Prosím o kontrolu HJT logu Vyřešeno

[bodly]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:47:10, on 17.4.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.quakelive.com/#home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Warcraft Config.lnk = C:\Program Files\Warcraft III\support\config.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 5217 bytes

[Reklama]

[alenka_v_říši_divů]

Vypni ostatní prohlížeče a aplikace, odpoj se od netu, odinstaluj DAEMON Tools Toolbar a Dealio Toolbar.
A fixni:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.quakelive.com/#home (pokud si nenastavoval sám)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe

O4 - Startup: Warcraft Config.lnk = C:\Program Files\Warcraft III\support\config.exe (je nutné spouštět po startu Win)?

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

Koukni, jestli C:\Windows\system32\GameMon.des.exe existuje.


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.


Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[bodly]

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 4000

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

17.4.2010 12:30:26
mbam-log-2010-04-17 (12-30-26).txt

Typ skenu: Rychlý sken
Skenované objekty: 102525
Uplynulý čas: 3 minuta(y), 46 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[alenka_v_říši_divů]

(pro moji informovanost)
Stáhni si ToolBar S&D
Vypni prohlížeče a zbytečné aplikace a spusť. Při výběru jazyka zmáčkni E a enter.
Při výběru akce zmáčkni 1 a enter. Program bude chvíli scanovat, tak počkej až skončí a obsah logu sem vlož.
Tato aplikace je zaměřená na ten spyware, co tam máš.


Vypni všechny rezidentní ochrany + případně Firewall.

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

[bodly]

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) Dual Core Processor 5050e )
BIOS : Default System BIOS
USER : Bodly ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:298 Go (Free:83 Go)
D:\ (CD or DVD)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (USB)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( so 17.04.2010|13:12 )

[ UAC => 0 ]

-----------\\ Searching for Files - Folders ...

C:\Program Files\DAEMON Tools Toolbar
C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
C:\Program Files\DAEMON Tools Toolbar\Resources
C:\Program Files\DAEMON Tools Toolbar\uninst.exe
C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\about.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\AboutWindow.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\accept.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\AddRadioStation.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\as.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\as.png
C:\Program Files\DAEMON Tools Toolbar\Resources\astro.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\astroburn_site.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\astroLite_16.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\astro_buy.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\astro_download.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\astro_feedback.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\astro_forum.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\astro_home.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\astro_lite.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\az.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\b1.png
C:\Program Files\DAEMON Tools Toolbar\Resources\BurnImage.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\burn_files.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\burn_image.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\burn_imgs.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\buy.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Config.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\d.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\d2.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\daemon.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\daemon_search.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\daemon_search_site.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dot_disabled.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\dot_enabled.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\dot_on_over.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\download.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\ds.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dsearch.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dt-home.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dt.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\DTPro.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dtt16.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dtt32.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dt_about.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dt_buy.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dt_download.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dt_faq.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dt_feedback.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dt_forum.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dt_line.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dt_lite.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dt_manual.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dt_pro.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Dwnl.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\emulation.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\favicon.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\features.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\feedback.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\forum.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\GameCentrix.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\GameCentrixCristals.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\GameCentrixDownload.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\GameCentrixPlayOnline.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\GameCentrixTop.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\GameS.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\GameSA.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\games_search.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\games_search_SA.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\gct16.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\gd.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\genre.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\globe.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\GrabImage.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\hb.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\hb.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\help.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\hide.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\home.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\ImageS.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\ImageSA.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\image_search.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\image_search_SA.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\ip.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\lang.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\lingvo.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\m.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\mail.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_disable.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_disable.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioConfig.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioStation.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRSCur.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuTr.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\mount.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\mount_n_drive.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\next.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\next_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\next_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\next_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\none.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\none_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\op.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\play.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\play.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\play_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\play_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\play_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\pragma.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\prev.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prev_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prev_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prev_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prod.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Radio.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBg.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBg.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBgMask.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioE.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioG.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioL.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLDotMask.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLeft.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLeftMask.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLM.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioM.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioN.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioR.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioR.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioRM.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioRU.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioW.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\rbcheck.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\rbtxt.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Rss.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Rss1.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RssA.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RssA1.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\rssClose.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\rssL.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\rssOpen.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RssRefresh.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\s2.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\show.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\size.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\size_lr.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\size_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\size_rl.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\skins.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\spt.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\stop.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\stop.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\stop_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\stop_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\stop_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\style.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\SupportRequest.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\timer.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\TitleIcon.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\toolbar.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\trans.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_disable.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\u.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\unmount-all.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\vol.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_back.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_mute.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_mute_check.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\WebS.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\WebSa.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\web_resources.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\web_search.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\web_search_SA.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi0.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi1.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi10.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi11.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi12.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi13.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi14.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi2.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi3.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi4.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi5.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi6.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi7.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi8.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi9.ico
C:\Program Files\Search Settings
C:\Program Files\Search Settings\res
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\SearchSettingsRes409.dll
C:\Program Files\Search Settings\temp

