Win32:FakeAlert-AAB [Trj]? prosim radu

[rydymr]

Dobrý večer dnes asi okolo 16 hodiny jsem hral jednu nejmenovanou hru a avast mi napsal že našel infikovaný soubor C/Steam/Steam-exe asi nak tak to bylo tak jsem ho smazal a když jsem si řek že pustím steam tak jsem ho musel reinstalovat a asi tak při 24 % to napsalo samou hlášku nato jsem projel PC avastem a našel 4 infikované stejným virem Win32:FakeAlert-AAB [Trj]
steam jsem cely smazal a když ho chi znovu instalovat tak to píše to samé Win32:FakeAlert-AAB [Trj] v soubru steam-exe
první log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:27:21, on 22.2.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Deamon Tools\DAEMON Tools Lite\DTLite.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program Files\SanDisk\SanDisk Media Manager\New Folder\SanDiskMediaManager-Launcher.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Vertex Wireless\VW100 Connection Manager\Connection Manager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Steam\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1060933
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\5.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\5.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\5.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\DAEMON Tools Toolbar\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Center Agent] C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Deamon Tools\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: SanDisk Media Manager.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... 2010052806
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6C3703E-EF4B-4CB1-9D7F-B04FAB90397C}: NameServer = 78.136.128.4 78.136.128.12
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe




Logfile of random's system information tool 1.08 (written by random/random)
Run by Michal at 2011-02-22 19:31:09
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 88 GB (77%) free of 115 GB
Total RAM: 2015 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:31:29, on 22.2.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Deamon Tools\DAEMON Tools Lite\DTLite.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program Files\SanDisk\SanDisk Media Manager\New Folder\SanDiskMediaManager-Launcher.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Vertex Wireless\VW100 Connection Manager\Connection Manager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\mu demonic 4\DaemonicMU Season IV\main.exe
D:\Steam\RSIT.exe
C:\Program Files\trend micro\Michal.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1060933
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\5.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\5.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\5.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\DAEMON Tools Toolbar\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Center Agent] C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Deamon Tools\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: SanDisk Media Manager.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... 2010052806
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6C3703E-EF4B-4CB1-9D7F-B04FAB90397C}: NameServer = 78.136.128.4 78.136.128.12
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe

--
End of file - 8534 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\bar\5.bin\MWSSRCAS.DLL [2010-09-02 54704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL [2010-09-02 775696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
PandoraTV Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-03 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - PandoraTV Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My Web Search - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL [2010-09-02 775696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-02-22 18791456]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2007-01-15 108160]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"My Web Search Bar"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\5.bin\MWSBAR.DLL,S []
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe [2010-09-02 32849]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-09-12 196608]
"DAEMON Tools-1033"=C:\Program Files\DAEMON Tools Toolbar\daemon.exe -lang 1033 []
"Freecorder FLV Service"=C:\Program Files\Freecorder\FLVSrvc.exe /run []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"Center Agent"=C:\Program Files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"VW100 Connection Manager"= []
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe [2010-09-02 32849]
"DAEMON Tools Lite"=D:\Deamon Tools\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Corel MEDIA FOLDERS INDEXER 8.LNK - C:\Corel\Graphics8\Programs\MFIndexer.exe
SanDisk Media Manager.lnk -

