avg mi nasiel trojan na speeder.dll

Zpráva

fabka · #1 Příspěvek od **fabka** » 29 črc 2010 19:19

Ahoj
AVG mi nasiel trojan horse na subore speeder.dll,mohli by ste mi s tym pomoct?

Logfile of random's system information tool 1.08 (written by random/random)
Run by PC at 2010-07-29 20:12:44
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 40 GB (40%) free of 100 GB
Total RAM: 3066 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:12:49, on 29. 7. 2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\PC\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\PC\Desktop\RSIT.exe
C:\Program Files\trend micro\PC.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Freecause Shopping BHO - {998A3C0C-8914-4D2A-AE36-BFA2E5AE6D5D} - C:\Program Files\Digsby Donates\ShoppingBHO.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

--
End of file - 6714 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{31E86FF0-1376-48D6-87A2-063227055CA1}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-07-20 1619296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{998A3C0C-8914-4D2A-AE36-BFA2E5AE6D5D}]
Digsby Donates - C:\Program Files\Digsby Donates\ShoppingBHO.dll [2010-06-27 638976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}]
Babylon IE plugin

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-07-16 2065760]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"ConnectionCenter"=C:\Program Files\Citrix\ICA Client\concentr.exe [2009-09-13 103768]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"USBToolTip"=C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [2007-02-20 199752]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-02-13 6814240]
"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2009-02-13 1833504]
"Samsung PanelMgr"=C:\Windows\Samsung\PanelMgr\SSMMgr.exe [2008-04-14 536576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-02-20 4363504]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-04-13 1135912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
D:\Games\KONAMI\PROEVO~1\GAMING~1.COM\SCOREB~1\Stardock\SCOREB~1.EXE []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\System32\avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\atashost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-07-29 07:51:30 ----D---- C:\Program Files\trend micro
2010-07-29 07:51:29 ----D---- C:\rsit
2010-07-28 11:55:47 ----SHD---- C:\$RECYCLE.BIN
2010-07-28 11:55:41 ----A---- C:\ComboFix.txt
2010-07-28 11:46:05 ----D---- C:\ComboFix
2010-07-28 11:45:44 ----A---- C:\Windows\SWXCACLS.exe
2010-07-28 11:45:43 ----D---- C:\32788R22FWJFW
2010-07-28 11:15:48 ----A---- C:\Windows\zip.exe
2010-07-28 11:15:48 ----A---- C:\Windows\SWSC.exe
2010-07-28 11:15:48 ----A---- C:\Windows\SWREG.exe
2010-07-28 11:15:48 ----A---- C:\Windows\sed.exe
2010-07-28 11:15:48 ----A---- C:\Windows\PEV.exe
2010-07-28 11:15:48 ----A---- C:\Windows\NIRCMD.exe
2010-07-28 11:15:48 ----A---- C:\Windows\MBR.exe
2010-07-28 11:15:48 ----A---- C:\Windows\grep.exe
2010-07-28 11:15:39 ----D---- C:\Windows\ERDNT
2010-07-28 11:13:58 ----D---- C:\Qoobox
2010-07-28 07:23:15 ----D---- C:\Config.Msi
2010-07-16 13:35:12 ----A---- C:\Windows\system32\avgrsstx.dll
2010-07-13 21:43:52 ----D---- C:\ProgramData\WindowsSearch
2010-07-10 22:06:03 ----D---- C:\Program Files\Common Files\Mcafee
2010-07-10 22:05:59 ----D---- C:\Program Files\McAfee
2010-07-10 21:58:48 ----D---- C:\ProgramData\McAfee
2010-07-07 21:08:19 ----D---- C:\Program Files\Veetle
2010-07-06 20:16:57 ----D---- C:\Users\PC\AppData\Roaming\vlc
2010-07-06 09:01:55 ----A---- C:\Windows\system32\atsckernel.exe
2010-07-06 09:01:53 ----A---- C:\Windows\system32\atashost.exe
2010-07-06 09:00:28 ----DC---- C:\Windows\system32\DRVSTORE
2010-07-06 08:59:49 ----D---- C:\ProgramData\Pure Networks
2010-07-06 08:58:17 ----D---- C:\Program Files\Linksys
2010-07-06 08:18:45 ----D---- C:\Program Files\Pure Networks
2010-07-06 08:18:29 ----D---- C:\ProgramData\webex
2010-07-05 17:04:44 ----D---- C:\Program Files\Windows Searchqu Toolbar
2010-07-05 17:04:40 ----D---- C:\Users\PC\AppData\Roaming\Bandoo
2010-07-05 17:04:13 ----D---- C:\ProgramData\Bandoo
2010-07-05 17:04:01 ----D---- C:\Program Files\Bandoo
2010-07-05 07:44:31 ----D---- C:\Users\PC\AppData\Roaming\vlc(53)