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.quakelive.com/#home"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68929"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68928"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"


--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\Users\Bodly\AppData\Roaming\uTorrent\Nero 9.4.26.0+keygen [GR420].torrent
C:\Users\Bodly\Desktop\vçe\torrentiky\Nero_9_Reloaded_9.4.26.0___keygen_[GR420].5281999.TPB.torrent


[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - so 17.04.2010|13:12 - Option : [1]

-----------\\ Scan completed at 13:12:19,61

[bodly]

ComboFix 10-04-15.05 - Bodly 17.04.2010 13:22:10.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.420.1029.18.3326.2268 [GMT 2:00]
Spuštěný z: c:\users\Bodly\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
C:\install.exe
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\IE\4.0.2\config.ini
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\Search Settings
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-17 do 2010-04-17 )))))))))))))))))))))))))))))))
.

2010-04-17 11:29 . 2010-04-17 11:29 -------- d-----w- c:\users\Bodly\AppData\Local\temp
2010-04-17 11:11 . 2010-04-17 11:12 -------- d-----w- C:\ToolBar SD
2010-04-17 10:03 . 2010-04-17 10:03 -------- d-----w- c:\users\Bodly\AppData\Roaming\Malwarebytes
2010-04-17 10:03 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-17 10:03 . 2010-04-17 10:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-17 10:03 . 2010-04-17 10:03 -------- d-----w- c:\programdata\Malwarebytes
2010-04-17 10:03 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-17 07:46 . 2010-04-17 07:46 -------- d-----w- c:\program files\Trend Micro
2010-04-14 08:31 . 2010-02-18 14:22 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-04-14 08:31 . 2010-02-18 14:19 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 08:31 . 2010-02-18 12:05 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 08:31 . 2010-02-18 12:04 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-04-14 08:31 . 2010-02-18 12:04 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 08:31 . 2010-02-18 12:04 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-04-14 08:31 . 2010-02-23 13:14 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 08:31 . 2010-02-23 13:14 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 08:31 . 2010-02-23 13:14 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 08:31 . 2010-02-18 14:54 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 08:31 . 2010-02-18 14:54 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 08:31 . 2010-03-04 19:24 434176 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 08:24 . 2009-12-23 12:45 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 08:23 . 2010-01-13 18:23 97792 ----a-w- c:\windows\system32\cabview.dll
2010-04-13 14:42 . 2010-04-13 14:42 -------- d-----w- c:\program files\Activision
2010-04-13 14:39 . 2010-04-13 14:39 -------- d-sh--w- c:\windows\ftpcache
2010-04-13 12:37 . 2010-04-13 12:37 -------- d-----w- c:\program files\iriver
2010-04-11 16:44 . 2010-04-11 16:44 -------- d-----w- c:\program files\Defraggler
2010-04-11 16:43 . 2010-04-11 16:43 -------- d-----w- c:\program files\CCleaner
2010-04-11 15:38 . 2010-04-11 15:38 -------- d-----w- c:\programdata\ATI
2010-04-01 07:18 . 2010-04-10 09:51 -------- d-----w- c:\program files\Heroes of Newerth
2010-03-31 12:09 . 2009-07-02 22:34 83376 ----a-w- c:\temp\npijjiautoinstallpluginff.dll
2010-03-23 20:29 . 2010-03-23 20:32 -------- d-----w- c:\users\Bodly\AppData\Roaming\Dev-Cpp
2010-03-23 20:29 . 2010-03-23 20:29 -------- d-----w- C:\Dev-Cpp