C:\Documents and Settings\Michal\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\TrackMania Sunrise\TmSunrise.exe"="C:\Program Files\TrackMania Sunrise\TmSunrise.exe:*:Enabled:TmSunrise"
"D:\TrackMania Sunrise\TmSunrise.exe"="D:\TrackMania Sunrise\TmSunrise.exe:*:Enabled:TmSunrise"
"D:\MU\metin2client.bin"="D:\MU\metin2client.bin:*:Enabled:metin2client"
"D:\MU\metin2.bin"="D:\MU\metin2.bin:*:Enabled:metin2"
"D:\CS 1.6\hl.exe"="D:\CS 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"D:\CS 1.6\Patch\hltv.exe"="D:\CS 1.6\Patch\hltv.exe:*:Enabled:HLTV Launcher"
"D:\Q demo\quake3.exe"="D:\Q demo\quake3.exe:*:Enabled:quake3"
"C:\Documents and Settings\Michal\Plocha\Quake III\quake3.exe"="C:\Documents and Settings\Michal\Plocha\Quake III\quake3.exe:*:Enabled:quake3"
"D:\Ikony\ShowMyPCSSH\smwinvnc.exe"="D:\Ikony\ShowMyPCSSH\smwinvnc.exe:*:Enabled:TightVNC Win32 Server"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\Roller coaster tycoon\rollerct\RCT.EXE"="D:\Roller coaster tycoon\rollerct\RCT.EXE:*:Enabled:RCT"
"D:\Roller coaster tycoon\rct.exe"="D:\Roller coaster tycoon\rct.exe:*:Enabled:rct"
"D:\command C\RetailExe\1.0\cnc3game.dat"="D:\command C\RetailExe\1.0\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"D:\Star wars\Star Wars Jedi Knight Jedi Academy.part1\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe"="D:\Star wars\Star Wars Jedi Knight Jedi Academy.part1\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"D:\OperationFlashpoint\FlashpointResistance.exe"="D:\OperationFlashpoint\FlashpointResistance.exe:*:Enabled:Operation Flashpoint"
"D:\Quake III\quake3.exe"="D:\Quake III\quake3.exe:*:Enabled:quake3"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"D:\CS 1.6\toto_smazte\hltv.exe"="D:\CS 1.6\toto_smazte\hltv.exe:*:Enabled:HLTV Launcher"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\2K Games\steam\Steam.exe"="C:\Program Files\2K Games\steam\Steam.exe:*:Enabled:Steam"
"D:\CS 1.6\hltv.exe"="D:\CS 1.6\hltv.exe:*:Enabled:HLTV Launcher"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\CS 1.6 Source\Counter-Strike Source\hl2.exe"="D:\CS 1.6 Source\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2"
"D:\Two Worlds\TwoWorlds.exe"="D:\Two Worlds\TwoWorlds.exe:*:Enabled:Two Worlds"
"D:\Two Worlds\TwoWorlds_RADEON.exe"="D:\Two Worlds\TwoWorlds_RADEON.exe:*:Enabled:Two Worlds"
"C:\Documents and Settings\Michal\Local Settings\Temp\ElectronicArts_Patcher_000.exe"="C:\Documents and Settings\Michal\Local Settings\Temp\ElectronicArts_Patcher_000.exe:*:Enabled:ElectronicArts_Patcher_000"
"D:\Lord of The ring\game.dat"="D:\Lord of The ring\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"D:\command C\RetailExe\1.9\cnc3game.dat"="D:\command C\RetailExe\1.9\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\Program Files\Steam\steamapps\r3plikator1\condition zero\hl.exe"="C:\Program Files\Steam\steamapps\r3plikator1\condition zero\hl.exe:*:Enabled:Counter-Strike: Condition Zero"
"C:\Program Files\Steam\steamapps\r3plikator1\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\r3plikator1\counter-strike\hl.exe:*:Enabled:Counter-Strike"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"D:\Steam\New Folder\Steam.exe"="D:\Steam\New Folder\Steam.exe:*:Enabled:Steam"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2011-02-22 19:31:10 ----D---- C:\Program Files\trend micro
2011-02-22 19:31:09 ----D---- C:\rsit
2011-02-22 16:56:50 ----A---- C:\WINDOWS\ntbtlog.txt
2011-02-15 18:30:36 ----D---- C:\Program Files\Electronic Arts
2011-01-26 16:36:20 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2011-01-21 20:35:26 ----D---- C:\Documents and Settings\Michal\Data aplikací\PriceGong
2011-01-21 20:34:47 ----D---- C:\WINDOWS\Freecorder
2011-01-18 21:29:37 ----A---- C:\WINDOWS\system32\AUDIOGENIE2.DLL
2011-01-18 21:29:23 ----D---- C:\WINDOWS\Replay Media Catcher
2011-01-18 21:28:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\Anvsoft
2011-01-18 21:28:37 ----D---- C:\Documents and Settings\Michal\Data aplikací\Photo DVD Maker
2011-01-18 21:28:17 ----D---- C:\Program Files\Photo DVD Maker Professional
2011-01-17 19:43:04 ----A---- C:\WINDOWS\system32\ptpusd.dll
2011-01-17 19:43:04 ----A---- C:\WINDOWS\system32\ptpusb.dll
2011-01-17 19:43:03 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2011-01-16 03:03:23 ----D---- C:\Program Files\DaemonicMU Season IV
2011-01-14 17:13:03 ----D---- C:\Documents and Settings\Michal\Data aplikací\My Battle for Middle-earth Files
2011-01-12 18:13:59 ----A---- C:\WINDOWS\system32\drivers\d347prt.sys
2011-01-12 18:13:59 ----A---- C:\WINDOWS\system32\drivers\d347bus.sys
2011-01-12 18:13:33 ----D---- C:\WINDOWS\Downloaded Installations
2011-01-11 20:37:19 ----D---- C:\Documents and Settings\Michal\Data aplikací\teamspeak2
2011-01-08 18:32:11 ----D---- C:\WINDOWS\RegisteredPackages
2011-01-07 05:04:52 ----A---- C:\WINDOWS\system32\wmpns.dll
2011-01-01 21:34:10 ----D---- C:\Documents and Settings\Michal\Data aplikací\Ventrilo
2010-12-24 20:11:11 ----D---- C:\Documents and Settings\Michal\Data aplikací\TS3Client
2010-12-24 19:16:03 ----A---- C:\Documents and Settings\All Users\Data aplikací\Microsoft.SqlServer.Compact.351.32.bc
2010-12-24 19:16:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\SanDisk
2010-12-24 19:15:29 ----D---- C:\WINDOWS\XSxS
2010-12-24 19:15:29 ----D---- C:\WINDOWS\system32\en-US
2010-12-24 19:15:29 ----D---- C:\Program Files\Xenocode
2010-12-24 19:15:23 ----D---- C:\Program Files\SanDisk
2010-12-22 07:29:21 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-12-21 17:48:16 ----D---- C:\Documents and Settings\Michal\Data aplikací\TeamViewer

