgramData
2009-12-27 15:48:02 ----D---- C:\Program Files\World of Warcraft
2009-12-27 14:27:28 ----RD---- C:\Program Files
2009-12-27 14:27:28 ----D---- C:\Program Files\Common Files
2009-12-26 19:33:27 ----SHD---- C:\Windows\Installer
2009-12-26 19:33:26 ----HD---- C:\Config.Msi
2009-12-26 12:37:04 ----D---- C:\Temp
2009-12-23 18:14:37 ----D---- C:\ProgramData\TrackMania
2009-12-21 15:26:39 ----D---- C:\Windows\System32
2009-12-21 14:49:34 ----D---- C:\Windows\system32\drivers
2009-12-21 14:49:19 ----D---- C:\Windows\system32\catroot
2009-12-21 14:49:18 ----D---- C:\Windows\inf
2009-12-20 17:37:23 ----RSD---- C:\Windows\assembly
2009-12-20 11:55:44 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-12-20 10:45:50 ----D---- C:\Program Files\Electronic Arts
2009-12-20 10:33:17 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-20 10:31:26 ----D---- C:\Users\Michal a Radim\AppData\Roaming\uTorrent
2009-12-15 19:10:37 ----D---- C:\Program Files\Windows Media Player
2009-12-15 19:02:02 ----A---- C:\Windows\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Amfilter;A4Tech Mouse Filter Driver; C:\Windows\system32\DRIVERS\Amfilter.sys [2007-05-14 9216]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2006-11-02 319488]
R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2008-06-10 53256]
R1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-08-12 5632]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-02-01 41456]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-07-19 281760]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2008-06-10 39944]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-07-19 25888]
R2 RMCAST;Ovladač protokolu RMCAST (Pgm); C:\Windows\system32\DRIVERS\RMCAST.sys [2006-11-02 113664]
R3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\Windows\system32\DRIVERS\Amusbprt.sys [2007-05-14 14336]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-11-25 5143552]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-12-22 25280]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
S3 awt6j2fj;awt6j2fj; C:\Windows\system32\drivers\awt6j2fj.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-11-25 172032]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-06-10 468224]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-08-17 75064]
R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-01-28 185640]
R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-12-29 321320]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-06-10 19200]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2006-11-02 521216]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-19 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2006-11-02 562176]

-----------------EOF-----------------

[motji]

Co je jednotka Z?

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

[repingl]

Pokud to myslíte, jako třeba jednotku C, tak nic takového tu nemám a nechci mít.

LOG z MBAMu:

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3510
Windows 6.0.6000
Internet Explorer 7.0.6000.16386

9.1.2010 21:02:22
mbam-log-2010-01-09 (21-02-19).txt

Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 298953
Uplynulý čas: 1 hour(s), 43 minute(s), 49 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 44
Infikované hodnoty registru: 2
Infikované datové položky registru: 0
Infikované adresáře: 22
Infikované soubory: 42

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CLASSES_ROOT\excellentaddisplay.excellentaddisplay (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{26f1dc82-56ea-6fb6-89af-b039d3cb9ed9} (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2c8d7294-4f74-4147-277d-3fff39e6eacb} (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f31c8969-83e7-a513-2e11-cb6d1837c2cb} (Adware.PlayMP3z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f31c8969-83e7-a513-2e11-cb6d1837c2cb} (Adware.PlayMP3z) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f31c8969-83e7-a513-2e11-cb6d1837c2cb} (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\excellentaddisplay.excellentaddisplay.1 (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\premiereadvertisingplatform.premiereadvertisingplatform (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{338bfb9a-ea66-7554-fb44-df75ba3936ac} (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1cac32c4-1d91-9430-9efd-947861eb3b39} (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{547395d9-934a-ced6-b851-f238c86079e5} (Adware.PlayMP3z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{547395d9-934a-ced6-b851-f238c86079e5} (Adware.PlayMP3z) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{547395d9-934a-ced6-b851-f238c86079e5} (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\premiereadvertisingplatform.premiereadvertisingplatform.1 (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\AppID\ExcellentAdDisplay.dll (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\PremiereAdvertisingPlatform.dll (Adware.PlayMP3z) -> No action taken.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ExcellentAdDisplay (Adware.PlayMP3z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\PremiereAdvertisingPlatform (Adware.PlayMP3z) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ExcellentAdDisplay (Adware.PlayMP3z) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PLayMP3z) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PremiereAdvertisingPlatform (Adware.PlayMP3z) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> No action taken.