2010-03-23 17:36 . 2010-03-23 17:36 -------- d-----w- c:\users\Bodly\AppData\Local\Temporary Projects
2010-03-23 17:27 . 2010-03-23 17:27 -------- d-----w- c:\program files\Windows Resource Kits
2010-03-23 17:06 . 2008-07-11 00:28 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2010-03-23 17:06 . 2008-07-11 00:28 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2010-03-23 17:04 . 2010-03-23 17:04 -------- d-----w- c:\windows\system32\RsFx
2010-03-23 17:03 . 2010-03-23 17:03 -------- d-----w- c:\windows\system32\1033
2010-03-23 17:02 . 2010-03-23 17:02 -------- d-----w- c:\windows\PCHEALTH
2010-03-23 16:56 . 2008-04-18 05:40 332800 ----a-w- c:\windows\system32\msihnd.dll
2010-03-23 16:56 . 2008-04-18 02:32 73216 ----a-w- c:\windows\system32\msiexec.exe
2010-03-23 16:56 . 2008-04-18 00:57 2560 ----a-w- c:\windows\system32\msimsg.dll
2010-03-23 16:56 . 2008-04-18 05:40 2252288 ----a-w- c:\windows\system32\msi.dll
2010-03-23 16:55 . 2010-03-23 16:55 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-23 16:55 . 2010-03-23 16:55 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-03-23 16:55 . 2010-03-23 16:55 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-03-23 16:54 . 2010-03-23 16:54 -------- d-----w- c:\users\Bodly\AppData\Local\Microsoft Help
2010-03-23 16:52 . 2010-03-23 17:03 -------- d-----w- c:\program files\Microsoft.NET
2010-03-23 16:52 . 2010-03-23 16:55 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-03-23 16:52 . 2010-03-23 16:55 -------- d-----w- c:\programdata\Microsoft Help
2010-03-23 16:52 . 2010-03-23 16:52 -------- d-----w- c:\program files\Microsoft SDKs
2010-03-20 07:30 . 2010-03-20 07:30 -------- d-----w- c:\users\Bodly\AppData\Roaming\Media Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 11:26 . 2007-01-08 21:09 556502 ----a-w- c:\windows\system32\perfh005.dat
2010-04-17 11:26 . 2007-01-08 21:09 113284 ----a-w- c:\windows\system32\perfc005.dat
2010-04-17 09:54 . 2010-02-11 19:26 -------- d-----w- c:\users\Bodly\AppData\Roaming\Mumble
2010-04-16 14:51 . 2010-02-04 15:17 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-16 14:36 . 2010-02-04 15:17 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-13 15:01 . 2010-03-10 19:51 -------- d-----w- c:\program files\Garena
2010-04-13 14:52 . 2010-01-08 19:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-13 14:39 . 2010-01-08 19:07 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-13 14:37 . 2010-01-16 14:39 -------- d-----w- c:\users\Bodly\AppData\Roaming\uTorrent
2010-04-11 15:34 . 2010-01-08 19:05 -------- d-----w- c:\program files\ATI
2010-04-11 15:34 . 2010-01-08 19:04 -------- d-----w- c:\program files\ATI Technologies
2010-04-11 15:30 . 2010-04-11 15:30 10134 ----a-r- c:\users\Bodly\AppData\Roaming\Microsoft\Installer\{9903001D-2728-9D9B-3D8B-F593A502A972}\ARPPRODUCTICON.exe
2010-03-31 13:02 . 2010-02-16 08:39 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2010-03-31 12:22 . 2010-01-16 18:44 -------- d--h--w- c:\users\Bodly\AppData\Roaming\ijjigame
2010-03-30 08:23 . 2010-03-10 21:09 -------- d-----w- c:\program files\Warcraft III
2010-03-27 08:18 . 2010-02-20 14:51 -------- d-----w- c:\program files\Opera
2010-03-23 17:05 . 2010-01-30 13:05 -------- d-----w- c:\program files\Microsoft SQL Server
2010-03-23 16:54 . 2010-03-23 16:54 193824 ----a-w- c:\programdata\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2010-03-23 16:54 . 2010-03-23 16:54 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-03-20 07:33 . 2010-01-22 19:09 -------- d-----w- c:\users\Bodly\AppData\Roaming\dvdcss
2010-03-16 06:31 . 2010-03-16 06:31 -------- d-----w- c:\program files\MSXML 4.0
2010-03-14 13:49 . 2010-03-14 13:22 -------- d-----w- c:\users\Bodly\AppData\Roaming\Nero
