VIRY.CZ

Zdravím, včera AVG detekoval trojan v souboru speeder.dll (Trojský kůň PSW.Agent.AHMZ), no vše vypisovat nebudu udělal jsem screen z AVG. Pořád něco nového nalézá..
http://img441.imageshack.us/img441/7453/viry.png

Za pomoc velice děkuji.

EDIT: Ještě příspěvek obohatím o screen ze správce úloh.. je normální že je tam tolikrát svchost?
http://img85.imageshack.us/img85/7914/sprvceloh.png

Dejte log z RSIT: http://www.viry.cz/forum/viewtopic.php?f=13&t=82743 .

Logfile of random's system information tool 1.08 (written by random/random)
Run by Vlastnik at 2010-07-27 19:35:28
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 59 GB (25%) free of 238 GB
Total RAM: 2047 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:35:41, on 27.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Vlastnik\Plocha\RSIT.exe
C:\Program Files\trend micro\Vlastnik.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" //mailurl:mailto:jindriska.polakova.rande@centrum.cz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [combofix] "C:\ComboFix\CF27422.cfxxe" /c "C:\ComboFix\C.bat"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HotkeyP] C:\Documents and Settings\Vlastnik\Plocha\Setupy\hotkeyp\HotkeyP.exe 0
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

--
End of file - 8401 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\NSSstub.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-963894560-839522115-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-963894560-839522115-1004.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-05-09 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-07-21 1619296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-04-19 2117704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-04-19 2117704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-06-14 77824]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-06-28 81920]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-07-17 2065760]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"combofix"=C:\ComboFix\CF27422.cfxxe /c C:\ComboFix\C.bat []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-05-09 202256]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"HotkeyP"=C:\Documents and Settings\Vlastnik\Plocha\Setupy\hotkeyp\HotkeyP.exe 0 []
"Steam"=C:\Program Files\Steam\Steam.exe [2010-07-22 1238352]

C:\Documents and Settings\Vlastnik\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-07-17 12536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Metin2_CZ\metin2.bin"="C:\Program Files\Metin2_CZ\metin2.bin:*:Enabled:metin2"
"C:\SIERRA\RedBaron3D\Baronmmp.exe"="C:\SIERRA\RedBaron3D\Baronmmp.exe:*:Enabled:Red Baron II Multiplayer"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Program Files\redshark\redshark.exe"="C:\Program Files\redshark\redshark.exe:*:Enabled:3.40"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\EA Sports\NHL08\nhl2008pal.exe"="C:\Program Files\EA Sports\NHL08\nhl2008pal.exe:*:Enabled:nhl2008pal"
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2BetaUpdater.exe"="C:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2BetaUpdater.exe:*:Enabled:Battlefield Bad Company 2 - BETA"
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2Game.exe"="C:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2Game.exe:*:Enabled:EA Battlefield: Bad Company™ 2 - BETA"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Documents and Settings\Vlastnik\Plocha\Hry\bulanci.exe"="C:\Documents and Settings\Vlastnik\Plocha\Hry\bulanci.exe:*:Enabled:bulanci"
"C:\Program Files\Call of Duty\CoDMP.exe"="C:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP"
"C:\Program Files\EA Games\MOHAADemo\MOHAADemo.exe"="C:\Program Files\EA Games\MOHAADemo\MOHAADemo.exe:*:Enabled:Medal of Honor PC"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\hd2.exe"="C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\hd2.exe:*:Enabled:hd2"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\Comodo\Dragon\dragon.exe"="C:\Program Files\Comodo\Dragon\dragon.exe:*:Enabled:Dragon"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\EA Sports\FIFA Online\NFE.exe"="C:\Program Files\EA Sports\FIFA Online\NFE.exe:*:Enabled:EA SPORTS™ FIFA Online"
"C:\Documents and Settings\Vlastnik\Plocha\Grafika\KS9.2.0.5\Kitserver2010\pes2010.exe"="C:\Documents and Settings\Vlastnik\Plocha\Grafika\KS9.2.0.5\Kitserver2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Program Files\EA Sports\NHL 09\nhl2009.exe"="C:\Program Files\EA Sports\NHL 09\nhl2009.exe:*:Enabled:nhl2009"
"C:\Documents and Settings\Vlastnik\Plocha\Hry\FIFA09\FIFA 09\FIFA 09\FIFA09.exe"="C:\Documents and Settings\Vlastnik\Plocha\Hry\FIFA09\FIFA 09\FIFA 09\FIFA09.exe:*:Enabled:FIFA09"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Bywifi\bywifi.exe"="C:\Program Files\Bywifi\bywifi.exe:*:Enabled:Bywifi: Video Streaming Accelerator"
"C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe"="C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\steamapps\common\zero gear\ZeroGear.bat"="C:\Program Files\Steam\steamapps\common\zero gear\ZeroGear.bat:*:Enabled:Zero Gear Demo"
"C:\Program Files\Lead and Gold\lag_win32_public_dev.exe"="C:\Program Files\Lead and Gold\lag_win32_public_dev.exe:*:Enabled:Engine"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\conviction_game.exe"="C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\conviction_game.exe:*:Enabled:Tom Clancy's Splinter Cell Conviction"
"C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\gu.exe"="C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\gu.exe:*:Enabled:Tom Clancy's Splinter Cell Conviction Update"
"C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe"="C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2010\GamingAccess.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2010\GamingAccess.exe:*:Enabled:Pro Evolution Soccer 2010"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - edit -

======List of files/folders created in the last 1 months======

2010-07-26 08:19:48 ----D---- C:\Documents and Settings\Vlastnik\Data aplikací\AVG9
2010-07-25 14:05:33 ----D---- C:\Documents and Settings\Vlastnik\Data aplikací\Stardock
2010-07-23 18:31:28 ----D---- C:\WINDOWS\system32\AGEIA
2010-07-23 18:31:27 ----D---- C:\Program Files\AGEIA Technologies
2010-07-23 15:21:09 ----D---- C:\Program Files\Phenomedia AG
2010-07-23 15:21:04 ----A---- C:\WINDOWS\IsUn0407.exe
2010-07-22 14:04:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\LAG
2010-07-22 13:21:06 ----D---- C:\Program Files\Steam
2010-07-22 11:58:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\Ubisoft
2010-07-22 11:32:28 ----D---- C:\Program Files\Ubisoft
2010-07-20 23:41:00 ----D---- C:\Program Files\Lead and Gold
2010-07-19 23:39:27 ----D---- C:\Documents and Settings\Vlastnik\Data aplikací\Prison Break
2010-07-19 23:27:21 ----D---- C:\Program Files\Deep Silver-PB
2010-07-19 21:02:44 ----D---- C:\Program Files\uTorrent
2010-07-19 21:01:07 ----D---- C:\Documents and Settings\Vlastnik\Data aplikací\uTorrent
2010-07-17 10:56:30 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-07-16 14:10:59 ----D---- C:\BywifiShare
2010-07-16 14:10:59 ----D---- C:\BywifiSave
2010-07-16 14:10:16 ----D---- C:\Program Files\Bywifi
2010-07-14 05:20:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-14 02:03:10 ----D---- C:\Program Files\Gravity
2010-07-11 12:52:54 ----D---- C:\Program Files\PES 2010 Editor
2010-07-11 11:55:21 ----A---- C:\WINDOWS\system32\NMSDVDXU.dll
2010-07-11 11:55:06 ----D---- C:\Program Files\LG PC Suite II
2010-07-11 11:53:51 ----D---- C:\Documents and Settings\Vlastnik\Data aplikací\InstallShield

======List of files/folders modified in the last 1 months======

2010-07-27 19:35:34 ----D---- C:\WINDOWS\Prefetch
2010-07-27 19:35:33 ----D---- C:\Program Files\trend micro
2010-07-27 19:20:49 ----A---- C:\WINDOWS\NeroDigital.ini
2010-07-27 19:19:22 ----SD---- C:\WINDOWS\Tasks
2010-07-27 18:34:27 ----D---- C:\WINDOWS\Temp
2010-07-27 18:22:27 ----D---- C:\WINDOWS\system32\drivers\Avg
2010-07-27 17:06:37 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-27 17:06:35 ----HD---- C:\WINDOWS\inf
2010-07-27 11:07:12 ----D---- C:\WINDOWS
2010-07-27 01:57:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-27 01:56:57 ----D---- C:\Program Files\Mozilla Firefox
2010-07-26 18:30:23 ----D---- C:\Program Files\EA Sports
2010-07-26 18:30:01 ----D---- C:\WINDOWS\system32\DirectX
2010-07-23 22:48:46 ----SHD---- C:\WINDOWS\Installer
2010-07-23 22:48:46 ----D---- C:\WINDOWS\WinSxS
2010-07-23 18:32:09 ----D---- C:\Program Files\Electronic Arts
2010-07-23 18:31:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-07-23 18:31:28 ----D---- C:\WINDOWS\system32
2010-07-23 18:31:27 ----D---- C:\Program Files
2010-07-23 18:30:13 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-07-23 18:25:44 ----D---- C:\Program Files\WYSIWYG Web Builder 6
2010-07-23 18:23:40 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-23 10:23:02 ----RSD---- C:\WINDOWS\assembly
2010-07-19 23:38:17 ----HD---- C:\WINDOWS\msdownld.tmp
2010-07-19 19:42:49 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2010-07-19 02:43:42 ----A---- C:\WINDOWS\win.ini
2010-07-17 10:56:46 ----D---- C:\WINDOWS\system32\drivers
2010-07-16 13:54:58 ----D---- C:\Downloads
2010-07-15 22:38:55 ----D---- C:\Documents and Settings\Vlastnik\Data aplikací\Hamachi
2010-07-15 04:22:03 ----D---- C:\Documents and Settings\Vlastnik\Data aplikací\Skype
2010-07-15 00:25:20 ----D---- C:\Documents and Settings\Vlastnik\Data aplikací\skypePM
2010-07-14 15:58:16 ----D---- C:\Program Files\KONAMI
2010-07-14 05:20:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-14 05:20:47 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-13 10:31:29 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2010-07-13 10:31:17 ----D---- C:\Program Files\DVDVideoSoft
2010-07-11 17:27:40 ----D---- C:\Program Files\City Interactive
2010-07-11 17:27:25 ----D---- C:\Program Files\Game Graphic Studio
2010-07-11 12:52:55 ----SD---- C:\Documents and Settings\Vlastnik\Data aplikací\Microsoft
2010-07-11 11:58:38 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-02 21:39:05 ----A---- C:\WINDOWS\system32\MRT.exe
2010-07-01 08:27:53 ----D---- C:\Program Files\World War II GI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\nv_agp.sys [2003-10-29 21120]
R0 nvatabus;nvatabus; C:\WINDOWS\system32\DRIVERS\nvatabus.sys [2004-06-03 79360]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-12-25 721904]
R1 AmdK8;Ovladač procesoru AMD Athlon64; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 38400]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-07-17 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-06-02 29584]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-07-17 243024]
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-05-15 37040]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-05-15 38576]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-16 2324160]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-06-25 25280]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-05-17 33280]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-05-17 12928]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-05-15 118576]
S3 ae1moalk;ae1moalk; C:\WINDOWS\system32\drivers\ae1moalk.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\Vlastnik\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2008-09-04 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2008-09-04 19968]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2008-09-04 24832]
S3 w200bus;Sony Ericsson W200 driver (WDM); C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 86368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-07-17 308136]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-05-15 1550896]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]
R2 PnkBstrA;PunkBuster; C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe [2007-08-15 63040]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Udělejte sken ComboFix a dejte log.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

ComboFix 10-07-26.04 - Vlastnik 27.07.2010 22:33:30.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1604 [GMT 2:00]
Spuštěný z: c:\documents and settings\Vlastnik\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Vlastnik\aptmp.exe
C:\Install.exe
c:\windows\system32\1029\dwintl.dll
c:\windows\system32\1029 . . . . nemohl být smazán

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-27 do 2010-07-27 )))))))))))))))))))))))))))))))
.

2010-07-25 12:05 . 2010-07-25 12:05 -------- d-----w- c:\documents and settings\Vlastnik\Roaming
2010-07-25 12:05 . 2010-07-25 12:05 -------- d-----w- c:\documents and settings\Vlastnik\Local
2010-07-23 16:31 . 2010-07-23 16:31 -------- d-----w- c:\windows\system32\AGEIA
2010-07-23 16:31 . 2010-07-23 16:31 -------- d-----w- c:\program files\AGEIA Technologies
2010-07-23 13:21 . 2010-07-23 13:21 -------- d-----w- c:\program files\Phenomedia AG
2010-07-23 13:21 . 1998-11-17 11:44 328704 ----a-w- c:\windows\IsUn0407.exe
2010-07-22 11:21 . 2010-07-27 20:42 -------- d-----w- c:\program files\Steam
2010-07-22 09:32 . 2010-07-22 09:50 -------- d-----w- c:\program files\Ubisoft
2010-07-20 21:41 . 2010-07-23 16:25 -------- d-----w- c:\program files\Lead and Gold
2010-07-19 21:27 . 2010-07-19 21:27 -------- d-----w- c:\program files\Deep Silver-PB
2010-07-19 19:02 . 2010-07-19 19:02 -------- d-----w- c:\program files\uTorrent
2010-07-17 08:56 . 2010-07-17 08:56 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 12:10 . 2010-07-16 12:10 -------- d-----w- C:\BywifiShare
2010-07-16 12:10 . 2010-07-16 12:10 -------- d-----w- C:\BywifiSave
2010-07-16 12:10 . 2010-07-16 12:11 -------- d-----w- c:\program files\Bywifi
2010-07-14 02:55 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-14 00:03 . 2010-07-14 00:03 -------- d-----w- c:\program files\Gravity
2010-07-11 10:52 . 2010-07-11 10:54 -------- d-----w- c:\program files\PES 2010 Editor
2010-07-11 09:55 . 2007-11-08 14:26 1164728 ----a-w- c:\windows\system32\NMSDVDXU.dll
2010-07-11 09:55 . 2010-07-16 20:13 -------- d-----w- c:\program files\LG PC Suite II

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-27 17:35 . 2009-12-24 12:26 -------- d-----w- c:\program files\trend micro
2010-07-26 16:30 . 2009-09-28 10:21 -------- d-----w- c:\program files\EA Sports
2010-07-23 16:32 . 2010-05-10 17:24 -------- d-----w- c:\program files\Electronic Arts
2010-07-23 16:30 . 2009-09-25 20:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-23 16:25 . 2009-10-17 08:38 -------- d-----w- c:\program files\WYSIWYG Web Builder 6
2010-07-23 16:23 . 2009-09-17 11:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-19 17:42 . 2009-10-10 13:33 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-17 08:56 . 2009-09-18 13:17 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-17 08:55 . 2009-09-18 13:17 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-14 13:58 . 2009-09-19 08:32 -------- d-----w- c:\program files\KONAMI
2010-07-13 08:31 . 2009-09-18 17:23 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-07-13 08:31 . 2009-09-18 17:23 -------- d-----w- c:\program files\DVDVideoSoft
2010-07-11 15:27 . 2009-10-28 17:15 -------- d-----w- c:\program files\City Interactive
2010-07-11 15:27 . 2009-09-24 18:38 -------- d-----w- c:\program files\Game Graphic Studio
2010-07-01 06:27 . 2010-06-27 09:24 -------- d-----w- c:\program files\World War II GI
2010-06-27 12:40 . 2010-06-27 12:40 -------- d-----w- c:\program files\Fifa Master
2010-06-25 16:21 . 2010-06-25 16:21 -------- d-----w- c:\program files\Hamachi
2010-06-25 16:21 . 2009-11-20 19:04 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-06-25 14:51 . 2009-10-10 08:02 -------- d-----w- c:\program files\Call of Duty
2010-06-25 14:03 . 2009-09-19 12:27 138968 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-25 14:03 . 2009-09-19 12:26 214592 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-23 20:43 . 2004-08-18 12:00 82372 ----a-w- c:\windows\system32\perfc005.dat
2010-06-23 20:43 . 2004-08-18 12:00 437558 ----a-w- c:\windows\system32\perfh005.dat
2010-06-17 16:42 . 2010-06-17 16:42 -------- d-----w- c:\program files\Common Files\Skype
2010-06-14 14:31 . 2009-09-16 15:21 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 14:41 . 2010-06-06 15:00 -------- d-----w- c:\program files\Bolzplatz 2006
2010-06-13 14:40 . 2010-03-28 16:09 -------- d-----w- c:\program files\Eidos
2010-06-11 19:32 . 2010-06-11 19:32 64 ----a-w- c:\windows\GPlrLanc.dat
2010-06-11 18:04 . 2010-06-11 17:54 -------- d-----w- c:\program files\Games
2010-06-11 17:16 . 2010-06-11 17:16 -------- d-----w- c:\program files\FIFA Tools
2010-06-05 07:13 . 2009-11-24 19:58 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 13:29 . 2009-09-18 13:17 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-02 02:55 . 2010-06-27 10:57 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-06-27 10:57 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-06-27 10:57 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-31 18:11 . 2010-05-31 18:11 -------- d-----w- c:\program files\ElcomSoft
2010-05-29 10:13 . 2010-05-29 10:10 -------- d-----w- c:\program files\Valve
2010-05-26 09:41 . 2010-06-27 10:57 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-06-27 10:57 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 09:41 . 2010-06-27 10:57 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-06-27 10:57 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-06-27 10:57 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-13 16:00 . 2009-09-19 12:26 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-05-13 16:00 . 2009-09-19 12:26 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-05-06 10:35 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2004-08-18 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2005-03-31 20:17 . 2009-09-17 12:34 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 08:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Steam"="c:\program files\Steam\Steam.exe" [2010-07-22 1238352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-06-14 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-09 202256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Vlastnik\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-2-21 3444008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-17 08:56 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\SIERRA\\RedBaron3D\\Baronmmp.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Illusion Softworks\\Hidden & Dangerous 2\\hd2.exe"=
"c:\\Program Files\\Comodo\\Dragon\\dragon.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\EA Sports\\FIFA Online\\NFE.exe"=
"c:\\Documents and Settings\\Vlastnik\\Plocha\\Grafika\\KS9.2.0.5\\Kitserver2010\\pes2010.exe"=
"c:\\Program Files\\EA Sports\\NHL 09\\nhl2009.exe"=
"c:\\Documents and Settings\\Vlastnik\\Plocha\\Hry\\FIFA09\\FIFA 09\\FIFA 09\\FIFA09.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bywifi\\bywifi.exe"=
"c:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\zero gear\\ZeroGear.bat"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\conviction_game.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\gu.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\GamingAccess.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18775:TCP"= 18775:TCP:BitComet 18775 TCP
"18775:UDP"= 18775:UDP:BitComet 18775 UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18.9.2009 15:17 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18.9.2009 15:17 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [17.7.2010 10:55 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17.7.2010 10:56 308136]
S3 cpuz130;cpuz130;\??\c:\docume~1\Vlastnik\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Vlastnik\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.10.2009 0:06 721904]
.
Obsah adresáře 'Naplánované úlohy'

2009-09-27 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-09-27 11:35]

2010-07-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-963894560-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-07-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-963894560-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //mailurl:mailto:jindriska.polakova.rande@centrum.cz
uInternet Settings,ProxyOverride = local
FF - ProfilePath - c:\documents and settings\Vlastnik\Data aplikací\Mozilla\Firefox\Profiles\jtpb2ci9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=39&tp=ab&q=
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\docume~1\Vlastnik\DATAAP~1\POWERC~1\nppowerloader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-HotkeyP - c:\documents and settings\Vlastnik\Plocha\Setupy\hotkeyp\HotkeyP.exe
AddRemove-VP2DemoDeinstKey - c:\program files\VR Sports\VP2Demo\DeIsL1.isu
AddRemove-UnityWebPlayer - c:\documents and settings\Vlastnik\Local Settings\Data aplikací\Unity\WebPlayer\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-27 22:43
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1390067357-963894560-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:86,b3,c2,3b,cb,f9,7b,5e,46,aa,0b,0c,57,e3,1d,ba,01,a9,f2,89,17,5f,ad,
27,51,08,23,be,74,69,03,19,62,e7,d9,cd,28,19,21,07,7a,54,a7,59,05,7d,9a,19,\
"??"=hex:69,3e,43,58,9f,64,ba,75,fe,6b,77,07,2a,78,dd,74

[HKEY_USERS\S-1-5-21-1390067357-963894560-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:c5,e9,3d,5d,f3,5d,99,75,1d,72,d8,4e,00,b0,77,f3,1b,d7,3f,2a,fc,
2d,b9,e3,8b,cb,8a,f9,fd,6a,66,44,39,a5,40,35,2d,57,02,b9,5d,64,dc,a2,4a,94,\
"rkeysecu"=hex:27,55,fe,5b,69,3c,7c,82,53,a6,08,c0,33,75,8a,ab
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3664)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-07-27 22:54:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-27 20:54
ComboFix2.txt 2009-12-25 10:16

Před spuštěním: Volných bajtů: 64 252 481 536
Po spuštění: Volných bajtů: 66 432 724 992

- - End Of File - - AB7C36171E4BB05373771F087B9409C1

4 (jiné) infikované položky byly smazány. Kde se soubor speeder.dll nachází? Nevidím jej ani v logu CF.

Vypadá to, že jej AVG odstranil, každopádně díky.

Nicméně bych se chtěl ještě zeptat, je normální, že ve správci úloh je tolik svchost (ů) ?
přikládám screen

http://img230.imageshack.us/img230/3861 ... vchost.png

Svchost.exe řídí síťvé služby a musí být spuštěn tolikrát, kolik je spuštěno služeb. Jinak řečeno: je zcela normální, že Svchost je vícekrát spuštěn. Týká se to samozřejmě toho Svchost, který se spouští ze system32. Pokud by byl jinde, je to vir!!

Dobře, děkuji moc.

Nemáte zač!