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
C:\Program Files\DoubleD (Adware.DoubleD) -> No action taken.
C:\Program Files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160 (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\Data (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\chrome (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\chrome\content (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790 (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\Data (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome\content (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\PlayMP3z (Adware.PLayMP3z) -> No action taken.
C:\Program Files\PremiereAdvertisingPlatform (Adware.PlayMP3z) -> No action taken.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750 (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data (Adware.DoubleD) -> No action taken.
C:\Users\Michal a Radim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PLayMP3z) -> No action taken.

Infikované soubory:
C:\Program Files\ExcellentAdDisplay\ExcellentAdDisplay.dll (Adware.PlayMP3z) -> No action taken.
C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll (Adware.PlayMP3z) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\NPIEAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.PlayMP3z) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\HPIEAddOn.dll (Trojan.Downloader) -> No action taken.
C:\Users\Michal a Radim\AppData\Roaming\mIRC\bin\dll\SysTray.dll (Backdoor.Bot) -> No action taken.
C:\Windows\Crack\Crack.exe (Worm.VB) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\adwpx.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\NPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\Data\config.md (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\install.rdf (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.3.0.4160\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\HPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\hppx.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\MAHelper.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\Data\config.md (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\install.rdf (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.3.0.790\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> No action taken.
C:\Program Files\PremiereAdvertisingPlatform\uninstall.exe (Adware.PlayMP3z) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\eacore.mx (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLDynamic.mx (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLStatic.mx (Adware.DoubleD) -> No action taken.
C:\Users\Michal a Radim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.pif (Adware.PLayMP3z) -> No action taken.

[motji]

Co našel mbam, smažte
Myslím tím, jestli používáte pamět. karty, usb disky, externí disk...když kliknete na tento počítač, tak je vypsané co je které písmeno.

Mě zajímá co je tohle

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac370e67-4cfd-11dd-96f0-000854394491}]
shell\AutoRun\command - Z:\autorun.exe
shell\directx\command - Z:\DirectX9\dxsetup.exe
shell\setup\command - Z:\setup.exe

[repingl]

Všechno jsem smazal a počítač zatím vypadá v pořádku. O té jednotce Z opravdu nic nevím, nic takového v počítači zapojeného nemám.

[motji]

Pro jistotu

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe


- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem

[repingl]

ComboFix 10-01-04.01 - Michal a Radim 10.01.2010 18:04:24.3.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1250.420.1029.18.2046.1119 [GMT 1:00]
Spuštěný z: c:\users\Michal a Radim\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
c:\program files\ExcellentAdDisplay
c:\program files\ExcellentAdDisplay\uninstall.exe
c:\recycler\S-1-5-21-583907252-790525478-682003330-1004
c:\users\Michal a Radim\Documents\cc_20090221_1402.reg
c:\users\Michal a Radim\Documents\cc_20091206_1443.reg
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-12-10 do 2010-01-10 )))))))))))))))))))))))))))))))
.