======List of files/folders modified in the last 3 months======

2011-02-22 19:31:21 ----A---- C:\WINDOWS\ModemLog_Vertex Wireless CDC Modem.txt
2011-02-22 19:31:10 ----RD---- C:\Program Files
2011-02-22 18:07:44 ----SHD---- C:\WINDOWS\Installer
2011-02-22 18:07:41 ----AD---- C:\WINDOWS
2011-02-22 18:05:51 ----D---- C:\WINDOWS\Prefetch
2011-02-22 17:40:17 ----D---- C:\WINDOWS\Temp
2011-02-22 17:05:48 ----D---- C:\WINDOWS\system32\CatRoot2
2011-02-22 17:02:04 ----D---- C:\TEMP
2011-02-22 16:57:46 ----D---- C:\Documents and Settings
2011-02-22 16:55:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-02-22 16:49:01 ----SD---- C:\Documents and Settings\Michal\Data aplikací\Microsoft
2011-02-21 09:09:27 ----A---- C:\WINDOWS\wincmd.ini
2011-02-20 06:19:58 ----D---- C:\WINDOWS\system32\drivers
2011-02-15 18:43:14 ----D---- C:\WINDOWS\system32\DirectX
2011-02-15 18:43:13 ----HD---- C:\WINDOWS\inf
2011-02-06 07:25:11 ----SD---- C:\WINDOWS\Tasks
2011-02-04 14:23:21 ----D---- C:\Documents and Settings\Michal\Data aplikací\Command & Conquer 3 Tiberium Wars
2011-02-04 13:18:40 ----A---- C:\WINDOWS\NeroDigital.ini
2011-01-31 13:48:29 ----AD---- C:\WINDOWS\system32
2011-01-26 16:36:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-01-25 18:14:23 ----D---- C:\WINDOWS\system32\CatRoot
2011-01-25 18:10:51 ----D---- C:\Program Files\Common Files\InstallShield
2011-01-18 21:33:37 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-01-18 14:58:37 ----A---- C:\WINDOWS\ModemLog_Vertex Wireless CDC Modem #2.txt
2010-12-14 07:21:48 ----D---- C:\Documents and Settings\Michal\Data aplikací\Skype
2010-12-13 04:16:17 ----D---- C:\Program Files\Mozilla Firefox
2010-12-04 14:34:02 ----D---- C:\Program Files\2K Games

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 d347bus;d347bus; C:\WINDOWS\system32\DRIVERS\d347bus.sys [2004-08-22 155136]
R0 d347prt;d347prt; C:\WINDOWS\System32\Drivers\d347prt.sys [2004-08-22 5248]
R0 nvgts;nvgts; C:\WINDOWS\system32\DRIVERS\nvgts.sys [2009-08-04 165920]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\system32\drivers\sfdrv01.sys [2006-05-10 51200]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\WINDOWS\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\system32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2006-07-10 27032]
R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x); C:\WINDOWS\system32\drivers\sfsync04.sys [2006-05-10 52224]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2007-01-12 82296]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-09-03 691696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2006-12-21 31560]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2007-01-15 43176]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2006-12-21 94424]
R3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2007-01-18 670592]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2007-01-15 23352]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\HIDUSB.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-02-22 5862432]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-09-27 7655872]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2009-07-30 66816]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2009-07-30 13824]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 vwmfbus;Vertex Wireless Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\vwmfbus.sys [2009-11-11 98560]
R3 vwmfdiag;Vertex Wireless Diagnostic Monitor Port Driver (WDM); C:\WINDOWS\system32\DRIVERS\vwmfdiag.sys [2009-11-11 100224]
R3 vwmfmdfl;~Vertex Wireless CDC Modem Filter~; C:\WINDOWS\system32\DRIVERS\vwmfmdfl.sys [2009-11-11 14848]
R3 vwmfmdm;Vertex Wireless CDC Modem Driver; C:\WINDOWS\system32\DRIVERS\vwmfmdm.sys [2009-11-11 123776]
R3 vwmfserd;Vertex Wireless Device Management Port Driver (WDM); C:\WINDOWS\system32\DRIVERS\vwmfserd.sys [2009-11-11 100224]
S3 ago34dqu;ago34dqu; C:\WINDOWS\system32\drivers\ago34dqu.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 Mac606;Mac606 Filter; C:\WINDOWS\system32\DRIVERS\Mac606.sys [2007-09-19 19968]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2007-01-15 59008]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2007-01-15 132736]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-03 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2007-01-15 255616]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2007-01-15 370304]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:\WINDOWS\system32\sfrem01.exe [2006-05-10 353912]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[rydymr]

inu spustil jsem combo PC divně pípalo a pak to napsalo hlášku at vipnu štíty vypnul jsem rezidentni ochranu a to nestačí tak nevim co mam vypnout prosim radu v tomhle jsem nejistý

[rydymr]

omlouvám se už combo jede

[rydymr]

tak tady jsou ty výpisy

ComboFix 11-02-21.02 - Michal 22.02.2011 20:08:23.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2015.1403 [GMT 1:00]
Spuštěný z: d:\steam\ComboFix.exe
AV: avast! antivirus 4.7.942 [VPS 110222-0] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Michal\Data aplikací\PriceGong
c:\documents and settings\Michal\Data aplikací\PriceGong\Data\1.xml
c:\documents and settings\Michal\Data aplikací\PriceGong\Data\a.xml
c:\documents and settings\Michal\Data aplikací\PriceGong\Data\b.xml
c:\documents and settings\Michal\Data aplikací\PriceGong\Data\c.xml
c:\documents and settings\Michal\Data aplikací\PriceGong\Data\d.xml
c:\documents and settings\Michal\Data aplikací\PriceGong\Data\e.xml
c:\documents and settings\Michal\Data aplikací\PriceGong\Data\f.xml
c:\documents and settings\Michal\Data aplikací\PriceGong\Data\g.xml
c:\documents and settings\Michal\Data aplikací\PriceGong\Data\h.xml
c:\documents and settings\Michal\Data aplikací\PriceGong\Data\i.xml
c:\documents and settings\Michal\Data aplikací\PriceGong\Data\J.xml
c:\documents and settings\Michal\Data aplikací\PriceGong\Data\k.xml
c:\documents and settings\Michal\Data aplikací\PriceGong\Data\l.xml
c:\documents and settings\Michal\Data aplikací\PriceGong\Data\m.xml
c:\documents and settings\Michal\Data aplikací\PriceGong\Data\mru.xml
c:\documents and settings\Michal\Data aplikací\PriceGong\Data\n.xml
c:\documents and settings\Michal\Data aplikací\PriceGong\Data\o.xml
c:\documents and settings\Michal\Data aplikací\PriceGong\Data\p.xml
c:\documents and settings\Michal\Data aplikací\PriceGong\Data\q.xml
c:\documents and settings\Michal\Data aplikací\PriceGong\Data\r.xml
c:\documents and settings\Michal\Data aplikací\PriceGong\Data\s.xml
c:\documents and settings\Michal\Data aplikací\PriceGong\Data\t.xml
c:\documents and settings\Michal\Data aplikací\PriceGong\Data\u.xml
c:\documents and settings\Michal\Data aplikací\PriceGong\Data\v.xml
c:\documents and settings\Michal\Data aplikací\PriceGong\Data\w.xml
c:\documents and settings\Michal\Data aplikací\PriceGong\Data\x.xml
c:\documents and settings\Michal\Data aplikací\PriceGong\Data\y.xml
c:\documents and settings\Michal\Data aplikací\PriceGong\Data\z.xml
c:\progra~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\3.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\4.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\4.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\5.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\5.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\5.bin\F3DTactl.dll
c:\program files\MyWebSearch\bar\5.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\5.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\5.bin\F3HTmlmu.dll
c:\program files\MyWebSearch\bar\5.bin\F3HTtpct.dll
c:\program files\MyWebSearch\bar\5.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\5.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\5.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\5.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\5.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\5.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\5.bin\F3SCrctr.dll
c:\program files\MyWebSearch\bar\5.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\5.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\5.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\5.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\5.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\5.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\5.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\5.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\5.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\5.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\5.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\5.bin\M3HTml.dll
c:\program files\MyWebSearch\bar\5.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\5.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\5.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\5.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\5.bin\M3OUtlcn.dll
c:\program files\MyWebSearch\bar\5.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\5.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\5.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\5.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\5.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\5.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\5.bin\MWSMLBTN.DLL
c:\program files\MyWebSearch\bar\5.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\5.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\5.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\5.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\5.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\5.bin\MWSUABTN.DLL
c:\program files\MyWebSearch\bar\5.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\001BB93A
c:\program files\MyWebSearch\bar\Cache\001BC58E
c:\program files\MyWebSearch\bar\Cache\001BC782.bin
c:\program files\MyWebSearch\bar\Cache\001BC967.bin
c:\program files\MyWebSearch\bar\Cache\001BCA61.bin
c:\program files\MyWebSearch\bar\Cache\001BCAFD.bin
c:\program files\MyWebSearch\bar\Cache\001BCC84.bin
c:\program files\MyWebSearch\bar\Cache\001BCD5E.bin
c:\program files\MyWebSearch\bar\Cache\00A72D2E.bin
c:\program files\MyWebSearch\bar\Cache\00A73ADA.bin
c:\program files\MyWebSearch\bar\Cache\01A24545.bmp
c:\program files\MyWebSearch\bar\Cache\01A24B5F
c:\program files\MyWebSearch\bar\Cache\01A27231
c:\program files\MyWebSearch\bar\Cache\01A27D9B
c:\program files\MyWebSearch\bar\Cache\01A283D4
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_FeatCk.dat
c:\program files\MyWebSearch\bar\Settings\s_FeatCk.dat.bak
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\daemon.dll
c:\windows\system32\f3PSSavr.scr
c:\windows\XSxS

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-22 do 2011-02-22 )))))))))))))))))))))))))))))))
.

2011-02-22 18:31 . 2011-02-22 18:31 -------- d-----w- c:\program files\trend micro
2011-02-22 18:31 . 2011-02-22 18:31 -------- d-----w- C:\rsit
2011-02-22 15:57 . 2011-02-22 15:57 -------- d-----w- c:\documents and settings\Administrator
2011-02-22 15:49 . 2011-02-22 15:49 388096 ----a-r- c:\documents and settings\Michal\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-15 17:30 . 2011-02-15 17:30 -------- d-----w- c:\program files\Electronic Arts
2011-01-31 12:48 . 2007-03-01 01:54 109248 ----a-w- c:\windows\system32\MSWINSCK.OCX
2011-01-26 15:36 . 2001-10-24 10:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2011-01-26 15:36 . 2001-10-24 10:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 12:37 . 2004-07-17 09:36 12400 ----a-w- c:\windows\system32\drivers\secdrv.sys
2011-01-21 19:23 . 2011-01-18 20:29 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 16:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\deamon tools\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-02-22 18791456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-09-12 196608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Michal\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Corel MEDIA FOLDERS INDEXER 8.LNK - c:\corel\Graphics8\Programs\MFIndexer.exe [2010-4-27 83456]
SanDisk Media Manager.lnk - [N/A]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\TrackMania Sunrise\\TmSunrise.exe"=
"d:\\MU\\metin2client.bin"=
"d:\\MU\\metin2.bin"=
"d:\\CS 1.6\\hl.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Roller coaster tycoon\\rollerct\\RCT.EXE"=
"d:\\Roller coaster tycoon\\rct.exe"=
"d:\\command C\\RetailExe\\1.0\\cnc3game.dat"=
"d:\\OperationFlashpoint\\FlashpointResistance.exe"=
"d:\\Quake III\\quake3.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"d:\\CS 1.6\\hltv.exe"=
"d:\\Two Worlds\\TwoWorlds.exe"=
"d:\\Two Worlds\\TwoWorlds_RADEON.exe"=
"d:\\Lord of The ring\\game.dat"=
"d:\\command C\\RetailExe\\1.9\\cnc3game.dat"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [12.1.2011 18:13 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [12.1.2011 18:13 5248]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.9.2010 11:42 691696]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [17.3.2010 15:12 670592]
R3 vwmfbus;Vertex Wireless Composite Device driver (WDM);c:\windows\system32\drivers\vwmfbus.sys [18.5.2010 10:24 98560]
R3 vwmfdiag;Vertex Wireless Diagnostic Monitor Port Driver (WDM);c:\windows\system32\drivers\vwmfdiag.sys [18.5.2010 10:24 100224]
R3 vwmfmdfl;~Vertex Wireless CDC Modem Filter~;c:\windows\system32\drivers\vwmfmdfl.sys [18.5.2010 10:24 14848]
R3 vwmfmdm;Vertex Wireless CDC Modem Driver;c:\windows\system32\drivers\vwmfmdm.sys [18.5.2010 10:24 123776]
R3 vwmfserd;Vertex Wireless Device Management Port Driver (WDM);c:\windows\system32\drivers\vwmfserd.sys [18.5.2010 10:24 100224]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.3.2010 23:08 1691480]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 Mac606;Mac606 Filter;c:\windows\system32\drivers\Mac606.sys [22.3.2010 10:47 19968]
.
Obsah adresáře 'Naplánované úlohy'

2011-02-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 16:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {D6C3703E-EF4B-4CB1-9D7F-B04FAB90397C} = 78.136.128.4 78.136.128.12
FF - ProfilePath - c:\documents and settings\Michal\Data aplikací\Mozilla\Firefox\Profiles\o760illy.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/firefox?client=firefox-a& ... s:official
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRfox000&ptb=_RKNb1RJbyUwJRSGLyuU8g&psa=&ind=2010052806&ptnrS=GRfox000&si=&st=kwd&n=77cef8c6&searchfor=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-Center Agent - c:\program files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe
HKCU-Run-VW100 Connection Manager - (no file)
HKCU-Run-Skype - c:\program files\Skype\Phone\Skype.exe
HKLM-Run-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe
HKLM-Run-DAEMON Tools-1033 - c:\program files\DAEMON Tools Toolbar\daemon.exe
HKLM-Run-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe
AddRemove-Flashpoint - c:\program files\Codemasters\UnInstall.exe
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe
AddRemove-{2933831A-7F63-433A-82EC-4A7882FCFA8B}_is1 - d:\popeláři\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-22 20:15
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1292428093-1580436667-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Electronic Arts\C*o*m*m*a*n*d* *a*n*d* *C*o*n*q*u*e*r* *3* *T*i*b*e*r*i*u*m* *W*a*r*s*"!\Podpora]
"Order"=hex:08,00,00,00,02,00,00,00,8a,02,00,00,01,00,00,00,04,00,00,00,98,00,
00,00,00,00,00,00,8a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,78,00,32,\

[HKEY_USERS\S-1-5-21-1292428093-1580436667-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:64,c3,e1,fc,88,f4,d8,07,71,44,91,51,3b,da,18,05,90,a2,c1,42,f8,46,73,
7e,57,b1,85,67,f2,55,87,d8,53,b7,26,49,59,b5,fe,3d,f5,c8,da,d9,86,5d,ce,d8,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-1292428093-1580436667-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:f9,b3,0c,23,10,99,72,2a,02,92,e3,34,f4,e6,76,8b,5f,f8,a8,80,67,
2d,26,85,2d,1f,fc,e6,b4,5e,69,d5,8a,99,4d,16,c3,69,d4,55,33,58,9e,45,e3,73,\
"rkeysecu"=hex:dd,bc,ad,1e,30,35,24,4f,1a,47,c7,1e,c5,3b,48,c4
.
Celkový čas: 2011-02-22 20:16:30
ComboFix-quarantined-files.txt 2011-02-22 19:16

Před spuštěním: Volných bajtů: 92 683 759 616
Po spuštění: Volných bajtů: 94 723 084 288

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 327CCA7EB07F54D90426C2F49BA99A6D

[Rudy]

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\program files\Ask.com

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykloná příkazy ze skriptu.

[rydymr]

Tak jsem to provedl a toto z toho vylezlo

ComboFix 11-02-21.02 - Michal 22.02.2011 20:30:56.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2015.1398 [GMT 1:00]
Spuštěný z: d:\steam\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Michal\Plocha\CFScript.txt..txt
AV: avast! antivirus 4.7.942 [VPS 110222-0] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-22 do 2011-02-22 )))))))))))))))))))))))))))))))
.

2011-02-22 18:31 . 2011-02-22 18:31 -------- d-----w- c:\program files\trend micro
2011-02-22 18:31 . 2011-02-22 18:31 -------- d-----w- C:\rsit
2011-02-22 15:57 . 2011-02-22 15:57 -------- d-----w- c:\documents and settings\Administrator
2011-02-22 15:49 . 2011-02-22 15:49 388096 ----a-r- c:\documents and settings\Michal\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-15 17:30 . 2011-02-15 17:30 -------- d-----w- c:\program files\Electronic Arts
2011-01-31 12:48 . 2007-03-01 01:54 109248 ----a-w- c:\windows\system32\MSWINSCK.OCX
2011-01-26 15:36 . 2001-10-24 10:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2011-01-26 15:36 . 2001-10-24 10:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 12:37 . 2004-07-17 09:36 12400 ----a-w- c:\windows\system32\drivers\secdrv.sys
2011-01-21 19:23 . 2011-01-18 20:29 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\deamon tools\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-02-22 18791456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-09-12 196608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Michal\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Corel MEDIA FOLDERS INDEXER 8.LNK - c:\corel\Graphics8\Programs\MFIndexer.exe [2010-4-27 83456]
SanDisk Media Manager.lnk - [N/A]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\TrackMania Sunrise\\TmSunrise.exe"=
"d:\\MU\\metin2client.bin"=
"d:\\MU\\metin2.bin"=
"d:\\CS 1.6\\hl.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Roller coaster tycoon\\rollerct\\RCT.EXE"=
"d:\\Roller coaster tycoon\\rct.exe"=
"d:\\command C\\RetailExe\\1.0\\cnc3game.dat"=
"d:\\OperationFlashpoint\\FlashpointResistance.exe"=
"d:\\Quake III\\quake3.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"d:\\CS 1.6\\hltv.exe"=
"d:\\Two Worlds\\TwoWorlds.exe"=
"d:\\Two Worlds\\TwoWorlds_RADEON.exe"=
"d:\\Lord of The ring\\game.dat"=
"d:\\command C\\RetailExe\\1.9\\cnc3game.dat"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [12.1.2011 18:13 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [12.1.2011 18:13 5248]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.9.2010 11:42 691696]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [17.3.2010 15:12 670592]
R3 vwmfbus;Vertex Wireless Composite Device driver (WDM);c:\windows\system32\drivers\vwmfbus.sys [18.5.2010 10:24 98560]
R3 vwmfdiag;Vertex Wireless Diagnostic Monitor Port Driver (WDM);c:\windows\system32\drivers\vwmfdiag.sys [18.5.2010 10:24 100224]
R3 vwmfmdfl;~Vertex Wireless CDC Modem Filter~;c:\windows\system32\drivers\vwmfmdfl.sys [18.5.2010 10:24 14848]
R3 vwmfmdm;Vertex Wireless CDC Modem Driver;c:\windows\system32\drivers\vwmfmdm.sys [18.5.2010 10:24 123776]
R3 vwmfserd;Vertex Wireless Device Management Port Driver (WDM);c:\windows\system32\drivers\vwmfserd.sys [18.5.2010 10:24 100224]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.3.2010 23:08 1691480]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 Mac606;Mac606 Filter;c:\windows\system32\drivers\Mac606.sys [22.3.2010 10:47 19968]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {D6C3703E-EF4B-4CB1-9D7F-B04FAB90397C} = 78.136.128.4 78.136.128.12
FF - ProfilePath - c:\documents and settings\Michal\Data aplikací\Mozilla\Firefox\Profiles\o760illy.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/firefox?client=firefox-a& ... s:official
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRfox000&ptb=_RKNb1RJbyUwJRSGLyuU8g&psa=&ind=2010052806&ptnrS=GRfox000&si=&st=kwd&n=77cef8c6&searchfor=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-22 20:32
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1292428093-1580436667-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Electronic Arts\C*o*m*m*a*n*d* *a*n*d* *C*o*n*q*u*e*r* *3* *T*i*b*e*r*i*u*m* *W*a*r*s*"!\Podpora]
"Order"=hex:08,00,00,00,02,00,00,00,8a,02,00,00,01,00,00,00,04,00,00,00,98,00,
00,00,00,00,00,00,8a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,78,00,32,\

[HKEY_USERS\S-1-5-21-1292428093-1580436667-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:64,c3,e1,fc,88,f4,d8,07,71,44,91,51,3b,da,18,05,90,a2,c1,42,f8,46,73,
7e,57,b1,85,67,f2,55,87,d8,53,b7,26,49,59,b5,fe,3d,f5,c8,da,d9,86,5d,ce,d8,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-1292428093-1580436667-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:f9,b3,0c,23,10,99,72,2a,02,92,e3,34,f4,e6,76,8b,5f,f8,a8,80,67,
2d,26,85,2d,1f,fc,e6,b4,5e,69,d5,8a,99,4d,16,c3,69,d4,55,33,58,9e,45,e3,73,\
"rkeysecu"=hex:dd,bc,ad,1e,30,35,24,4f,1a,47,c7,1e,c5,3b,48,c4
.
Celkový čas: 2011-02-22 20:33:35
ComboFix-quarantined-files.txt 2011-02-22 19:33
ComboFix2.txt 2011-02-22 19:16

Před spuštěním: Volných bajtů: 94 801 649 664
Po spuštění: Volných bajtů: 94 790 168 576

- - End Of File - - 4C60F6AB1D3F3FE89515D2C3D7928808

[vyosek]

Zdravim a pekny vecer preji

Omlouvam se kolegovi za vstup, pisi na zadost uzivatele pre PM

Jeste jeden skript pro CF - postup je stejny

Kód: Vybrat vše

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"SunJavaUpdateSched"=-

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT1060933

Firefox::
FF - ProfilePath - c:\documents and settings\Michal\Data aplikací\Mozilla\Firefox\Profiles\o760illy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/firefox?client=fir ... s:official
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsear ... searchfor=

RegLock::
[HKEY_USERS\S-1-5-21-1292428093-1580436667-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Electronic Arts\C*o*m*m*a*n*d* *a*n*d* *C*o*n*q*u*e*r* *3* *T*i*b*e*r*i*u*m* *W*a*r*s*"!\Podpora]

Reboot::

[rydymr]

PC se restartovalo a vypsalo logy viz

ComboFix 11-02-21.02 - Michal 22.02.2011 21:03:39.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2015.1517 [GMT 1:00]
Spuštěný z: d:\steam\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Michal\Plocha\CFScript.txt..txt
AV: avast! antivirus 4.7.942 [VPS 110222-0] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2011-01-22 do 2011-02-22 )))))))))))))))))))))))))))))))
.

2011-02-22 18:31 . 2011-02-22 18:31 -------- d-----w- c:\program files\trend micro
2011-02-22 18:31 . 2011-02-22 18:31 -------- d-----w- C:\rsit
2011-02-22 15:57 . 2011-02-22 15:57 -------- d-----w- c:\documents and settings\Administrator
2011-02-22 15:49 . 2011-02-22 15:49 388096 ----a-r- c:\documents and settings\Michal\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-15 17:30 . 2011-02-15 17:30 -------- d-----w- c:\program files\Electronic Arts
2011-01-31 12:48 . 2007-03-01 01:54 109248 ----a-w- c:\windows\system32\MSWINSCK.OCX
2011-01-26 15:36 . 2001-10-24 10:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2011-01-26 15:36 . 2001-10-24 10:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 12:37 . 2004-07-17 09:36 12400 ----a-w- c:\windows\system32\drivers\secdrv.sys
2011-01-21 19:23 . 2011-01-18 20:29 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
.

