VIRY.CZ

dobry den,
po prihlaseni pc přestane asi po 10 sekundach regovat(ani mys,klavesnice,nic...),stava se to pouze u spravcovskych uctu, učet s omezenym opravnenim pracuje normalne. vubec nevim co s tim.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Marek at 2010-10-11 18:35:57
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 181 GB (38%) free of 477 GB
Total RAM: 2046 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:37:04, on 11.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\PnkBstrA.exe
C:\windows\system32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\dwqda\Local Settings\Temporary Internet Files\Content.IE5\ANSDEHEH\RSIT[2].exe
C:\Program Files\trend micro\Marek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.atlas.cz/search.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.worldonline.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.worldonline.cz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Poskytovatel aplikace Microsoft Internet Explorer: World Online
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFree.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFree.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1214440339-1682526488-682003330-1010\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe (User 'dwqda')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.worldonline.cz
O17 - HKLM\System\CCS\Services\Tcpip\..\{05DB1735-54C7-480F-ADD7-6442EE61E5E2}: NameServer = 84.21.122.1,84.16.96.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{05DB1735-54C7-480F-ADD7-6442EE61E5E2}: NameServer = 84.21.122.1,84.16.96.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{05DB1735-54C7-480F-ADD7-6442EE61E5E2}: NameServer = 84.21.122.1,84.16.96.2
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe

--
End of file - 7802 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll [2010-09-16 2890592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
Free Lunch Design Toolbar - C:\Program Files\Free_Lunch_Design\tbFree.dll [2009-05-20 2085400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll [2010-08-27 2565448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - Free Lunch Design Toolbar - C:\Program Files\Free_Lunch_Design\tbFree.dll [2009-05-20 2085400]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll [2010-08-27 2565448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GEST"=C:\Program Files\GIGABYTE\GEST\RUN.exe [2007-12-14 236040]
"RTHDCPL"=C:\windows\RTHDCPL.EXE [2008-02-13 16857600]
"Alcmtr"=C:\windows\ALCMTR.EXE [2005-05-03 69632]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2006-11-24 487424]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2005-12-10 133016]
"EEventManager"=C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe [2008-12-04 665424]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-07-25 155648]
"AVG_TRAY"=C:\Program Files\AVG\AVG10\avgtray.exe [2010-09-15 2745696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\windows\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\windows\system32\Ati2evxx.dll [2008-06-24 139264]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Quake III Arena\quake3.exe"="C:\Program Files\Quake III Arena\quake3.exe:*:Enabled:quake3"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\InterVideo\DVD5\WinDVD.exe"="C:\Program Files\InterVideo\DVD5\WinDVD.exe:*:Enabled:WinDVD"
"C:\Program Files\TrackMania Sunrise\TmSunrise.exe"="C:\Program Files\TrackMania Sunrise\TmSunrise.exe:*:Enabled:TmSunrise"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager"
"C:\Documents and Settings\uzivatel\Plocha\PES2008.exe"="C:\Documents and Settings\uzivatel\Plocha\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\Documents and Settings\uzivatel\Plocha\HRY\PES2008.exe"="C:\Documents and Settings\uzivatel\Plocha\HRY\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe"="C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:*:Enabled:FlatOut Ultimate Carnage"
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Disabled:EEventManager Application"
"C:\Program Files\Codemasters\DiRT2\dirt2_game.exe"="C:\Program Files\Codemasters\DiRT2\dirt2_game.exe:*:Enabled:DiRT2"
"C:\Program Files\Counter-Strike Source\hl2.exe"="C:\Program Files\Counter-Strike Source\hl2.exe:*:Disabled:hl2"
"C:\Documents and Settings\uzivatel\Plocha\HRY\NHL 09\nhl2009.exe"="C:\Documents and Settings\uzivatel\Plocha\HRY\NHL 09\nhl2009.exe:*:Enabled:nhl2009"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Program Files\UBISOFT\Ghost Recon Advanced Warfighter 2\graw2.exe"="C:\Program Files\UBISOFT\Ghost Recon Advanced Warfighter 2\graw2.exe:*:Enabled:Ghost Recon Advanced Warfighter® 2"
"C:\Program Files\UBISOFT\Ghost Recon Advanced Warfighter 2\graw2_dedicated.exe"="C:\Program Files\UBISOFT\Ghost Recon Advanced Warfighter 2\graw2_dedicated.exe:*:Enabled:Ghost Recon Advanced Warfighter® 2 Dedicated Server"
"C:\Program Files\AVG\AVG10\avgdiagex.exe"="C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostika 2011"
"C:\Program Files\AVG\AVG10\avgnsx.exe"="C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG10\avgmfapx.exe"="C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\AVG\AVG10\avgemcx.exe"="C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Obecná kontrola pošty"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-10-11 18:31:18 ----D---- C:\Program Files\trend micro
2010-10-11 18:31:17 ----D---- C:\rsit
2010-10-11 15:17:37 ----D---- C:\windows\WBEM
2010-10-11 15:16:47 ----HDC---- C:\windows\ie8
2010-10-11 15:10:05 ----A---- C:\windows\ntbtlog.txt
2010-10-10 17:21:13 ----HD---- C:\$AVG
2010-10-09 15:50:55 ----A---- C:\windows\SchedLgU.Txt
2010-10-09 14:10:53 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-10-09 14:10:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-10-09 13:43:43 ----D---- C:\windows\system32\NtmsData
2010-10-08 22:57:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-10-08 22:11:21 ----D---- C:\Documents and Settings\Marek\Data aplikací\AVG10
2010-10-08 21:25:15 ----HD---- C:\Documents and Settings\All Users\Data aplikací\Common Files
2010-10-08 21:21:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
2010-10-08 21:20:48 ----D---- C:\windows\system32\drivers\AVG
2010-10-08 21:20:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG10
2010-10-08 21:20:37 ----D---- C:\Program Files\AVG
2010-10-08 21:10:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2010-09-13 16:27:24 ----A---- C:\windows\system32\drivers\AVGIDSEH.sys

