Je to vir? Jak ho odstranit? Vyřešeno

[AleRx8]

Ahoj, nechápu jak, ale chytnul jsem nejspíše vir. Když kliknu třeba do vyhledávače, tak se mi pořád píše plus, ikdyž mám odpojenou klávesnici. To samé u wordu, powerpointu a poznámkového bloku. Je to tedy vir? A má to něco dočinění s tím, že jsem flashoval BIOS kvůli podpoře procesoru? Moc prosím o odpovědi a předem díka za rady.

[Reklama]

[Damned]

Zkus připojit klávesy. Zkontrolovat/aktualizovat ovladač ve Správci zařízení.

Pak když tak log z HJT.

[AleRx8]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:31:46, on 20.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mediafour\iPod\M4iPodWPDService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Fraps\fraps.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\IObit\Game Booster\gbtray.exe
C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_1_3_0\RGSC.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Mediafour XPlay Explorer notifications - {4907C0AD-874D-44D9-B13E-7B0A4D8B9D3E} - C:\Program Files\Mediafour\XPlay 3\XPBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\cssdll32.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Služba Google Update (gupdate1c9b8f938ee5722) (gupdate1c9b8f938ee5722) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: M4iPodWPDService - Mediafour Corporation - C:\Program Files\Common Files\Mediafour\iPod\M4iPodWPDService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Unknown owner - C:\WINDOWS\system32\sfrem01.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 10135 byte

[Damned]

Odinstaluj si AskBarDis (Ask Toolbar)

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

sc config SF FrontLine Drivers Auto Removal (v1) (sfrem01) start= disabled
sc config sfrem01 start= disabled
sc stop SF FrontLine Drivers Auto Removal (v1) (sfrem01)
sc stop sfrem01
sc delete SF FrontLine Drivers Auto Removal (v1) (sfrem01)
sc delete sfrem01

ulož si ho na plochu jako-název remove.bat a ulož ho jako typ všechny soubory , najdi na ploše tento soubor , spusť ho poklepáním.
Otevře se Dosovské okno a zavře. Restartuj comp.
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[AleRx8]

Malwarebytes' Anti-Malware 1.42
Verze databáze: 3289
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20.12.2009 8:49:32
mbam-log-2009-12-20 (08-49-27).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 107444
Uplynulý čas: 5 minute(s), 2 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 2
Infikované soubory: 8

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
C:\Program Files\Common Files\CSUninstall (Rogue.CyberSecurity) -> No action taken.
C:\Documents and Settings\All Users\Nabídka Start\CS (Rogue.CyberSecurity) -> No action taken.

Infikované soubory:
C:\Program Files\Common Files\CSUninstall\Uninstall.lnk (Rogue.CyberSecurity) -> No action taken.
C:\Documents and Settings\All Users\Nabídka Start\CS\Computer Scan.lnk (Rogue.CyberSecurity) -> No action taken.
C:\Documents and Settings\All Users\Nabídka Start\CS\Cyber Security.lnk (Rogue.CyberSecurity) -> No action taken.
C:\Documents and Settings\All Users\Nabídka Start\CS\Help.lnk (Rogue.CyberSecurity) -> No action taken.
C:\Documents and Settings\All Users\Nabídka Start\CS\Registration.lnk (Rogue.CyberSecurity) -> No action taken.
C:\Documents and Settings\All Users\Nabídka Start\CS\Security Center.lnk (Rogue.CyberSecurity) -> No action taken.
C:\Documents and Settings\All Users\Nabídka Start\CS\Settings.lnk (Rogue.CyberSecurity) -> No action taken.
C:\Documents and Settings\All Users\Nabídka Start\CS\Update.lnk (Rogue.CyberSecurity) -> No action taken.

[Damned]

Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
a ulož si ho na Plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[AleRx8]

Mbam:
Malwarebytes' Anti-Malware 1.42
Verze databáze: 3289
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20.12.2009 9:27:31
mbam-log-2009-12-20 (09-27-31).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 107621
Uplynulý čas: 4 minute(s), 41 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 2
Infikované soubory: 8

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
C:\Program Files\Common Files\CSUninstall (Rogue.CyberSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Nabídka Start\CS (Rogue.CyberSecurity) -> Quarantined and deleted successfully.