((((((((((((((((((((((((((((( SnapShot@2011-02-22_19.15.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-22 20:06 . 2011-02-22 20:06 16384 c:\windows\Temp\Perflib_Perfdata_64c.dat
+ 2011-02-22 20:06 . 2011-02-22 20:06 16384 c:\windows\Temp\Perflib_Perfdata_5f0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-02-22 18791456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-09-12 196608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Michal\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Corel MEDIA FOLDERS INDEXER 8.LNK - c:\corel\Graphics8\Programs\MFIndexer.exe [2010-4-27 83456]
SanDisk Media Manager.lnk - [N/A]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\TrackMania Sunrise\\TmSunrise.exe"=
"d:\\MU\\metin2client.bin"=
"d:\\MU\\metin2.bin"=
"d:\\CS 1.6\\hl.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Roller coaster tycoon\\rollerct\\RCT.EXE"=
"d:\\Roller coaster tycoon\\rct.exe"=
"d:\\command C\\RetailExe\\1.0\\cnc3game.dat"=
"d:\\OperationFlashpoint\\FlashpointResistance.exe"=
"d:\\Quake III\\quake3.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"d:\\CS 1.6\\hltv.exe"=
"d:\\Two Worlds\\TwoWorlds.exe"=
"d:\\Two Worlds\\TwoWorlds_RADEON.exe"=
"d:\\Lord of The ring\\game.dat"=
"d:\\command C\\RetailExe\\1.9\\cnc3game.dat"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [12.1.2011 18:13 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [12.1.2011 18:13 5248]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.9.2010 11:42 691696]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [17.3.2010 15:12 670592]
R3 vwmfbus;Vertex Wireless Composite Device driver (WDM);c:\windows\system32\drivers\vwmfbus.sys [18.5.2010 10:24 98560]
R3 vwmfdiag;Vertex Wireless Diagnostic Monitor Port Driver (WDM);c:\windows\system32\drivers\vwmfdiag.sys [18.5.2010 10:24 100224]
R3 vwmfmdfl;~Vertex Wireless CDC Modem Filter~;c:\windows\system32\drivers\vwmfmdfl.sys [18.5.2010 10:24 14848]
R3 vwmfmdm;Vertex Wireless CDC Modem Driver;c:\windows\system32\drivers\vwmfmdm.sys [18.5.2010 10:24 123776]
R3 vwmfserd;Vertex Wireless Device Management Port Driver (WDM);c:\windows\system32\drivers\vwmfserd.sys [18.5.2010 10:24 100224]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.3.2010 23:08 1691480]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 Mac606;Mac606 Filter;c:\windows\system32\drivers\Mac606.sys [22.3.2010 10:47 19968]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {D6C3703E-EF4B-4CB1-9D7F-B04FAB90397C} = 78.136.128.4 78.136.128.12
FF - ProfilePath - c:\documents and settings\Michal\Data aplikací\Mozilla\Firefox\Profiles\o760illy.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-22 21:06
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1292428093-1580436667-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Electronic Arts\C*o*m*m*a*n*d* *a*n*d* *C*o*n*q*u*e*r* *3* *T*i*b*e*r*i*u*m* *W*a*r*s*"!\Podpora]
"Order"=hex:08,00,00,00,02,00,00,00,8a,02,00,00,01,00,00,00,04,00,00,00,98,00,
00,00,00,00,00,00,8a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,78,00,32,\

[HKEY_USERS\S-1-5-21-1292428093-1580436667-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:64,c3,e1,fc,88,f4,d8,07,71,44,91,51,3b,da,18,05,90,a2,c1,42,f8,46,73,
7e,57,b1,85,67,f2,55,87,d8,53,b7,26,49,59,b5,fe,3d,f5,c8,da,d9,86,5d,ce,d8,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-1292428093-1580436667-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:f9,b3,0c,23,10,99,72,2a,02,92,e3,34,f4,e6,76,8b,5f,f8,a8,80,67,
2d,26,85,2d,1f,fc,e6,b4,5e,69,d5,8a,99,4d,16,c3,69,d4,55,33,58,9e,45,e3,73,\
"rkeysecu"=hex:dd,bc,ad,1e,30,35,24,4f,1a,47,c7,1e,c5,3b,48,c4
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3056)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\SanDisk\SanDisk Media Manager\New Folder\SanDiskMediaManager-Launcher.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Vertex Wireless\VW100 Connection Manager\Connection Manager.exe
c:\program files\Alwil Software\Avast4\ashSimpl.exe
.
**************************************************************************
.
Celkový čas: 2011-02-22 21:10:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-22 20:10
ComboFix2.txt 2011-02-22 19:33
ComboFix3.txt 2011-02-22 19:16

Před spuštěním: Volných bajtů: 94 795 845 632
Po spuštění: Volných bajtů: 94 776 692 736

- - End Of File - - 3A566AAD202B82118B7CA1B4C98A1396

[vyosek]

Jak se chova PC

[rydymr]

zatim jsem nezkoušel jdu zkusit

[vyosek]

Fajn, pak napiste...

[rydymr]

zatim vše v pořádku děkuji všem za pomoc

[vyosek]

Jeste uklidime

Odinstalujte Combofix

• Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
• Napiste ComboFix /Uninstall
• Stisknete Enter
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

A pokud nejsou problemy ci dotazy, je to z nasi strany vse

Jinak i za kolegu nemate zac, ja jen doladil drobnosti

[rydymr]

jenom se zeptám je nějáká prevence ? před napadnutím virem toho typu