2010-01-10 17:12 . 2010-01-10 17:13 -------- d-----w- c:\users\Michal a Radim\AppData\Local\temp
2010-01-10 17:12 . 2010-01-10 17:12 -------- d-----w- c:\users\Jana\AppData\Local\temp
2010-01-10 17:12 . 2010-01-10 17:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-09 17:15 . 2010-01-09 17:15 -------- d-----w- c:\users\Michal a Radim\AppData\Roaming\Malwarebytes
2010-01-09 17:15 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-09 17:15 . 2010-01-09 17:15 -------- d-----w- c:\programdata\Malwarebytes
2010-01-09 17:15 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-09 17:15 . 2010-01-09 17:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-09 13:07 . 2010-01-09 13:07 -------- d-----w- C:\rsit
2009-12-27 16:55 . 2009-12-27 17:55 -------- d-----w- c:\programdata\Blizzard Entertainment
2009-12-27 13:28 . 2009-12-27 13:28 -------- d-----w- c:\programdata\Blizzard
2009-12-26 18:33 . 2009-12-26 18:33 5120 ----a-r- c:\users\Michal a Radim\AppData\Roaming\Microsoft\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
2009-12-26 11:27 . 2009-12-26 11:27 -------- d-----w- c:\program files\Feurio
2009-12-22 17:54 . 2009-12-22 18:02 -------- d-----w- c:\program files\Heroes of Newerth
2009-12-21 13:50 . 2009-12-21 13:50 0 ----a-w- c:\windows\ativpsrm.bin
2009-12-21 13:47 . 2009-12-21 13:47 -------- d-----w- C:\ATI
2009-12-20 11:38 . 2009-12-27 13:27 -------- d-----w- c:\programdata\BioWare
2009-12-20 10:55 . 2009-12-20 10:55 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2009-12-20 10:55 . 2009-12-27 13:26 -------- d-----w- c:\programdata\Media Center Programs
2009-12-20 09:45 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-12-20 09:45 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-12-20 09:45 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-12-20 09:45 . 2009-03-16 13:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-12-20 09:45 . 2009-03-16 13:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-12-20 09:45 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-12-20 09:45 . 2008-10-15 05:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-12-20 09:45 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-12-20 09:45 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-12-20 09:36 . 2009-12-20 09:36 -------- d-----w- c:\windows\system32\AGEIA
2009-12-20 09:36 . 2009-12-20 09:36 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-19 10:21 . 2009-12-19 10:21 -------- d-----w- c:\program files\Creative
2009-12-19 10:21 . 2002-06-06 13:38 139264 ----a-w- c:\windows\system32\eax.dll
2009-12-19 10:21 . 2002-08-29 16:33 319488 ----a-r- c:\windows\system32\MafiaSetup.exe
2009-12-19 09:48 . 2009-12-19 10:16 -------- d-----w- c:\program files\Mafia
2009-12-19 09:47 . 2002-08-29 16:33 319488 ----a-r- c:\users\Michal a Radim\AppData\Roaming\MafiaSetup.exe
2009-12-17 21:35 . 2009-12-17 21:49 -------- d-----w- c:\program files\softendo.com
2009-12-17 21:32 . 2009-12-17 21:48 -------- d-----w- c:\program files\Banesoft
2009-12-16 22:10 . 2009-12-16 22:10 -------- d-----w- c:\programdata\WinZip