======List of files/folders modified in the last 1 months======

2010-10-11 18:34:52 ----D---- C:\windows\Prefetch
2010-10-11 18:31:18 ----D---- C:\Program Files
2010-10-11 17:55:41 ----D---- C:\windows\Temp
2010-10-11 15:28:18 ----D---- C:\windows\system32\CatRoot2
2010-10-11 15:27:55 ----D---- C:\windows\system32
2010-10-11 15:19:36 ----D---- C:\WINDOWS
2010-10-11 15:19:11 ----RSHDC---- C:\windows\system32\dllcache
2010-10-11 15:19:11 ----D---- C:\windows\system32\cs-cz
2010-10-11 15:19:11 ----D---- C:\windows\Help
2010-10-11 15:19:11 ----D---- C:\Program Files\Internet Explorer
2010-10-11 15:17:32 ----D---- C:\windows\Media
2010-10-11 15:17:31 ----HD---- C:\windows\inf
2010-10-11 15:11:29 ----D---- C:\Documents and Settings
2010-10-10 19:40:43 ----SHD---- C:\windows\Installer
2010-10-09 14:36:00 ----SHD---- C:\RECYCLER
2010-10-09 14:36:00 ----D---- C:\windows\Minidump
2010-10-09 14:34:54 ----D---- C:\windows\system32\drivers\etc
2010-10-08 22:57:23 ----D---- C:\windows\system32\drivers
2010-10-08 22:57:13 ----D---- C:\Program Files\Alwil Software
2010-10-08 22:17:35 ----D---- C:\Program Files\Windows Media Player
2010-10-06 20:42:23 ----A---- C:\windows\ChssBase.ini
2010-10-06 18:27:04 ----D---- C:\Program Files\Battle for Wesnoth 1.6.1
2010-10-06 14:23:26 ----A---- C:\windows\NeroDigital.ini
2010-10-04 21:01:20 ----D---- C:\windows\system32\config
2010-10-03 12:01:37 ----A---- C:\Program Files\Geografia.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\windows\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\windows\System32\drivers\sfdrv01.sys [2005-03-03 48640]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\windows\System32\drivers\sfhlp02.sys [2005-02-23 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\windows\System32\drivers\sfsync02.sys [2004-12-03 20544]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2009-01-20 642560]
R1 Avgldx86;AVG AVI Loader Driver; C:\windows\system32\DRIVERS\avgldx86.sys [2010-09-07 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\windows\system32\DRIVERS\avgmfx86.sys [2010-09-07 34384]
R1 Avgtdix;AVG TDI Driver; C:\windows\system32\DRIVERS\avgtdix.sys [2010-09-07 298448]
R1 intelppm;Řadič procesoru Intel; C:\windows\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R3 ati2mtag;ati2mtag; C:\windows\system32\DRIVERS\ati2mtag.sys [2008-06-24 3229696]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\windows\system32\drivers\AtiHdmi.sys [2008-05-20 93696]
R3 AVGIDSDriver;AVGIDSDriver; C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-19 123472]
R3 AVGIDSFilter;AVGIDSFilter; C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-19 30288]
R3 AVGIDSShim;AVGIDSShim; C:\windows\system32\DRIVERS\AVGIDSShim.Sys [2010-08-19 26192]
R3 dtscsi;dtscsi; C:\windows\System32\Drivers\dtscsi.sys [2009-01-20 223128]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
R3 mouhid;Ovladač myši standardu HID; C:\windows\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\windows\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\windows\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 ET5Drv;ET5Drv; \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\windows\system32\DRIVERS\k750bus.sys [2005-07-07 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\windows\system32\DRIVERS\k750mdfl.sys [2005-07-07 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\windows\system32\DRIVERS\k750mdm.sys [2005-07-07 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\windows\system32\DRIVERS\k750mgmt.sys [2005-07-07 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\windows\system32\DRIVERS\k750obex.sys [2005-07-07 79488]