2010-03-14 13:18 . 2010-03-14 13:07 -------- d-----w- c:\program files\Common Files\Nero
2010-03-14 13:17 . 2010-03-14 13:08 -------- d-----w- c:\program files\Nero
2010-03-14 13:10 . 2010-03-14 13:07 -------- d-----w- c:\programdata\Nero
2010-03-14 12:42 . 2010-03-14 12:42 -------- d-----w- c:\users\Bodly\AppData\Roaming\Canneverbe Limited
2010-03-14 12:41 . 2010-03-14 12:41 -------- d-----w- c:\programdata\Canneverbe Limited
2010-03-13 09:20 . 2010-03-13 09:19 -------- d-----w- c:\program files\Warkeys
2010-03-10 21:16 . 2010-03-10 21:11 76355 ----a-w- c:\windows\War3Unin.dat
2010-03-10 21:14 . 2010-03-10 21:11 2829 ----a-w- c:\windows\War3Unin.pif
2010-03-10 21:14 . 2010-03-10 21:11 139264 ----a-w- c:\windows\War3Unin.exe
2010-03-10 13:42 . 2010-03-10 12:57 -------- d-----w- c:\program files\Runes of Magic
2010-03-10 13:13 . 2010-03-09 13:06 -------- d-----w- c:\users\Bodly\AppData\Roaming\FOG Downloader
2010-03-09 16:54 . 2010-03-31 04:45 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:50 . 2010-03-31 04:45 56320 ----a-w- c:\windows\system32\iesetup.dll
2010-03-09 16:50 . 2010-03-31 04:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 16:50 . 2010-03-31 04:45 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll
2010-03-09 16:48 . 2010-03-31 04:45 72704 ----a-w- c:\windows\system32\admparse.dll
2010-03-09 14:17 . 2010-03-31 04:45 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-09 12:43 . 2010-03-31 04:45 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-03-08 14:54 . 2010-03-08 14:38 -------- d-----w- c:\users\Bodly\AppData\Roaming\FreeFLVConverter
2010-03-08 14:39 . 2010-03-08 14:39 -------- d-----w- c:\program files\Application Updater
2010-03-08 14:34 . 2010-03-08 14:34 -------- d-----w- c:\users\Bodly\AppData\Roaming\Moyea
2010-03-08 14:34 . 2010-03-08 14:34 -------- d-----w- c:\program files\Moyea
2010-03-08 14:34 . 2010-03-08 14:33 -------- d-----w- c:\users\Bodly\AppData\Roaming\GetRightToGo
2010-03-08 14:33 . 2010-03-08 14:27 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-03-08 14:33 . 2010-03-08 14:26 -------- d-----w- c:\program files\AVS4YOU
2010-03-08 14:27 . 2010-03-08 14:27 -------- d-----w- c:\users\Bodly\AppData\Roaming\AVS4YOU
2010-03-08 14:27 . 2010-03-08 14:26 -------- d-----w- c:\programdata\AVS4YOU
2010-03-07 14:00 . 2010-01-19 18:25 -------- d-----w- c:\program files\Webzen
2010-03-06 21:26 . 2010-03-06 21:26 -------- d-----w- c:\program files\Xvid
2010-03-06 20:57 . 2010-03-06 20:57 -------- d-----w- c:\program files\Recuva
2010-03-03 15:05 . 2010-03-03 14:53 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-03-03 14:10 . 2010-03-03 13:36 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-03-03 04:22 . 2010-03-03 04:22 5340160 ----a-w- c:\windows\system32\drivers\atipmdag.sys
2010-03-03 04:22 . 2010-03-03 04:22 5340160 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-03-03 04:16 . 2010-03-03 04:16 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-03-03 04:16 . 2010-03-03 04:16 446464 ----a-w- c:\windows\system32\aticfx32.dll
2010-03-03 04:13 . 2010-03-03 04:13 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-03-03 04:12 . 2010-03-03 04:12 372736 ----a-w- c:\windows\system32\atieclxx.exe
2010-03-03 04:11 . 2010-03-03 04:11 172032 ----a-w- c:\windows\system32\atiesrxx.exe
2010-03-03 04:10 . 2008-09-03 02:20 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-03-03 04:10 . 2008-09-03 02:20 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-03-03 04:09 . 2010-03-03 04:09 274432 ----a-w- c:\windows\system32\Oemdspif.dll
2010-03-03 04:09 . 2010-03-03 04:09 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-03-03 04:09 . 2010-03-03 04:09 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-03-03 04:06 . 2010-03-03 04:06 3131392 ----a-w- c:\windows\system32\atidxx32.dll
2010-03-03 03:46 . 2010-03-03 03:46 3703808 ----a-w- c:\windows\system32\atiumdag.dll
2010-03-03 03:45 . 2010-03-03 03:45 14226944 ----a-w- c:\windows\system32\atioglxx.dll
2010-03-03 03:24 . 2010-03-03 03:24 2993152 ----a-w- c:\windows\system32\atiumdva.dll
2010-03-03 03:23 . 2010-03-03 03:23 50176 ----a-w- c:\windows\system32\coinst.dll
2010-03-03 03:20 . 2010-03-03 03:20 53248 ----a-w- c:\windows\system32\aticalrt.dll
2010-03-03 03:20 . 2010-03-03 03:20 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-03-03 03:18 . 2010-03-03 03:18 3657728 ----a-w- c:\windows\system32\aticaldd.dll
2010-03-03 03:08 . 2010-03-03 03:08 52224 ----a-w- c:\windows\system32\atimpc32.dll
2010-03-03 03:08 . 2010-03-03 03:08 52224 ----a-w- c:\windows\system32\amdpcom32.dll
2010-03-03 03:08 . 2010-03-03 03:08 237568 ----a-w- c:\windows\system32\atiadlxx.dll
2010-03-03 03:07 . 2010-03-03 03:07 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-03-03 03:07 . 2010-03-03 03:07 15360 ----a-w- c:\windows\system32\atigktxx.dll
2010-03-03 03:07 . 2010-03-03 03:07 152064 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-03-03 03:06 . 2010-03-03 03:06 27648 ----a-w- c:\windows\system32\atiuxpag.dll
2010-03-03 03:06 . 2010-03-03 03:06 20480 ----a-w- c:\windows\system32\atiu9pag.dll
2010-03-03 03:06 . 2010-03-03 03:06 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2010-03-03 03:05 . 2010-03-03 03:05 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-02-27 09:28 . 2010-02-27 09:28 -------- d-----w- c:\programdata\Blizzard
2010-02-26 14:22 . 2010-02-26 14:17 -------- d-----w- c:\users\Bodly\AppData\Roaming\Command and Conquer 4 Beta
2010-02-26 14:14 . 2010-02-26 14:14 3206928 ----a-w- c:\programdata\Electronic Arts Inc\CNC4BetaPatch\LauncherUpdate_R15b.exe
2010-02-26 14:14 . 2010-02-26 14:14 -------- d-----w- c:\programdata\Electronic Arts Inc
2010-02-26 14:08 . 2010-02-04 15:24 -------- d-----w- c:\program files\Electronic Arts
2010-02-25 20:50 . 2010-03-08 14:38 315392 ----a-w- c:\windows\system32\TubeFinder.exe
2010-02-25 19:55 . 2010-02-25 19:55 201875 ----a-w- c:\windows\system32\atiicdxx.dat
2010-02-24 20:19 . 2010-02-24 20:19 -------- d-----w- c:\program files\Gpotato
2010-02-24 18:58 . 2010-02-24 18:58 -------- d-----w- c:\programdata\PMB Files
2010-02-24 18:57 . 2010-02-24 18:57 -------- d-----w- c:\program files\Pando Networks
2010-02-24 16:04 . 2010-02-24 16:03 -------- d-----w- c:\program files\QuickTime
2010-02-24 16:03 . 2010-02-24 16:03 -------- d-----w- c:\programdata\Apple Computer
2010-02-24 16:03 . 2010-02-24 16:03 -------- d-----w- c:\program files\Common Files\Apple
2010-02-24 16:03 . 2010-02-24 16:03 -------- d-----w- c:\programdata\Apple
2010-02-24 16:03 . 2010-02-24 16:03 -------- d-----w- c:\program files\Apple Software Update
2010-02-24 13:05 . 2010-01-08 19:56 -------- d-----w- c:\program files\Valve
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-02-24 2937528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-02 1004136]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-11-16 307200]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-18 691696]
R3 GarenaPEngine;GarenaPEngine;c:\users\Bodly\AppData\Local\Temp\OJJABD9.tmp [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-01-06 3482384]
R3 XDva323;XDva323;c:\windows\system32\XDva323.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-03 172032]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2009-12-16 375296]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-03 5340160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-03 152064]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2009-03-02 127496]