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 12:32 . 2009-06-02 13:12 -------- d-----w- c:\users\Michal a Radim\AppData\Roaming\Mumble
2010-01-10 11:43 . 2008-05-26 13:38 -------- d-----w- c:\program files\Steam
2010-01-09 10:31 . 2008-05-26 13:11 1356 ----a-w- c:\users\Michal a Radim\AppData\Local\d3d9caps.dat
2009-12-30 15:19 . 2008-05-26 13:52 -------- d-----w- c:\program files\Common Files\Steam
2009-12-28 13:57 . 2009-06-02 13:12 -------- d-----w- c:\program files\Mumble
2009-12-27 14:48 . 2009-10-19 15:02 -------- d-----w- c:\program files\World of Warcraft
2009-12-23 17:14 . 2009-09-08 19:13 -------- d-----w- c:\programdata\TrackMania
2009-12-20 10:55 . 2008-08-20 08:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-20 09:45 . 2009-05-09 15:56 -------- d-----w- c:\program files\Electronic Arts
2009-12-20 09:33 . 2008-05-26 17:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-20 09:31 . 2008-07-08 13:09 -------- d-----w- c:\users\Michal a Radim\AppData\Roaming\uTorrent
2009-12-15 18:02 . 2007-01-08 21:15 81198 ----a-w- c:\windows\system32\perfc005.dat
2009-12-15 18:02 . 2007-01-08 21:15 473360 ----a-w- c:\windows\system32\perfh005.dat
2009-12-04 20:15 . 2008-08-31 13:27 -------- d-----w- c:\program files\Opera
2009-11-28 19:20 . 2009-11-28 19:18 -------- d-----w- c:\program files\X-ray Anti-Cheat
2009-11-25 03:51 . 2009-11-25 03:51 5143552 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2009-11-25 03:18 . 2008-05-26 14:19 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-11-25 03:17 . 2009-11-25 03:17 368640 ----a-w- c:\windows\system32\atieclxx.exe
2009-11-25 03:17 . 2009-11-25 03:17 172032 ----a-w- c:\windows\system32\atiesrxx.exe
2009-11-25 03:15 . 2007-06-15 01:51 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2009-11-25 03:15 . 2007-06-15 01:51 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2009-11-25 03:15 . 2009-11-25 03:15 274432 ----a-w- c:\windows\system32\Oemdspif.dll
2009-11-25 03:15 . 2009-11-25 03:15 11776 ----a-w- c:\windows\system32\atimuixx.dll
2009-11-25 03:14 . 2007-06-15 01:51 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-11-25 03:12 . 2009-11-25 03:12 3055616 ----a-w- c:\windows\system32\atidxx32.dll
2009-11-25 02:55 . 2009-11-25 02:55 3617792 ----a-w- c:\windows\system32\atiumdag.dll
2009-11-25 02:44 . 2009-11-25 02:44 13487616 ----a-w- c:\windows\system32\atioglxx.dll
2009-11-25 02:37 . 2009-11-25 02:37 2899968 ----a-w- c:\windows\system32\atiumdva.dll
2009-11-25 02:25 . 2009-11-25 02:25 52224 ----a-w- c:\windows\system32\atimpc32.dll
2009-11-25 02:25 . 2009-11-25 02:25 52224 ----a-w- c:\windows\system32\amdpcom32.dll
2009-11-25 02:25 . 2009-11-25 02:25 225280 ----a-w- c:\windows\system32\atiadlxx.dll
2009-11-25 02:21 . 2009-11-25 02:21 53248 ----a-w- c:\windows\system32\aticalrt.dll
2009-11-25 02:21 . 2009-11-25 02:21 53248 ----a-w- c:\windows\system32\aticalcl.dll
2009-11-25 02:20 . 2009-11-25 02:20 3629056 ----a-w- c:\windows\system32\aticaldd.dll
2009-11-25 02:10 . 2009-11-25 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-11-14 15:14 . 2008-08-17 19:59 -------- d-----w- c:\program files\IObit
2009-11-08 11:07 . 2009-11-08 11:07 0 ----a-w- c:\users\Michal a Radim\AppData\Roaming\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2009-10-22 15:59 . 2009-10-22 15:59 196565 ----a-w- c:\windows\system32\atiicdxx.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2009-11-30 1217808]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="c:\program files\ICQLite\ICQLite.exe" [2006-07-27 3142236]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ICQ Lite"="c:\program files\ICQLite\ICQLite.exe" [2006-07-27 3142236]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-28 148888]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-03-21 91432]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [10.6.2008 18:56 34312]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [1.2.2008 17:24 41456]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [25.11.2009 4:17 172032]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [10.6.2008 18:53 468224]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [28.1.2009 8:39 185640]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\System32\drivers\royal.sys [26.5.2008 17:11 240128]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [8.7.2008 11:52 717296]
.
Obsah adresáře 'Naplánované úlohy'

2010-01-10 c:\windows\Tasks\AutoSmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2008-08-17 19:14]

2010-01-03 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2008-08-17 19:14]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.theprizeday.com/today.php
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Michal a Radim\AppData\Roaming\Mozilla\Firefox\Profiles\cwjigt75.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\Mozilla Firefox\extensions\PremiereAdvertisingPlatform@PremiereAdvertisingPlatform\components\PremiereAdvertisingPlatform.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\users\Michal a Radim\AppData\Roaming\Mozilla\Firefox\Profiles\cwjigt75.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-PlayNC Launcher - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 18:13
Windows 6.0.6000 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1101424843-4083499384-2814612065-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E09034D3-7601-B5FE-EDA5-57E1B3A048F9}*]
"nafbpbmacgegjbhhffcglfehihmj"=hex:6b,61,6b,65,67,6d,6b,68,62,65,6f,68,63,6c,
67,62,66,63,6f,62,6f,70,00,00
"oahobpkmpkjooanabbocmcbaomfkao"=hex:6a,61,69,66,6c,61,70,6e,6b,63,62,67,70,6a,
6d,6b,6d,68,62,6f,00,ea

[HKEY_USERS\S-1-5-21-1101424843-4083499384-2814612065-1000\Software\SecuROM\License information*]
"datasecu"=hex:a1,29,8e,70,2b,2e,a4,ec,04,6b,93,8c,86,88,0a,2c,ae,6c,08,5c,24,
1f,94,9b,2c,15,ca,6a,af,db,3a,90,7f,53,68,3a,1d,57,c7,fd,5b,fe,e8,c6,2a,0e,\
"rkeysecu"=hex:b0,0f,fe,3b,db,a4,3e,c1,b6,0e,4e,e5,8d,f9,7e,c4

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-01-10 18:16:55
ComboFix-quarantined-files.txt 2010-01-10 17:16

Před spuštěním: Volných bajtů: 11 670 720 512
Po spuštění: Volných bajtů: 11 513 745 408

- - End Of File - - 0B6AE722F9DDCB959175D8F42F3053D3

[motji]

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5970f60-2807-11de-8262-000854394491}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac370e67-4cfd-11dd-96f0-000854394491}]
uRun::
uStart Page = hxxp://www.theprizeday.com/today.php
File:: 
Z:\autorun.exe
Z:\DirectX9\dxsetup.exe
c:\Autorun.inf
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
G:\Autorun.inf
H:\Autorun.inf
I:\Autorun.inf
K:\Autorun.inf
Z:\Autorun.inf
Folder::
C:\recycler
D:\recycler
e:\recycler
f:\recycler
g:\recycler
h:\recycler
Z:\recycler
C:\resycled
D:\resycled
e:\resycled
f:\resycled
g:\resycled
h:\resycled
Z:\resycled
c:\$recycle.bin
d:\$recycle.bin
e:\$recycle.bin
f:\$recycle.bin
g:\$recycle.bin
h:\$recycle.bin
Z:\$recycle.bin

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

otestujte na http://www.virustotal.com
c:\windows\system32\atiicdxx.dat
c:\programdata\id Software\QuakeLive\npquakezero.dll

[repingl]

Po použití combofixu jsem nemohl spustit žádnou aplikaci, takže jsem použil poslední známou funkční konfiguraci.

Soubor atiicdxx.dat přijatý 2010.01.11 14:58:13 (UTC)
Současný stav: Dokončeno
Výsledek: 0/41 (0%)

Soubor npquakezero.dll přijatý 2010.01.11 15:03:36 (UTC)
Současný stav: Dokončeno
Výsledek: 0/41 (0%)

[motji]

A log by nebyl?

Start -> Spustit ->
notepad "C:\ComboFix1.txt"
Enter.

Jak to vypadá s počítačem?
Poprosím o log ze Rsitu