S3 se45bus;Sony Ericsson Device 069 driver (WDM); C:\windows\system32\DRIVERS\se45bus.sys [2006-11-30 61536]
S3 se45mdfl;Sony Ericsson Device 069 USB WMC Modem Filter; C:\windows\system32\DRIVERS\se45mdfl.sys [2006-11-30 9360]
S3 se45mdm;Sony Ericsson Device 069 USB WMC Modem Driver; C:\windows\system32\DRIVERS\se45mdm.sys [2006-11-30 97088]
S3 se45mgmt;Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM); C:\windows\system32\DRIVERS\se45mgmt.sys [2006-11-30 88624]
S3 se45nd5;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (NDIS); C:\windows\system32\DRIVERS\se45nd5.sys [2006-11-30 18704]
S3 se45obex;Sony Ericsson Device 069 USB WMC OBEX Interface; C:\windows\system32\DRIVERS\se45obex.sys [2006-11-30 86432]
S3 se45unic;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (WDM); C:\windows\system32\DRIVERS\se45unic.sys [2006-11-30 90800]
S3 seozlld;seozlld; \??\C:\windows\system32\02.tmp []
S3 uoakntdze;uoakntdze; \??\C:\windows\system32\02.tmp []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\windows\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 w200bus;Sony Ericsson W200 driver (WDM); C:\windows\system32\DRIVERS\w200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter; C:\windows\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver; C:\windows\system32\DRIVERS\w200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM); C:\windows\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface; C:\windows\system32\DRIVERS\w200obex.sys [2006-11-07 86368]
S3 xwcamxqtg;xwcamxqtg; \??\C:\windows\system32\02.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\windows\system32\Ati2evxx.exe [2008-06-24 557056]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-09-03 6104144]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG10\avgwdsvc.exe [2010-09-10 265400]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 PnkBstrA;PnkBstrA; C:\windows\system32\PnkBstrA.exe [2009-07-11 66872]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-08-27 488776]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\GEST\GSvr.exe [2007-12-14 47624]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


diky moc

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

dekuji, ale do administratorskeho uctu se nedostanu protoze se to ihned sekne , jde to i v nouzovym rezimu? a dale nevim jak vypnout spyware. opravdu je nutne zalohovani??

Ano, zkuste to v nouz. režimu, mělo by to jít. Záloha je pouze doporučena. Při odvirování je dobré ji udělat, PC se může zachovat zcela nepředvídatelně. Min. důležitá data. Antispyware byste měl vypnout v jeho nastavení, i když toto doporučení lze ignorovat.

zdravim
opravdu nejsem odbornik tak portrebuju trochu poradit: :
jak muzu prepnout pc do nouzoveho rezimu aniz bych musel 2 krat po sobe pc vypnout
mam avg 2011 a nevim jak vypnout anti-spyware
a je mozne ze mi spravcovske ucty nejdou a ten s omezenim ano?