Infikované soubory:
C:\Program Files\Common Files\CSUninstall\Uninstall.lnk (Rogue.CyberSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Nabídka Start\CS\Computer Scan.lnk (Rogue.CyberSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Nabídka Start\CS\Cyber Security.lnk (Rogue.CyberSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Nabídka Start\CS\Help.lnk (Rogue.CyberSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Nabídka Start\CS\Registration.lnk (Rogue.CyberSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Nabídka Start\CS\Security Center.lnk (Rogue.CyberSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Nabídka Start\CS\Settings.lnk (Rogue.CyberSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Nabídka Start\CS\Update.lnk (Rogue.CyberSecurity) -> Quarantined and deleted successfully.

ComboFix přiložím později

[AleRx8]

ComboFix:
ComboFix 09-12-19.01 - Aleš 20.12.2009 9:47.9.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2521 [GMT 1:00]
Spuštěný z: c:\documents and settings\Aleš\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Aleç\Dokumenty\cc_20091102_174626.reg
C:\LOG.TXT
c:\windows\system32\SIntf16.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-20 do 2009-12-20 )))))))))))))))))))))))))))))))
.

2009-12-19 13:12 . 2008-09-22 15:34 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll
2009-12-18 17:50 . 2009-12-18 17:51 601860 ----a-w- c:\windows\1108.zip
2009-12-17 17:50 . 2009-12-17 18:12 -------- d-----w- c:\program files\Ashampoo
2009-12-16 20:02 . 2009-12-16 20:02 -------- d-----w- c:\program files\Veetle
2009-12-12 14:56 . 2009-12-12 14:56 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-12 14:53 . 2009-12-12 14:53 -------- d-----w- c:\program files\Common Files\Skype
2009-12-12 14:53 . 2009-12-12 14:54 -------- d-----r- c:\program files\Skype
2009-12-12 14:46 . 2009-12-12 14:47 -------- d-----w- c:\program files\Miranda IM
2009-12-12 14:43 . 2007-10-09 15:59 217088 ----a-w- c:\windows\UninstallW.exe
2009-12-12 14:43 . 2006-09-12 02:36 1606 ----a-w- c:\windows\uninsW.bat
2009-12-12 14:43 . 2006-06-22 14:34 970 ----a-w- c:\windows\uninsWmove.bat
2009-12-12 14:43 . 2005-12-28 17:54 29 ----a-w- c:\windows\uninsW98.bat
2009-12-09 20:38 . 2009-12-09 20:38 -------- d-----w- c:\windows\system32\custom matrices
2009-12-09 20:38 . 2009-12-09 20:38 -------- d-----w- c:\windows\system32\C2MP
2009-12-09 20:23 . 2009-12-16 20:10 -------- d-----w- c:\program files\SopCast
2009-12-09 13:52 . 2009-12-10 06:50 -------- d-----w- c:\program files\FlatOut 2 Mod Manager
2009-12-09 09:22 . 2009-12-09 09:22 -------- d-----w- c:\program files\Common Files\xing shared
2009-12-05 09:15 . 2009-03-19 13:48 8320 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2009-12-05 09:15 . 2009-03-19 13:48 136704 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2009-12-05 09:15 . 2009-02-09 07:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-12-05 09:12 . 2009-12-17 18:13 -------- d-----w- c:\program files\Nokia
2009-12-01 13:34 . 2009-12-01 13:34 -------- d-----w- c:\program files\SweetIM
2009-12-01 11:07 . 2009-12-01 11:07 -------- d-----w- c:\windows\system32\Adobe
2009-12-01 09:45 . 2009-12-01 09:45 -------- d-----w- c:\program files\ATI
2009-11-30 12:24 . 2009-11-30 12:24 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2009-11-30 12:22 . 2009-12-08 12:57 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-30 12:22 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-30 12:22 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-11-30 12:22 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-11-30 12:22 . 2009-11-30 12:22 -------- d-----w- c:\program files\Avira
2009-11-30 08:41 . 2009-07-13 18:04 839680 ----a-w- c:\windows\system32\mkl_vml_p4.dll
2009-11-30 08:41 . 2009-07-13 18:04 532480 ----a-w- c:\windows\system32\mkl_vml_p3.dll
2009-11-30 08:41 . 2009-07-13 18:04 512000 ----a-w- c:\windows\system32\mkl_vml_def.dll
2009-11-30 08:41 . 2009-07-13 18:04 3485696 ----a-w- c:\windows\system32\mkl_p4.dll
2009-11-30 08:41 . 2009-07-13 18:04 2793472 ----a-w- c:\windows\system32\mkl_p3.dll
2009-11-30 08:41 . 2009-07-13 18:04 2125824 ----a-w- c:\windows\system32\mkl_lapack64.dll
2009-11-30 08:41 . 2009-10-16 10:19 872448 ----a-w- c:\windows\system32\rapture3d_oal.dll
2009-11-30 08:41 . 2009-07-13 18:04 2441216 ----a-w- c:\windows\system32\mkl_def.dll
2009-11-30 08:41 . 2009-07-13 18:04 2174976 ----a-w- c:\windows\system32\mkl_lapack32.dll
2009-11-30 08:41 . 2009-07-13 18:04 184320 ----a-w- c:\windows\system32\libguide40.dll
2009-11-30 08:41 . 2009-11-30 08:41 -------- d-----w- c:\program files\BRS
2009-11-22 10:21 . 2009-11-22 10:21 -------- d-----w- c:\program files\USArmy