.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.quakelive.com/#home
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-17 13:29
Windows 6.0.6000 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\Bodly\AppData\Local\Temp\OJJABD9.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Celkový čas: 2010-04-17 13:34:34
ComboFix-quarantined-files.txt 2010-04-17 11:34

Před spuštěním: Volných bajtů: 89 777 934 336
Po spuštění: Volných bajtů: 89 798 905 856

- - End Of File - - 5E8117BB3ED8871E9CEBDF7955ADE34A

[bodly]

hmm?

[bodly]

Ted mi nejdou spusit CoD mw2.. bud se to nepusti vubec, nebo jen blikne cerna obrazovka ;(

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\users\Bodly\AppData\Local\Temp\OJJABD9.tmp 
c:\windows\system32\XDva323.sys 
c:\users\Bodly\AppData\Local\Temp\OJJABD9.tmp
c:\windows\system32\GameMon.des

Folder::
c:\windows\system32\1033 
c:\program files\Garena

DirLook::
c:\users\Bodly\AppData\Roaming\ijjigame

Driver::
GarenaPEngine
npggsvc
nProtect GameGuard Service
XDva323

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"FilterAdministratorToken"=dword:00000000

DDS::
uStart Page = hxxp://www.quakelive.com/#home


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\program files\Application Updater\ApplicationUpdater.exe
c:\programdata\Electronic Arts Inc\CNC4BetaPatch\LauncherUpdate_R15b.exe
c:\users\Bodly\AppData\Roaming\ijjigame

Pokud už byl soubor testován-klikni na otestovat znovu.
Až skončí test všech antivirů, vlož sem pak odkazy na stránky s výsledky.