Restartujte PC. Při novém startu ke konci úvodních postů tiskněte F8. Objeví se menu, v němž se budete pohybovat kurzorovými šipkami. Zvýrazníte "stav nouze", nebo "stav nouze s prací v síti" a stisknete "Enter".
U AVG poklepete na ikonu na tray. Otevře se okno, v němž lze AVG nastavovat.
Ano, je možné, že jsou zasaženy poouze admin. účty.

poradite mi nekdo prosim

marx píše:poradite mi nekdo prosim

Můj příspěvek výše vám nestačí?

to se omlouvam toho sem di jeste nevsiml dekuju

ta ikona tray nereaguje, pujde ten program spustit i kdyz to nevypnu??
mezitím jsem ještě testoval systémem avg rootkity - nevyléčené:
"";"C:\WINDOWS\system32\drivers\sptd.sys";"i8042prt.sys, přesměrovaný import HAL.dll READ_PORT_UCHAR -> sptd.sys +0x23C82";"Objekt je skrytý"
"";"C:\WINDOWS\system32\drivers\sptd.sys";"atapi.sys, přesměrovaný import HAL.dll READ_PORT_UCHAR -> sptd.sys +0x1A32";"Objekt je skrytý"
"";"C:\WINDOWS\system32\drivers\sptd.sys";"atapi.sys, přesměrovaný import HAL.dll READ_PORT_BUFFER_USHORT -> sptd.sys +0x1B6E";"Objekt je skrytý"
"";"C:\WINDOWS\system32\drivers\sptd.sys";"atapi.sys, přesměrovaný import HAL.dll READ_PORT_USHORT -> sptd.sys +0x1AF6";"Objekt je skrytý"
"";"C:\WINDOWS\system32\drivers\sptd.sys";"atapi.sys, přesměrovaný import HAL.dll WRITE_PORT_BUFFER_USHORT -> sptd.sys +0x26CC";"Objekt je skrytý"
"";"C:\WINDOWS\system32\drivers\sptd.sys";"atapi.sys, přesměrovaný import HAL.dll WRITE_PORT_UCHAR -> sptd.sys +0x25A2";"Objekt je skrytý"
"";"C:\WINDOWS\system32\drivers\sptd.sys";"IRP hook, \FileSystem\Npfs IRP_MJ_CREATE -> sptd.sys +0x14706";"Objekt je skrytý"
"";"C:\WINDOWS\system32\drivers\sptd.sys";"IRP hook, \FileSystem\Npfs IRP_MJ_CREATE_NAMED_PIPE -> sptd.sys +0x14706";"Objekt je skrytý"
"";"C:\WINDOWS\system32\drivers\sptd.sys";"IRP hook, \FileSystem\Npfs IRP_MJ_CLOSE -> sptd.sys +0x14706";"Objekt je skrytý"
"";"C:\WINDOWS\system32\drivers\sptd.sys";"IRP hook, \FileSystem\Npfs IRP_MJ_READ -> sptd.sys +0x14706";"Objekt je skrytý"
"";"C:\WINDOWS\system32\drivers\sptd.sys";"IRP hook, \FileSystem\Npfs IRP_MJ_WRITE -> sptd.sys +0x14706";"Objekt je skrytý"
"";"C:\WINDOWS\system32\drivers\sptd.sys";"IRP hook, \FileSystem\Npfs IRP_MJ_QUERY_INFORMATION -> sptd.sys +0x14706";"Objekt je skrytý"

je jich celkem 163 , co na to říkáte nevíte co s tím???
nebo si toho ted nemam vsimat?

prosim o radu

Toto je v pořádku. Můžete zkusit spustit CF i bez vypnutí, jiná možnost je ho pro sken odinstalovat a po vyčištění nainstalovat zpět.

zravim
nez jsem spustil combofix musel jsem odinstalovat avg´(neslo vypnout)
a musel jsem byt a jsem v nouzovym rezimu
tady je log

ComboFix 10-10-11.05 - Administrator 12.10.2010 17:53:40.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1718 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
C:\uninstall.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-12 do 2010-10-12 )))))))))))))))))))))))))))))))
.

2010-10-11 16:31 . 2010-10-11 16:37 -------- d-----w- c:\program files\trend micro
2010-10-11 16:31 . 2010-10-11 16:37 -------- d-----w- C:\rsit
2010-10-11 13:19 . 2010-10-11 13:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-10-11 13:16 . 2010-10-11 13:17 -------- dc-h--w- c:\windows\ie8
2010-10-09 12:10 . 2010-10-09 13:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-10-09 12:10 . 2010-10-09 12:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-09 11:43 . 2010-10-09 11:44 -------- d-----w- c:\windows\system32\NtmsData
2010-10-09 11:05 . 2010-10-11 13:30 -------- d-----w- c:\documents and settings\dwqda
2010-10-08 20:57 . 2010-10-09 11:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-10-08 19:25 . 2010-10-08 19:25 -------- d-----w- c:\documents and settings\Patrik\Data aplikací\AVG10
2010-10-08 19:25 . 2010-10-08 19:25 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-10-08 19:25 . 2010-10-08 19:25 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2010-10-08 19:20 . 2010-10-12 15:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG10
2010-10-08 19:10 . 2010-10-08 19:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2010-10-08 19:04 . 2010-10-11 18:02 -------- d-----w- c:\documents and settings\Administrator
2010-09-16 13:05 . 2010-09-16 13:05 1409 ----a-w- c:\windows\QTFont.for
2010-09-13 14:27 . 2010-09-13 14:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-05-13 15:12 217073 --sha-r- c:\windows\meta4.exe
2005-10-24 09:13 66560 --sha-r- c:\windows\MOTA113.exe
2005-10-13 19:27 422400 --sha-r- c:\windows\x2.64.exe
2005-10-07 17:14 308224 --sha-r- c:\windows\system32\avisynth.dll
2005-07-14 10:31 27648 --sha-r- c:\windows\system32\AVSredirect.dll
2005-06-26 13:32 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-21 20:37 45568 --sha-r- c:\windows\system32\cygz.dll
2004-01-24 22:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2006-04-27 08:24 2945024 --sha-r- c:\windows\system32\Smab.dll
2005-02-28 11:16 240128 --sha-r- c:\windows\system32\x.264.exe
2004-01-24 22:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
2009-05-20 16:05 2085400 ----a-w- c:\program files\Free_Lunch_Design\tbFree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\tbFree.dll" [2009-05-20 2085400]

[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="c:\program files\GIGABYTE\GEST\RUN.exe" [2007-12-14 236040]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-07-25 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\InterVideo\\DVD5\\WinDVD.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"c:\\Program Files\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3620:TCP"= 3620:TCP:bvwrfv

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.9.2010 16:27 25680]
R4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?]
R4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.1.2009 15:40 642560]
S2 ghiceky;Config Windows;c:\windows\system32\svchost.exe -k netsvcs [14.4.2008 14:00 14336]
S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [5.12.2008 18:39 47624]
S3 seozlld;seozlld;\??\c:\windows\system32\02.tmp --> c:\windows\system32\02.tmp [?]
S3 uoakntdze;uoakntdze;\??\c:\windows\system32\02.tmp --> c:\windows\system32\02.tmp [?]
S3 xwcamxqtg;xwcamxqtg;\??\c:\windows\system32\02.tmp --> c:\windows\system32\02.tmp [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ghiceky
.
.
------- Doplňkový sken -------
.
TCP: {05DB1735-54C7-480F-ADD7-6442EE61E5E2} = 84.21.122.1,84.16.96.2
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Ali_Baba - c:\\Uninstall.exe



[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seozlld]
"ImagePath"="\??\c:\windows\system32\02.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uoakntdze]
"ImagePath"="\??\c:\windows\system32\02.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xwcamxqtg]
"ImagePath"="\??\c:\windows\system32\02.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ghiceky]
"ServiceDll"="c:\windows\system32\vrnnwb.dll"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1214440339-1682526488-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9e,d5,77,39,a2,7b,83,4d,87,a5,9c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9e,d5,77,39,a2,7b,83,4d,87,a5,9c,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-10-12 17:58:08
ComboFix-quarantined-files.txt 2010-10-12 15:58

Před spuštěním: Volných bajtů: 189 596 426 240
Po spuštění: Volných bajtů: 190 231 764 992

- - End Of File - - DD90B0163B4D33F4C6D02EBC760CE29B

prosim o kontrolu popr. radu
dekuji

pomuze mi nekdo??