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 07:43 . 2009-06-27 10:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-19 10:32 . 2009-02-17 15:37 58816 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-10 09:43 . 2008-09-02 11:25 -------- d-----w- c:\program files\FlatOut2
2009-12-09 20:07 . 2006-03-02 12:00 83652 ----a-w- c:\windows\system32\perfc005.dat
2009-12-09 20:07 . 2006-03-02 12:00 440316 ----a-w- c:\windows\system32\perfh005.dat
2009-12-09 09:23 . 2009-02-28 09:40 -------- d-----w- c:\program files\Common Files\Real
2009-12-09 09:21 . 2009-02-28 09:41 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-12-06 10:21 . 2009-01-24 05:54 -------- d-----w- c:\program files\Google
2009-12-03 15:14 . 2009-06-27 10:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-06-27 10:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-01 11:40 . 2009-09-09 05:10 -------- d-----w- c:\program files\IObit
2009-12-01 09:49 . 2008-04-30 13:55 -------- d-----w- c:\program files\ATI Technologies
2009-11-30 08:39 . 2009-03-21 14:29 -------- d-----w- c:\program files\OpenAL
2009-11-30 08:39 . 2009-03-21 14:29 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-30 08:39 . 2009-03-21 14:29 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-30 08:35 . 2008-11-03 15:52 -------- d-----w- c:\program files\Codemasters
2009-11-30 08:35 . 2008-04-30 19:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-30 07:14 . 2008-05-19 12:31 -------- d-----w- c:\program files\Rockstar Games
2009-11-30 07:12 . 2008-05-08 07:15 -------- d-----w- c:\program files\Sierra
2009-11-22 10:36 . 2008-07-14 12:22 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-22 10:35 . 2008-07-14 12:22 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-22 10:35 . 2008-12-29 14:37 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-11-21 08:25 . 2009-03-05 17:44 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-21 08:24 . 2008-10-10 12:36 -------- d-----w- c:\program files\GameSpy Arcade
2009-11-15 08:49 . 2008-12-29 16:51 -------- d-----w- c:\program files\Zaklínač
2009-11-14 14:21 . 2009-11-14 14:21 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-14 14:21 . 2009-03-08 15:56 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-14 10:20 . 2009-11-14 10:20 -------- d-----w- c:\program files\TopCD
2009-11-10 19:28 . 2009-08-23 11:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-10 19:28 . 2009-11-10 17:31 -------- d-----w- c:\program files\Divinity2
2009-11-06 15:56 . 2008-05-03 08:26 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-04 16:15 . 2008-03-29 06:21 4423168 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-11-04 15:45 . 2008-03-29 04:05 479232 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-11-04 15:44 . 2008-03-29 04:04 300032 ----a-w- c:\windows\system32\ati2dvag.dll
2009-11-04 15:30 . 2009-08-24 10:20 -------- d-----w- c:\program files\TuneUp Utilities 2008
2009-11-04 15:29 . 2008-03-29 03:56 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-11-04 15:29 . 2008-03-29 03:56 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-11-04 15:29 . 2008-03-29 03:55 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-11-04 15:29 . 2008-03-29 03:55 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-11-04 15:28 . 2008-03-29 03:55 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-11-04 15:28 . 2008-03-29 03:39 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-11-04 15:27 . 2008-03-29 03:54 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-11-04 15:26 . 2008-03-29 03:52 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-11-04 15:18 . 2008-03-29 03:43 3518304 ----a-w- c:\windows\system32\ati3duag.dll
2009-11-04 15:17 . 2009-01-14 05:46 13000704 ----a-w- c:\windows\system32\atioglxx.dll
2009-11-04 15:05 . 2008-03-29 03:36 2135680 ----a-w- c:\windows\system32\ativvaxx.dll
2009-11-04 15:04 . 2008-03-29 03:36 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-11-04 15:04 . 2008-03-29 03:36 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-11-04 14:51 . 2009-03-16 19:40 65024 ----a-w- c:\windows\system32\atimpc32.dll
2009-11-04 14:51 . 2008-03-29 03:24 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2009-11-04 14:47 . 2008-03-29 03:21 565248 ----a-w- c:\windows\system32\atikvmag.dll
2009-11-04 14:46 . 2009-02-04 02:43 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-11-04 14:46 . 2009-02-04 02:42 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-11-04 14:45 . 2009-01-14 03:44 172032 ----a-w- c:\windows\system32\atiadlxx.dll
2009-11-04 14:45 . 2009-02-04 02:40 3526656 ----a-w- c:\windows\system32\aticaldd.dll
2009-11-04 14:45 . 2008-03-29 03:19 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-11-04 14:44 . 2008-03-29 04:40 397312 ----a-w- c:\windows\system32\atiok3x2.dll
2009-11-04 14:44 . 2008-03-29 03:18 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-11-04 14:39 . 2008-03-29 03:12 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2009-11-04 13:35 . 2009-11-04 13:34 -------- d-----w- c:\program files\Rhinoceros 3.0 Evaluation