======List of files/folders modified in the last 1 months======

2010-07-29 20:12:41 ----D---- C:\Windows\Temp
2010-07-29 20:05:32 ----D---- C:\Windows\system32\drivers\Avg
2010-07-29 07:51:42 ----D---- C:\Windows\Prefetch
2010-07-29 07:51:30 ----RD---- C:\Program Files
2010-07-29 02:47:32 ----D---- C:\Users\PC\AppData\Roaming\Skype
2010-07-29 01:30:41 ----SHD---- C:\System Volume Information
2010-07-29 00:22:18 ----D---- C:\Users\PC\AppData\Roaming\skypePM
2010-07-28 11:54:12 ----D---- C:\Windows
2010-07-28 11:54:12 ----A---- C:\Windows\system.ini
2010-07-28 11:52:17 ----D---- C:\Windows\system32\drivers
2010-07-28 11:52:17 ----D---- C:\Windows\System32
2010-07-28 11:52:17 ----D---- C:\Windows\AppPatch
2010-07-28 11:52:17 ----D---- C:\Program Files\Common Files
2010-07-28 11:48:48 ----D---- C:\Windows\system32\WDI
2010-07-28 11:23:53 ----D---- C:\Windows\system32\drivers\etc
2010-07-28 07:23:59 ----SHD---- C:\Windows\Installer
2010-07-28 07:23:57 ----D---- C:\Windows\system32\catroot
2010-07-28 07:23:57 ----D---- C:\Windows\inf
2010-07-28 07:22:15 ----AD---- C:\ProgramData\TEMP
2010-07-25 22:43:28 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-25 19:25:26 ----D---- C:\Windows\system32\Msdtc
2010-07-25 19:25:23 ----D---- C:\Windows\system32\wbem
2010-07-25 19:24:45 ----D---- C:\Windows\system32\config
2010-07-25 19:24:36 ----D---- C:\Windows\Tasks
2010-07-25 19:24:36 ----D---- C:\Windows\system32\Tasks
2010-07-25 19:24:36 ----D---- C:\Windows\system32\spool
2010-07-25 19:24:36 ----D---- C:\Windows\system32\CodeIntegrity
2010-07-25 19:24:35 ----D---- C:\Windows\system32\catroot2
2010-07-25 19:24:35 ----D---- C:\Windows\registration
2010-07-18 20:01:41 ----D---- C:\Users\PC\AppData\Roaming\dvdcss
2010-07-17 12:47:56 ----D---- C:\Windows\ModemLogs
2010-07-16 16:59:24 ----D---- C:\Program Files\Google
2010-07-15 07:34:47 ----D---- C:\Windows\Debug
2010-07-15 07:34:35 ----D---- C:\ProgramData\Microsoft Help
2010-07-14 16:29:54 ----SD---- C:\Users\PC\AppData\Roaming\Microsoft
2010-07-13 21:43:52 ----D---- C:\ProgramData
2010-07-06 08:46:12 ----D---- C:\Users\PC\AppData\Roaming\ICAClient
2010-07-06 08:25:51 ----SD---- C:\Windows\system32\Microsoft
2010-07-05 17:04:51 ----D---- C:\Users\PC\AppData\Roaming\Mozilla
2010-07-02 21:39:05 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-12-06 691696]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2010-07-16 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2010-06-03 29584]
R1 AvgTdiX;AVG Free Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2010-07-16 243024]
R1 ctxusbm;Citrix USB Monitor Driver; C:\Windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2008-01-10 5120]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-02 983552]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-10-29 4934144]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-02-13 2325728]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60x.sys [2008-09-03 223232]
R3 MarvinBus;Pinnacle Marvin Bus; C:\Windows\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-09-25 3666432]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2008-11-11 154272]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [2008-01-10 41984]
S3 ag83kde5;ag83kde5; C:\Windows\system32\drivers\ag83kde5.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 catchme;catchme; \??\C:\Users\PC\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\F:\Everest Ultimate Edition v.4.60.1500 (portable)\kerneld.wnt []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 k57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:\Windows\system32\DRIVERS\k57xp32.sys [2008-09-03 186880]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-10-29 176128]
R2 atashost;WebEx Service Host for Support Center; C:\Windows\system32\atashost.exe [2009-03-06 20376]
R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-07-20 921952]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-10-02 860160]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-10-02 466944]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-24 135664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------
dakujem

#2 Příspěvek od **vyosek** » 29 črc 2010 19:25

Zdravim a pekny vecer preji

Hned na uvod maly velky vynadani

Spoustet RSIT az po logu z CF je fakt "uzasne super" napad...v RSITu neni nic videt, jelikoz CF stopy pomazal...navic po celem foru a kazdy druhy radce ma v podpisu napsano, ze CF se nema spoustet bez toho kdo mu rozumi nebot umi poslat system do kytek

Pokud mu rozumite tak se omlouvam, ale hned se tedy zeptam proc jste tady, kdyz CF pouzit umite tudiz snad i log z nej si vylustite

Nebo kdo Vam ten CF poradil

Omlouvam se ze jsem neprijemny, ale takovych radoby chytrolinu, co maji par postu na foru a hned pousti CF ze to nekde videli a pak RSIT, je tu posledni dobou vic nez dost

Takze sem mrsknete ten log z CF a podivame se co jste s nim provadel.
Dokazalo AVG s tim souborem neco udelat

Kde presne ho hlasil

fabka · #3 Příspěvek od **fabka** » 29 črc 2010 19:41

Zdravim

Na vasom fore som nasiel CF na subor speeder.dll,tak so to skusil. Ten trojan mi uz neukazovalo,ale po vypnuti a opatovnom zapnuti to zacalo robit zas. Robi mi to pri spustani hry PES 2010.

ComboFix 10-07-27.02 - PC . 07. 2010 11:47:55.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.3066.2006 [GMT 2:00]
Running from: c:\users\PC\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-28 )))))))))))))))))))))))))))))))
.

2010-07-28 09:54 . 2010-07-28 09:54 -------- d-----w- c:\users\PC\AppData\Local\temp
2010-07-28 09:54 . 2010-07-28 09:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-28 09:54 . 2010-07-28 09:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-28 09:45 . 2010-07-28 09:46 -------- d-----w- C:\32788R22FWJFW
2010-07-20 18:17 . 2010-07-20 18:17 1615200 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-07-20 18:17 . 2010-07-20 18:17 1373536 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll
2010-07-20 18:17 . 2010-07-20 18:17 1107296 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll
2010-07-20 18:17 . 2010-07-20 18:17 921440 ----a-w- c:\programdata\avg9\update\backup\avgemc.exe
2010-07-20 18:17 . 2010-07-20 18:17 4368224 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-07-16 11:36 . 2010-07-16 11:36 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-07-16 11:36 . 2010-07-16 11:36 216200 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-07-16 11:35 . 2010-07-16 11:35 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 11:15 . 2010-07-16 11:15 813336 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-07-16 11:15 . 2010-07-16 11:15 624920 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-07-16 11:15 . 2010-07-16 11:15 1690464 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-07-16 11:15 . 2010-07-16 11:15 1038688 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-07-13 19:43 . 2010-07-13 19:43 -------- d-----w- c:\programdata\WindowsSearch
2010-07-10 20:06 . 2010-07-16 20:45 -------- d-----w- c:\program files\Common Files\Mcafee
2010-07-10 20:05 . 2010-07-16 20:45 -------- d-----w- c:\program files\McAfee
2010-07-10 19:58 . 2010-07-16 20:45 -------- d-----w- c:\programdata\McAfee
2010-07-07 19:08 . 2010-07-07 19:08 -------- d-----w- c:\program files\Veetle
2010-07-06 18:16 . 2010-07-25 17:24 -------- d-----w- c:\users\PC\AppData\Roaming\vlc
2010-07-06 07:01 . 2009-03-06 11:01 76184 ----a-w- c:\windows\system32\atsckernel.exe
2010-07-06 07:01 . 2009-03-06 10:59 20376 ----a-w- c:\windows\system32\atashost.exe
2010-07-06 07:00 . 2010-07-28 05:23 -------- dc----w- c:\windows\system32\DRVSTORE
2010-07-06 06:59 . 2010-07-28 05:23 -------- d-----w- c:\programdata\Pure Networks
2010-07-06 06:58 . 2010-07-21 15:35 -------- d-----w- c:\program files\Linksys
2010-07-06 06:18 . 2010-07-06 06:18 -------- d-----w- c:\program files\Pure Networks
2010-07-06 06:18 . 2010-07-06 07:01 -------- d-----w- c:\programdata\webex
2010-07-05 15:04 . 2010-07-05 15:04 -------- d-----w- c:\program files\Windows Searchqu Toolbar
2010-07-05 15:04 . 2010-07-05 15:04 -------- d-----w- c:\users\PC\AppData\Roaming\Bandoo
2010-07-05 15:04 . 2010-07-05 15:04 -------- d-----w- c:\programdata\Bandoo
2010-07-05 15:04 . 2010-07-06 06:47 -------- d-----w- c:\program files\Bandoo
2010-07-05 05:44 . 2010-07-05 18:52 -------- d-----w- c:\users\PC\AppData\Roaming\vlc(53)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-28 09:46 . 2009-10-29 15:51 12 ----a-w- c:\windows\bthservsdp.dat
2010-07-28 09:33 . 2010-05-01 12:01 0 ----a-w- c:\users\PC\AppData\Local\prvlcl.dat
2010-07-28 09:01 . 2009-10-29 21:52 131160 ----a-w- c:\users\PC\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-27 21:36 . 2009-10-30 19:38 -------- d-----w- c:\users\PC\AppData\Roaming\Skype
2010-07-27 17:29 . 2009-10-30 19:39 -------- d-----w- c:\users\PC\AppData\Roaming\skypePM
2010-07-18 18:01 . 2009-12-11 17:44 -------- d-----w- c:\users\PC\AppData\Roaming\dvdcss
2010-07-17 06:16 . 2010-07-06 07:01 8892928 ----a-w- c:\programdata\atscie.msi
2010-07-16 14:59 . 2010-05-24 05:25 -------- d-----w- c:\program files\Google
2010-07-16 11:35 . 2009-10-31 08:08 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 11:16 . 2009-10-31 08:08 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-15 05:34 . 2009-11-10 19:50 -------- d-----w- c:\programdata\Microsoft Help
2010-07-06 06:46 . 2009-12-11 17:03 -------- d-----w- c:\users\PC\AppData\Roaming\ICAClient
2010-06-28 05:18 . 2010-06-27 11:28 -------- d-----w- c:\programdata\Babylon
2010-06-28 05:13 . 2010-06-27 11:28 -------- d-----w- c:\users\PC\AppData\Roaming\Babylon
2010-06-27 12:12 . 2010-06-27 11:29 -------- d-----w- c:\users\PC\AppData\Roaming\Digsby
2010-06-27 12:12 . 2010-06-27 11:29 -------- d-----w- c:\programdata\Digsby
2010-06-27 11:56 . 2010-06-27 11:28 -------- d-----w- c:\program files\myBabylon_English
2010-06-27 11:28 . 2010-06-27 11:28 -------- d-----w- c:\program files\Conduit
2010-06-27 11:28 . 2010-06-27 11:28 -------- d-----w- c:\program files\Digsby Donates
2010-06-27 11:27 . 2010-06-27 11:27 -------- d-----w- c:\program files\Digsby
2010-06-19 15:50 . 2010-06-19 15:50 82726 ----a-r- c:\users\PC\AppData\Roaming\Microsoft\Installer\{E871FF1A-D7A0-420D-9A47-B78AFD8B16AA}\_853F67D554F05449430E7E.exe
2010-06-19 15:50 . 2010-06-19 15:50 82726 ----a-r- c:\users\PC\AppData\Roaming\Microsoft\Installer\{E871FF1A-D7A0-420D-9A47-B78AFD8B16AA}\_43EA64258A532C2A1F57BD.exe
2010-06-19 15:50 . 2010-06-19 15:50 -------- d-----w- c:\program files\PES 2010 Editor
2010-06-13 22:43 . 2010-06-13 22:43 -------- d-----w- c:\program files\Samsung
2010-06-07 08:46 . 2010-01-09 18:39 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 07:09 . 2009-10-31 08:08 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-30 12:48 . 2010-05-24 05:26 -------- d-----w- c:\users\PC\AppData\Roaming\DivX
2010-05-26 17:06 . 2010-06-10 11:08 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 11:08 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 05:26 . 2010-05-24 05:26 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-24 05:26 . 2010-05-24 05:26 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-24 05:26 . 2010-05-24 05:26 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-05-24 05:26 . 2010-05-24 05:26 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-05-24 05:26 . 2010-05-24 05:26 57679 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-05-24 05:24 . 2010-05-24 05:24 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-24 05:24 . 2010-05-24 05:26 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-05-24 05:24 . 2010-05-24 05:26 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-05-05 17:55 . 2010-05-05 17:54 151552 ----a-w- c:\windows\system32\nvRegDev.dll
2010-05-04 05:59 . 2010-06-10 11:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 11:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 11:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 11:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 11:08 2037248 ----a-w- c:\windows\system32\win32k.sys
2009-09-12 22:05 . 2009-09-12 22:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-09-12 22:06 . 2009-09-12 22:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-09-12 22:06 . 2009-09-12 22:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-09-12 22:06 . 2009-09-12 22:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2009-09-12 22:06 . 2009-09-12 22:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-09-12 22:07 . 2009-09-12 22:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-09-12 22:06 . 2009-09-12 22:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2009-09-12 22:06 . 2009-09-12 22:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-08-14 12:33 . 2009-08-14 12:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-12 22:06 . 2009-09-12 22:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-07-28_09.23.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-07-28 09:48 55852 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-07-28 09:48 97946 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-29 21:53 . 2010-07-28 09:48 13122 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1856907272-2651160933-2048434053-1000_UserData.bin
+ 2009-11-26 15:30 . 2010-07-28 09:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-26 15:30 . 2010-07-28 09:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-26 15:30 . 2010-07-28 09:49 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-26 15:30 . 2010-07-28 09:18 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-26 15:30 . 2010-07-28 09:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-26 15:30 . 2010-07-28 09:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-28 09:15 . 2010-07-28 09:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-07-28 09:47 . 2010-07-28 09:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-07-28 09:47 . 2010-07-28 09:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-07-28 09:15 . 2010-07-28 09:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{998A3C0C-8914-4D2A-AE36-BFA2E5AE6D5D}]
2010-06-27 11:28 638976 ----a-w- c:\program files\Digsby Donates\ShoppingBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-13 6814240]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-13 1833504]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-04-14 536576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=c:\users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c1,a1,fd,59,bb,67,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1856907272-2651160933-2048434053-1000]
"EnableNotificationsRef"=dword:00000002

R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 135664]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;f:\everest ultimate edition v.4.60.1500 (portable)\kerneld.wnt [x]
R3 k57w2k;Broadcom NetLink (TM) Gigabit Ethernet;c:\windows\system32\DRIVERS\k57xp32.sys [2008-09-03 186880]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-06 691696]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-16 243024]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-10-29 176128]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-20 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2008-01-10 5120]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-03 223232]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-09-25 3666432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 05:25]

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 05:25]

2010-07-28 c:\windows\Tasks\User_Feed_Synchronization-{31E86FF0-1376-48D6-87A2-063227055CA1}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\wo0sk4rw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_fs_IM2_TEST&search=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\wo0sk4rw.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\wo0sk4rw.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - component: c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\wo0sk4rw.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-28 11:54
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\f:\everest ultimate edition v.4.60.1500 (portable)\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-07-28 11:55:41
ComboFix-quarantined-files.txt 2010-07-28 09:55
ComboFix2.txt 2010-07-28 09:25

Pre-Run: 42 941 145 088 bytes free
Post-Run: 42 896 822 272 bytes free

- - End Of File - - 29AC5F25151A86D3F4C05009EA2F74BA

A ospravedlnujem sa vam

#4 Příspěvek od **vyosek** » 29 črc 2010 19:48

Odstranovani haveti nejde delat stylem pokus-omyl

Navic kazde PC je unikat a skripty pro nej jsou jedinecne

Navic CF je treba aplikovat s vypnutym rez.stitem jelikoz mu brani v mazani...

Stahnete SytemLook (viz muj podpis) a ulozte jej na plochu

Do okna vlozte skript nize
Kód: Vybrat vše
```
:filefind
speeder.dll
```
Kliknete na Look
Tlacitko Look se zmeni na Scanning a zsedne
Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte

A jeste sem vlozte ten druhy log z CF, jmenuje se Combofix2.txt

fabka · #5 Příspěvek od **fabka** » 29 črc 2010 20:01

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 20:57 on 29/07/2010 by PC (Administrator - Elevation successful)

========== filefind ==========

Searching for "speeder.dll"
No files found.

-=End Of File=-

ComboFix 10-07-27.02 - PC . 07. 2010 11:18:36.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.3066.1958 [GMT 2:00]
Running from: c:\users\PC\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FunWebProducts
c:\program files\FunWebProducts\Installr\1.bin\F3EZsetp.dll
c:\program files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL
c:\program files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL
c:\users\PC\AppData\Roaming\Desktopicon

.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-28 )))))))))))))))))))))))))))))))
.

2010-07-28 09:23 . 2010-07-28 09:23 -------- d-----w- c:\users\PC\AppData\Local\temp
2010-07-28 09:23 . 2010-07-28 09:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-28 09:13 . 2010-07-28 09:14 -------- d-----w- C:\32788R22FWJFW
2010-07-20 18:17 . 2010-07-20 18:17 1615200 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-07-20 18:17 . 2010-07-20 18:17 1373536 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll
2010-07-20 18:17 . 2010-07-20 18:17 1107296 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll
2010-07-20 18:17 . 2010-07-20 18:17 921440 ----a-w- c:\programdata\avg9\update\backup\avgemc.exe
2010-07-20 18:17 . 2010-07-20 18:17 4368224 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-07-16 11:36 . 2010-07-16 11:36 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-07-16 11:36 . 2010-07-16 11:36 216200 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-07-16 11:35 . 2010-07-16 11:35 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 11:15 . 2010-07-16 11:15 813336 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-07-16 11:15 . 2010-07-16 11:15 624920 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-07-16 11:15 . 2010-07-16 11:15 1690464 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-07-16 11:15 . 2010-07-16 11:15 1038688 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-07-13 19:43 . 2010-07-13 19:43 -------- d-----w- c:\programdata\WindowsSearch
2010-07-10 20:06 . 2010-07-16 20:45 -------- d-----w- c:\program files\Common Files\Mcafee
2010-07-10 20:05 . 2010-07-16 20:45 -------- d-----w- c:\program files\McAfee
2010-07-10 19:58 . 2010-07-16 20:45 -------- d-----w- c:\programdata\McAfee
2010-07-07 19:08 . 2010-07-07 19:08 -------- d-----w- c:\program files\Veetle
2010-07-06 18:16 . 2010-07-25 17:24 -------- d-----w- c:\users\PC\AppData\Roaming\vlc
2010-07-06 07:01 . 2009-03-06 11:01 76184 ----a-w- c:\windows\system32\atsckernel.exe
2010-07-06 07:01 . 2009-03-06 10:59 20376 ----a-w- c:\windows\system32\atashost.exe
2010-07-06 07:00 . 2010-07-28 05:23 -------- dc----w- c:\windows\system32\DRVSTORE
2010-07-06 06:59 . 2010-07-28 05:23 -------- d-----w- c:\programdata\Pure Networks
2010-07-06 06:58 . 2010-07-21 15:35 -------- d-----w- c:\program files\Linksys
2010-07-06 06:18 . 2010-07-06 06:18 -------- d-----w- c:\program files\Pure Networks
2010-07-06 06:18 . 2010-07-06 07:01 -------- d-----w- c:\programdata\webex
2010-07-05 15:04 . 2010-07-05 15:04 -------- d-----w- c:\program files\Windows Searchqu Toolbar
2010-07-05 15:04 . 2010-07-05 15:04 -------- d-----w- c:\users\PC\AppData\Roaming\Bandoo
2010-07-05 15:04 . 2010-07-05 15:04 -------- d-----w- c:\programdata\Bandoo
2010-07-05 15:04 . 2010-07-06 06:47 -------- d-----w- c:\program files\Bandoo
2010-07-05 05:44 . 2010-07-05 18:52 -------- d-----w- c:\users\PC\AppData\Roaming\vlc(53)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-28 09:14 . 2009-10-29 15:51 12 ----a-w- c:\windows\bthservsdp.dat
2010-07-28 09:01 . 2009-10-29 21:52 131160 ----a-w- c:\users\PC\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-28 05:33 . 2010-05-01 12:01 0 ----a-w- c:\users\PC\AppData\Local\prvlcl.dat
2010-07-27 21:36 . 2009-10-30 19:38 -------- d-----w- c:\users\PC\AppData\Roaming\Skype
2010-07-27 17:29 . 2009-10-30 19:39 -------- d-----w- c:\users\PC\AppData\Roaming\skypePM
2010-07-18 18:01 . 2009-12-11 17:44 -------- d-----w- c:\users\PC\AppData\Roaming\dvdcss
2010-07-17 06:16 . 2010-07-06 07:01 8892928 ----a-w- c:\programdata\atscie.msi
2010-07-16 14:59 . 2010-05-24 05:25 -------- d-----w- c:\program files\Google
2010-07-16 11:35 . 2009-10-31 08:08 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 11:16 . 2009-10-31 08:08 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-15 05:34 . 2009-11-10 19:50 -------- d-----w- c:\programdata\Microsoft Help
2010-07-06 06:46 . 2009-12-11 17:03 -------- d-----w- c:\users\PC\AppData\Roaming\ICAClient
2010-06-28 05:18 . 2010-06-27 11:28 -------- d-----w- c:\programdata\Babylon
2010-06-28 05:13 . 2010-06-27 11:28 -------- d-----w- c:\users\PC\AppData\Roaming\Babylon
2010-06-27 12:12 . 2010-06-27 11:29 -------- d-----w- c:\users\PC\AppData\Roaming\Digsby
2010-06-27 12:12 . 2010-06-27 11:29 -------- d-----w- c:\programdata\Digsby
2010-06-27 11:56 . 2010-06-27 11:28 -------- d-----w- c:\program files\myBabylon_English
2010-06-27 11:28 . 2010-06-27 11:28 -------- d-----w- c:\program files\Conduit
2010-06-27 11:28 . 2010-06-27 11:28 -------- d-----w- c:\program files\Digsby Donates
2010-06-27 11:27 . 2010-06-27 11:27 -------- d-----w- c:\program files\Digsby
2010-06-19 15:50 . 2010-06-19 15:50 82726 ----a-r- c:\users\PC\AppData\Roaming\Microsoft\Installer\{E871FF1A-D7A0-420D-9A47-B78AFD8B16AA}\_853F67D554F05449430E7E.exe
2010-06-19 15:50 . 2010-06-19 15:50 82726 ----a-r- c:\users\PC\AppData\Roaming\Microsoft\Installer\{E871FF1A-D7A0-420D-9A47-B78AFD8B16AA}\_43EA64258A532C2A1F57BD.exe
2010-06-19 15:50 . 2010-06-19 15:50 -------- d-----w- c:\program files\PES 2010 Editor
2010-06-13 22:43 . 2010-06-13 22:43 -------- d-----w- c:\program files\Samsung
2010-06-07 08:46 . 2010-01-09 18:39 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 07:09 . 2009-10-31 08:08 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-30 12:48 . 2010-05-24 05:26 -------- d-----w- c:\users\PC\AppData\Roaming\DivX
2010-05-26 17:06 . 2010-06-10 11:08 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 11:08 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 05:26 . 2010-05-24 05:26 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-24 05:26 . 2010-05-24 05:26 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-24 05:26 . 2010-05-24 05:26 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-05-24 05:26 . 2010-05-24 05:26 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-05-24 05:26 . 2010-05-24 05:26 57679 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-05-24 05:24 . 2010-05-24 05:24 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-24 05:24 . 2010-05-24 05:26 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-05-24 05:24 . 2010-05-24 05:26 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-05-05 17:55 . 2010-05-05 17:54 151552 ----a-w- c:\windows\system32\nvRegDev.dll
2010-05-04 05:59 . 2010-06-10 11:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 11:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 11:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 11:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 11:08 2037248 ----a-w- c:\windows\system32\win32k.sys
2009-09-12 22:05 . 2009-09-12 22:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-09-12 22:06 . 2009-09-12 22:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-09-12 22:06 . 2009-09-12 22:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-09-12 22:06 . 2009-09-12 22:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2009-09-12 22:06 . 2009-09-12 22:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-09-12 22:07 . 2009-09-12 22:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-09-12 22:06 . 2009-09-12 22:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2009-09-12 22:06 . 2009-09-12 22:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-08-14 12:33 . 2009-08-14 12:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-12 22:06 . 2009-09-12 22:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{998A3C0C-8914-4D2A-AE36-BFA2E5AE6D5D}]
2010-06-27 11:28 638976 ----a-w- c:\program files\Digsby Donates\ShoppingBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-13 6814240]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-13 1833504]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-04-14 536576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=c:\users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c1,a1,fd,59,bb,67,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1856907272-2651160933-2048434053-1000]
"EnableNotificationsRef"=dword:00000002

R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 135664]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;f:\everest ultimate edition v.4.60.1500 (portable)\kerneld.wnt [x]
R3 k57w2k;Broadcom NetLink (TM) Gigabit Ethernet;c:\windows\system32\DRIVERS\k57xp32.sys [2008-09-03 186880]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-06 691696]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-16 243024]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-10-29 176128]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-20 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2008-01-10 5120]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-03 223232]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-09-25 3666432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 05:25]

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 05:25]

2010-07-28 c:\windows\Tasks\User_Feed_Synchronization-{31E86FF0-1376-48D6-87A2-063227055CA1}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\wo0sk4rw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_fs_IM2_TEST&search=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\wo0sk4rw.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\wo0sk4rw.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - component: c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\wo0sk4rw.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\f:\everest ultimate edition v.4.60.1500 (portable)\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-07-28 11:25:30
ComboFix-quarantined-files.txt 2010-07-28 09:25

Pre-Run: 40 049 184 768 bytes free
Post-Run: 42 762 252 288 bytes free

- - End Of File - - DF1DA35D6A02CB5987AD0E074FD1D6ED

#6 Příspěvek od **vyosek** » 29 črc 2010 20:03

AVG ten speeder.dll zrejme smazal, na disku jiz neni...

fabka · #7 Příspěvek od **fabka** » 29 črc 2010 20:11

Asi ano lebo uz mi to slo v pohode

Velmi pekne vam dakujem

#8 Příspěvek od **vyosek** » 29 črc 2010 20:14

Odinstalujte Combofix

Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
Napiste ComboFix /Uninstall
Stisknete Enter
Tohle smaze Combofix a jeho slozky

T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaru
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

VIRY.CZ

avg mi nasiel trojan na speeder.dll

avg mi nasiel trojan na speeder.dll

Re: avg mi nasiel trojan na speeder.dll

Re: avg mi nasiel trojan na speeder.dll

Re: avg mi nasiel trojan na speeder.dll

Re: avg mi nasiel trojan na speeder.dll

Re: avg mi nasiel trojan na speeder.dll

Re: avg mi nasiel trojan na speeder.dll

Re: avg mi nasiel trojan na speeder.dll