2009-11-04 13:34 . 2009-11-04 13:34 -------- d-----w- c:\program files\Common Files\McNeel Shared
2009-11-04 13:28 . 2009-11-04 13:28 253688 ----a-w- c:\windows\system32\cssdll32.dll
2009-11-04 13:28 . 2009-11-04 13:27 -------- d-----w- c:\program files\COMODO
2009-11-04 13:27 . 2009-11-04 13:27 82080 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-11-04 13:27 . 2009-11-04 13:27 24096 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-11-04 13:27 . 2009-11-04 13:27 168208 ----a-w- c:\windows\system32\guard32.dll
2009-11-04 13:27 . 2009-11-04 13:27 132640 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-11-02 16:45 . 2009-11-02 16:45 -------- d-----w- c:\program files\CCleaner
2009-11-02 15:04 . 2009-11-30 08:39 809560 ----a-r- c:\windows\system32\tmp1A8.tmp
2009-11-02 15:04 . 2009-11-30 08:39 809560 ----a-r- c:\windows\system32\tmp1A7.tmp
2009-10-29 07:43 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:19 . 2009-10-26 14:52 -------- d-----w- c:\program files\CS
2009-10-24 17:52 . 2009-04-04 09:18 -------- d-----w- c:\program files\Wise Registry Cleaner 3
2009-10-21 05:40 . 2006-03-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2006-03-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-03-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2006-03-02 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2006-03-02 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2006-03-02 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-09-25 14:35 . 2008-04-30 13:56 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-09-23 12:55 . 2009-03-05 16:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-02-07 306088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-11-14 1278736]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\cssdll32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 16:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2009-02-07 16:23 306088 ----a-w- c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe"
"RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"amd_dc_opt"=c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"{914C5BF8-EEDD-4F3A-A8BE-34EE71CF1B29}"="c:\program files\Mediafour\XPlay 3\XPlay.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Documents and Settings\\Aleš\\Plocha\\Hry\\Race Driver Grid\\GRID.exe"=
"c:\\Documents and Settings\\Aleš\\Plocha\\Hry\\qwake\\quake3.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Codemasters\\FUEL\\FUEL.exe"=
"c:\\Program Files\\Electronic Arts\\BattleForge\\Bootstrapper.exe"=
"c:\\Program Files\\Electronic Arts\\BattleForge\\BattleForge.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\USArmy\\America's Army 3\\Binaries\\AA3Game.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\Codemasters\\DiRT2 Demo\\dirt2.exe"=
"c:\\Documents and Settings\\Aleš\\Plocha\\Hry\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [29.12.2008 17:44 5248]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5.3.2009 17:15 64288]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [30.4.2009 16:18 284416]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [10.8.2009 13:10 136744]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [4.11.2009 14:27 132640]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [4.11.2009 14:27 24096]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [30.11.2009 13:22 108289]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [9.9.2009 6:21 312592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1184912]
R2 M4iPodWPDService;M4iPodWPDService;c:\program files\Common Files\Mediafour\iPod\M4iPodWPDService.exe [6.7.2009 8:18 208896]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [3.5.2008 9:30 36864]
S0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [29.12.2008 17:44 160640]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.5.2008 12:25 721904]
S2 gupdate1c9b8f938ee5722;Služba Google Update (gupdate1c9b8f938ee5722);c:\program files\Google\Update\GoogleUpdate.exe [9.4.2009 10:54 133104]
S3 MaplomL;MaplomL; [x]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [5.12.2009 10:15 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [5.12.2009 10:15 8320]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.1.2007 18:31 42000]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe [4.4.2009 11:17 98488]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
IE: Download with Star Downloader
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout Star Downloaderem
FF - ProfilePath - c:\documents and settings\Aleš\Data aplikací\Mozilla\Firefox\Profiles\3z9g3s1m.default\
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\documents and settings\Aleš\Data aplikací\Mozilla\Firefox\Profiles\3z9g3s1m.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1691.8062\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 600000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-20 09:56
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
RGSC = c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent?urre??????S?c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLaunche

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1275210071-688789844-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:37,40,43,ab,c7,6b,e4,b3,6f,d5,3f,0f,6d,b9,a5,1d,bf,0b,8e,39,4a,6b,0a,
d1,ed,f6,16,0f,b0,ef,55,06,39,b0,9a,ea,cf,9f,a0,59,06,1d,2b,36,fe,9d,e5,c1,\
"??"=hex:f1,77,94,1a,22,b0,c5,38,fd,c3,dd,40,36,67,45,49

[HKEY_USERS\S-1-5-21-1275210071-688789844-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:56,f7,d2,82,91,a2,5b,8e,b7,df,22,5f,de,d3,d5,2f,6e,64,c4,3c,6c,
14,a0,25,35,06,73,e6,e2,83,b8,f2,35,3a,02,39,bf,0f,78,96,9c,63,b4,a5,c8,86,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(944)
c:\windows\system32\guard32.dll
.
Celkový čas: 2009-12-20 09:58:00
ComboFix-quarantined-files.txt 2009-12-20 08:57

Před spuštěním: 5 903 077 376
Po spuštění: 5 944 164 352

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 1BBEC7300ADAD9758E7FD83F7165B441

[AleRx8]

Up

[Damned]

c:\windows\1108.zip to znáš?

[AleRx8]

To je nejspiš BIOS, co jsem stahoval ale nepoužil

[Damned]

Dobrá, nebudu to tedy mazat.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\ezsidmv.dat
c:\windows\system32\mlfcache.dat
c:\windows\system32\tmp1A8.tmp
c:\windows\system32\tmp1A7.tmp

FireFox::
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=

Driver::
MaplomL;MaplomL
MaplomL



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače