Spešl for Motji - RSIT Log

[Anubides]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Tomas at 2010-03-23 02:54:58
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 1 GB (7%) free of 15 GB
Total RAM: 767 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:55:35, on 23.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Student DOG\StudentDOG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AIMP2\AIMP2.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Dokumenty\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Tomas.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Tomas\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\K-Lite Codec Pack\Real\rpbrowserrecordplugin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Tomas\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StudentDOG] C:\Program Files\Student DOG\StudentDOG.exe -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Služba Google Update (gupdate1ca21d1d7bce8e6) (gupdate1ca21d1d7bce8e6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7229 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\K-Lite Codec Pack\Real\rpbrowserrecordplugin.dll [2009-08-20 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\Tomas\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-07-14 150768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-11-17 577536]
"RaidTool"=C:\Program Files\VIA\RAID\raid_tool.exe [2006-12-28 4579328]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-05-26 85160]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2009-06-01 1501064]
"nwiz"=nwiz.exe /installquiet []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-02-21 13670504]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-02-21 110696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"StudentDOG"=C:\Program Files\Student DOG\StudentDOG.exe [2009-11-04 2195456]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-08-20 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tomas^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.3.lnk]
C:\PROGRA~1\OPENOF~1.3\program\QUICKS~1.EXE [2007-10-12 393216]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Tomas\Nabídka Start\Programy\Po spuštění
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Metin2_CZ\metin2.bin"="C:\Program Files\Metin2_CZ\metin2.bin:*:Enabled:metin2"
"F:\Program Files\Sacred\Sacred.exe"="F:\Program Files\Sacred\Sacred.exe:*:Enabled:Sacred"
"F:\Program Files\Ascaron Entertainment\Sacred Gold\sacred.exe"="F:\Program Files\Ascaron Entertainment\Sacred Gold\sacred.exe:*:Enabled:Sacred"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"E:\Program Files\Duke Nukem - Manhattan Project\prism3d.exe"="E:\Program Files\Duke Nukem - Manhattan Project\prism3d.exe:*:Enabled:prism3d"
"F:\DNMP\prism3d.exe"="F:\DNMP\prism3d.exe:*:Enabled:prism3d"
"C:\WINDOWS\system32\winsys32.exe"="C:\WINDOWS\system32\winsys32.exe:*:Enabled:WINSYSTM"
"C:\Program Files\Metin2_CZ\metin2client.bin"="C:\Program Files\Metin2_CZ\metin2client.bin:*:Enabled:metin2client"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Documents and Settings\Tomas\Local Settings\Temp\bulanci.tmp"="C:\Documents and Settings\Tomas\Local Settings\Temp\bulanci.tmp:*:Enabled:bulanci"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0adf4191-d5c2-11de-ad1a-0013d3649401}]
shell\AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24e16be7-338d-11df-ad80-0013d3649401}]
shell\AutoRun\command - RECYCLER\autorun.exe
shell\open\command - RECYCLER\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b52a9886-6edb-11dd-a9bc-0013d3649401}]
shell\AutoRun\command - H:\Programs\nu2menu\nu2menu.exe


======List of files/folders created in the last 1 months======

2010-03-23 02:54:58 ----D---- C:\rsit
2010-03-19 18:00:57 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-03-19 18:00:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-03-19 17:58:01 ----D---- C:\Program Files\a-squared Free
2010-03-17 18:09:37 ----HDC---- C:\WINDOWS\$NtUninstallKB835221WXP$
2010-03-16 20:40:25 ----D---- C:\Program Files\Mixxx
2010-03-10 00:15:23 ----HD---- C:\WINDOWS\PIF
2010-03-01 16:59:07 ----D---- C:\Program Files\Microsoft IntelliType Pro
2010-03-01 14:11:05 ----A---- C:\WINDOWS\system32\OpenCL.dll
2010-03-01 14:11:02 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2010-03-01 14:11:02 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2010-03-01 14:11:02 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2010-03-01 14:11:02 ----A---- C:\WINDOWS\system32\nvcuda.dll
2010-03-01 14:11:01 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2010-03-01 14:11:01 ----A---- C:\WINDOWS\system32\nvcodins.dll
2010-03-01 14:11:01 ----A---- C:\WINDOWS\system32\nvcod.dll
2010-03-01 14:11:01 ----A---- C:\WINDOWS\system32\nvapi.dll
2010-03-01 02:59:14 ----D---- C:\Documents and Settings\Tomas\Data aplikací\foobar2000
2010-03-01 01:29:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\UAB
2010-03-01 01:29:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Drivers HeadQuarters
2010-03-01 01:24:29 ----D---- C:\Program Files\PC Drivers HeadQuarters
2010-02-25 14:44:35 ----D---- C:\Program Files\Circle Dock

======List of files/folders modified in the last 1 months======

2010-03-23 00:59:54 ----D---- C:\WINDOWS\Prefetch
2010-03-23 00:59:52 ----D---- C:\WINDOWS\Temp
2010-03-23 00:30:46 ----D---- C:\Documents and Settings\Tomas\Data aplikací\AIMP
2010-03-23 00:28:52 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-23 00:03:59 ----D---- C:\Documents and Settings\Tomas\Data aplikací\skypePM
2010-03-22 23:32:48 ----D---- C:\Documents and Settings\Tomas\Data aplikací\Skype
2010-03-22 19:08:20 ----D---- C:\WINDOWS
2010-03-22 11:08:53 ----D---- C:\Documents and Settings\Tomas\Data aplikací\OpenOffice.org2
2010-03-21 09:50:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-21 00:48:56 ----D---- C:\Documents and Settings\Tomas\Data aplikací\uTorrent
2010-03-19 18:22:14 ----RD---- C:\Program Files
2010-03-18 19:40:03 ----D---- C:\Program Files\Hide Real IP
2010-03-18 19:39:52 ----A---- C:\ioSpecial.ini
2010-03-18 19:38:42 ----D---- C:\WINDOWS\Minidump
2010-03-18 05:45:30 ----SHD---- C:\WINDOWS\Installer
2010-03-17 18:09:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-17 18:09:57 ----D---- C:\WINDOWS\system32\drivers
2010-03-17 18:09:55 ----D---- C:\WINDOWS\system32
2010-03-17 18:09:39 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-03-17 18:08:47 ----D---- C:\Program Files\Mozilla Firefox
2010-03-17 11:29:29 ----HD---- C:\WINDOWS\inf
2010-03-06 22:30:12 ----HD---- C:\Config.Msi
2010-03-04 21:16:18 ----D---- C:\Program Files\PopCap Games
2010-03-04 17:13:08 ----D---- C:\WINDOWS\Help
2010-03-02 13:18:36 ----D---- C:\Program Files\Microsoft Silverlight
2010-03-01 17:01:25 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-01 17:00:39 ----SD---- C:\Documents and Settings\Tomas\Data aplikací\Microsoft
2010-03-01 17:00:36 ----SD---- C:\WINDOWS\Tasks
2010-03-01 16:59:34 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-01 16:59:10 ----RSD---- C:\WINDOWS\Fonts
2010-03-01 14:50:37 ----D---- C:\Program Files\NVIDIA Corporation
2010-03-01 01:28:42 ----D---- C:\WINDOWS\system32\config
2010-03-01 01:28:33 ----RSD---- C:\WINDOWS\assembly
2010-02-25 16:03:17 ----D---- C:\WINDOWS\system32\NtmsData
2010-02-24 02:23:01 ----D---- C:\Documents and Settings\Tomas\Data aplikací\eBookPro6

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ACEDRV05;ACEDRV05; \??\C:\WINDOWS\system32\drivers\ACEDRV05.sys []
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-25 56816]
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 42496]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-02-22 10231936]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-05-23 29696]
S1 ensqio;ensqio; C:\WINDOWS\system32\DRIVERS\ensqio.sys []
S1 es137140;SB AudioPCI 64V; C:\WINDOWS\system32\DRIVERS\es137140.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-03-08 4027840]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WEBNTACCESS;WEBNTACCESS; \??\C:\Program Files\MSI\Live Update 3\NTACCESS.SYS []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-10-01 1858144]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-02-21 154216]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-08-30 75064]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate1ca21d1d7bce8e6;Služba Google Update (gupdate1ca21d1d7bce8e6); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-20 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-11-23 3608412]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[motji]

Je tam, mrška z vrška , teda z Recycleru

Zapojte do pc všechny usb klíče, flashky...co používáte

Stáhněte na plochu UsbFix
-spusťte, zvolte jazyk E - potvrdťe enter
-klikněte na volbu 2 - enter
- po skenu sem vložte log , pokud na Vás nevyskočí, najdete ho C:\UsbFix.txt

[Anubides]

Toto je log z té flashky...našel nějaký trojany..a recyklery..
############################## | UsbFix V6.100 |

User : Tomas (Administrators) # FANTOMAS
Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 3:07:58 | 23.3.2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Pentium(R) 4 CPU 2.40GHz
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

A:\ -> Disketová jednotka 3 1/2"
C:\ -> Místní pevný disk # 14,3 Go (1,07 Go free) [SYSTEM] # NTFS
D:\ -> Disk CD-ROM
E:\ -> Disk CD-ROM
F:\ -> Místní pevný disk # 233,76 Go (118,49 Go free) [File Disk] # NTFS
G:\ -> Disk CD-ROM # 2,71 Go (0 Mo free) [NHL_09] # CDFS
H:\ -> Místní pevný disk # 19,52 Go (10,36 Go free) # FAT32
I:\ -> Místní pevný disk # 18,8 Go (18,55 Go free) [SYSTEM 2 DO] # FAT32
J:\ -> Vyměnitelný disk # 3,73 Go (322,46 Mo free) # FAT32

################## | Files # Infected Folders |

C:\WINDOWS\System32\autorun.inf
C:\sys
G:\autorun.inf
J:\autorun.inf -> Called file : "J:\RECYCLER\autorun.exe" ( Not Found ! )
J:\autorun.inf
J:\DOBRERIBE\Desktop.ini
J:\DOBRERIBE
J:\ime\Desktop.ini
J:\ime
J:\log.txt
J:\pozuda
J:\SJAJ\Desktop.ini
J:\SJAJ
J:\SLATKO\Desktop.ini
J:\SLATKO
J:\HJTInstall.exe

################## | Registry |


################## | Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{0adf4191-d5c2-11de-ad1a-0013d3649401}
Shell\AutoRun\command =G:\Autorun.exe

HKCU\..\..\Explorer\MountPoints2\{24e16be7-338d-11df-ad80-0013d3649401}
Shell\AutoRun\command =RECYCLER\autorun.exe
Shell\open\command =RECYCLER\autorun.exe

HKCU\..\..\Explorer\MountPoints2\{b52a9886-6edb-11dd-a9bc-0013d3649401}
Shell\AutoRun\command =H:\Programs\nu2menu\nu2menu.exe

################## | Vaccin |


################## | ! End of report # UsbFix V6.100 ! |

[motji]

Spustte Usbfix znovu a zvolte možnost2, pak poprosím o log

[Anubides]

############################## | UsbFix V6.100 |

User : Tomas (Administrators) # FANTOMAS
Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 3:19:44 | 23.3.2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Pentium(R) 4 CPU 2.40GHz
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

A:\ -> Disketová jednotka 3 1/2"
C:\ -> Místní pevný disk # 14,3 Go (1,05 Go free) [SYSTEM] # NTFS
D:\ -> Disk CD-ROM
E:\ -> Disk CD-ROM
F:\ -> Místní pevný disk # 233,76 Go (118,49 Go free) [File Disk] # NTFS
G:\ -> Disk CD-ROM # 2,71 Go (0 Mo free) [NHL_09] # CDFS
H:\ -> Místní pevný disk # 19,52 Go (10,36 Go free) # FAT32
I:\ -> Místní pevný disk # 18,8 Go (18,55 Go free) [SYSTEM 2 DO] # FAT32
J:\ -> Vyměnitelný disk # 3,73 Go (322,46 Mo free) # FAT32

################## | Files # Infected Folders |

Deleted ! C:\WINDOWS\System32\autorun.inf
Deleted ! C:\sys
Deleted ! C:\Recycler\S-1-5-21-1844237615-682003330-725345543-1004
Deleted ! C:\Recycler\S-1-5-21-1844237615-682003330-725345543-500
Deleted ! F:\$Recycle.Bin\S-1-5-21-1261479808-406030921-60761442-1000
Deleted ! F:\Recycler\S-1-5-21-1844237615-682003330-725345543-1004
Deleted ! F:\Recycler\S-1-5-21-1844237615-682003330-725345543-500
(!) Not deleted ! G:\autorun.inf
J:\autorun.inf -> Called file : "J:\RECYCLER\autorun.exe" ( Not Found ! )
Deleted ! J:\autorun.inf
Deleted ! J:\DOBRERIBE\Desktop.ini
Deleted ! J:\DOBRERIBE
Deleted ! J:\ime\Desktop.ini
Deleted ! J:\ime
Deleted ! J:\log.txt
Deleted ! J:\pozuda
Deleted ! J:\SJAJ\Desktop.ini
Deleted ! J:\SJAJ
Deleted ! J:\SLATKO\Desktop.ini
Deleted ! J:\SLATKO
Deleted ! J:\HJTInstall.exe
Deleted ! J:\Recycler\S-1-6-21-2434476501-1644491937-600003330-1213

################## | Registry |


################## | Mountpoints2 |

Deleted ! HKCU\...\Explorer\MountPoints2\{b52a9886-6edb-11dd-a9bc-0013d3649401}\Shell\AutoRun\Command

################## | Listing of the present files |

[17.01.2008 13:00|--a------|0] C:\AUTOEXEC.BAT
[31.01.2010 09:40|--ahs----|211] C:\boot.ini
[23.09.2002 13:00|-rahs----|4952] C:\Bootfont.bin
[17.01.2008 13:00|--a------|0] C:\CONFIG.SYS
[17.03.2010 18:10|--a------|10] C:\csb.log
[?|?|?] C:\hiberfil.sys
[14.05.2003 07:35|--a------|168] C:\hpsfx.ini
[17.01.2008 13:00|-rahs----|0] C:\IO.SYS
[18.03.2010 19:39|--a------|125] C:\ioSpecial.ini
[17.01.2008 13:00|-rahs----|0] C:\MSDOS.SYS
[17.01.2008 14:39|-rahs----|47564] C:\NTDETECT.COM
[22.08.2009 17:07|-rahs----|250576] C:\ntldr
[?|?|?] C:\pagefile.sys
[23.03.2010 03:25|--a------|2780] C:\UsbFix.txt
[22.03.2010 23:58|--a------|1147] F:\001.txt
[21.03.2010 13:52|--a------|7592042] F:\100320-plachta.flv
[05.03.2010 23:14|--a------|54380427] F:\1112
[01.03.2010 13:40|--a------|13164430] F:\1176-video-b63uv.flv
[04.03.2010 21:43|--a------|43163129] F:\250731.flv
[13.03.2010 15:21|--a------|7859158] F:\4.1 Floorball Training-Florbalovy trening.mp4
[05.03.2010 01:39|--a------|7487056] F:\9099-video-d4kef.flv
[05.03.2010 01:16|--a------|2331767] F:\9101-video-ltgj4.flv
[05.03.2010 01:19|--a------|6384033] F:\9106-video-kigtq.flv
[05.03.2010 01:21|--a------|4118168] F:\9107-video-u2cyo.flv
[15.03.2010 14:06|--a------|57616887] F:\e speech + Children Of The Damned - Iron Maiden - Chile 2009.flv
[08.05.2008 23:59|--a------|7758] F:\Filmy-recenze.rtf
[16.03.2010 03:59|--a------|302868438] F:\Godzilla_1998_
[07.05.2008 23:57|--a------|6751] F:\Grol a Riu.rtf
[13.11.2008 02:19|--a------|1178] F:\HvŘzdiźka z nebˇźka.txt
[04.03.2010 16:19|--a------|3297393] F:\Jayk3m U§ tŘ nechci.mp4
[03.11.2008 22:50|--a------|15872] F:\Katastrofy.doc
[08.09.2009 19:22|--a------|221] F:\Koty.wsc
[03.03.2010 21:44|--a------|7923771] F:\manythings.flv
[07.03.2010 05:35|--a------|447622510] F:\NO4
[?|?|?] F:\pagefile.sys
[16.03.2010 02:14|--a------|837847040] F:\Quantum Apocalypse 2010
[08.03.2010 14:32|--a------|67590080] F:\taxik ý
[08.06.2009 20:17|--a------|11543] F:\TFS New Generation.rtf
[17.03.2010 19:44|--ahs----|244736] F:\Thumbs.db
[?|?|?] F:\trp.
[04.08.2008 14:57|--a------|224600] F:\Vesmlouvesknizetem.pdf
[15.03.2010 07:36|--a------|7438307] F:\vojna
[13.11.2006 00:15|--a------|657552] F:\Win32_Pipeline_Remover.exe
[02.11.2008 00:26|--a------|14848] F:\¦ivotopis.doc
[04.10.2008 08:40|-r-------|410888] G:\AutoRun.exe
[04.10.2008 08:40|-r-------|414984] G:\EASetup.exe
[04.10.2008 08:14|-r-------|135228950] G:\G02.cab
[04.10.2008 08:15|-r-------|1146612] G:\G03.cab
[04.10.2008 08:15|-r-------|240] G:\G03b.cab
[04.10.2008 08:12|-r-------|4310] G:\G03c.cab
[04.10.2008 08:15|-r-------|3934772] G:\G03d.cab
[04.10.2008 08:12|-r-------|117173750] G:\G03e.cab
[04.10.2008 08:35|-r-------|1712065767] G:\G03f.cab
[04.10.2008 08:14|-r-------|269328745] G:\G03g.cab
[04.10.2008 08:15|-r-------|2224372] G:\G04.cab
[04.10.2008 08:21|-r-------|479115460] G:\G05.cab
[04.10.2008 08:15|-r-------|11962002] G:\G06.cab
[04.10.2008 08:10|-r-------|4176] G:\G07.cab
[04.10.2008 08:15|-r-------|2189545] G:\G09.cab
[04.10.2008 08:14|-r-------|4738076] G:\G10.cab
[04.10.2008 08:40|-r-------|1000712] G:\GDFBinary.dll
[03.09.2008 16:10|-r-------|167194] G:\GL.ini
[04.10.2008 08:40|-r-------|5867008] G:\autorun.dat
[04.10.2008 08:40|-r-------|136] G:\autorun.inf
[03.09.2008 16:10|-r-------|22685] G:\dialoglogo128x128.jpg
[04.10.2008 08:40|-r-------|935176] G:\dirtysock.dll
[04.10.2008 08:40|-r-------|550152] G:\msvcr71d.dll
[04.10.2008 08:40|-r-------|12625160] G:\nhl2009.exe
[17.06.2008 21:37|-r-------|34494] G:\nhl2009.ico
[04.10.2008 08:40|-r-------|267528] G:\paul.dll
[04.10.2008 08:40|-r-------|238856] G:\winui.dll
[21.08.2009 11:18|--ahs----|805306368] H:\PAGEFILE.SYS
[27.07.2009 23:01|-rahs----|234160] H:\ntldr
[25.10.2001 12:00|-rahs----|4952] H:\Bootfont.bin
[27.07.2009 23:01|-rahs----|47580] H:\NTDETECT.COM
[27.07.2009 13:25|---hs----|194] H:\boot.ini
[27.07.2009 13:32|--a------|0] H:\CONFIG.SYS
[27.07.2009 13:32|--a------|0] H:\AUTOEXEC.BAT
[27.07.2009 13:32|-rahs----|0] H:\IO.SYS
[27.07.2009 13:32|-rahs----|0] H:\MSDOS.SYS
[23.03.2010 01:12|--a------|1068] I:\CFScript.txt
[30.11.2009 13:16|--ah-----|165] J:\~$PM.xlsx
[30.11.2009 13:16|--a------|360655] J:\PM.xlsx
[30.11.2009 13:37|--a------|452608] J:\stu_Prilohy_KMK_soubor1.xls
[07.12.2009 13:11|--a------|28160] J:\Seçit1.xls
[22.03.2010 20:17|--a------|781909] J:\RSIT.exe
[04.12.2009 19:50|--a------|77210] J:\1._-_8._prednaska z managementu.docx
[10.12.2009 09:43|--a------|397824] J:\sobek.xls
[19.12.2009 16:03|--a------|326250] J:\Kopie - hot17122009.pdf
[23.02.2010 13:34|--a------|241152] J:\text kata.doc
[10.02.2010 04:28|--a------|12729856] J:\hotel prezentace.ppt
[03.02.2010 13:27|--a------|1648429338] J:\Smrt ceka vsude DVDRip CZ Valecny Drama.avi
[19.03.2010 17:52|--a------|74121968] J:\a2FreeSetup.exe
[24.02.2009 02:20|--a------|730378240] J:\Cash.avi
[22.03.2010 20:16|--a------|3897377] J:\ComboFix.exe
[12.10.2009 10:53|--a------|41250] J:\form tov nˇ.png
[17.03.2010 22:44|--a------|29184] J:\Ubytovacˇ ý d Pl tenˇkov  12068.doc
[28.10.2009 08:48|--a------|32256] J:\refer t na management.wps
[28.10.2009 08:56|--a------|1121280] J:\refer t na etiku.wps
[29.12.2009 19:47|--a------|30921096] J:\avira_antivir_personal_en.exe
[14.04.2008 13:00|--a------|8504] J:\exe2bin.exe
[22.03.2010 23:56|--a------|510464] J:\OTM.exe
[28.10.2009 11:24|--a------|21148] J:\Dokument.rtf
[18.02.2010 13:32|--a------|8158488] J:\Firefox Setup 3.6.exe
[22.03.2010 23:58|--a------|1147] J:\001.txt
[28.10.2009 11:32|--a------|3094] J:\Rasismus.rtf
[22.08.2009 19:02|--a------|3278552] J:\ccsetup222.exe
[22.08.2009 19:01|--a------|891256] J:\dfsetup113.exe
[22.08.2009 19:12|--a------|16409960] J:\spybotsd162.exe
[23.03.2010 01:08|--a------|122328] J:\ndis.rar
[28.10.2009 12:06|--a------|2919978] J:\Dokument 2.rtf
[22.03.2010 21:03|--a------|128488] J:\cc_20100322_210300.reg
[23.03.2010 00:08|--a------|9791] J:\Nově objekt - Textově dokument.txt
[23.03.2010 01:26|--a------|15353] J:\ComboFix.txt
[23.03.2010 01:51|--a------|166] J:\CFScript.txt
[22.03.2010 22:55|--a------|5115824] J:\mbam-setup.exe
[23.03.2010 01:44|--a------|5851] J:\mbam-log-2010-03-23 (01-44-48).txt

################## | Vaccination |

# C:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# F:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# H:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# I:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# J:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).

################## | Upload |

Please send the file : C:\UsbFix_Upload_Me_FANTOMAS.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution .

################## | ! End of report # UsbFix V6.100 ! |

[motji]

Prosím suborC:\UsbFix_Upload_Me_FANTOMAS.zip pošlete zde http://chiquitine.changelog.fr/Sample/Upload.php .
Díky

spusťte přejmenované HJT C:\Program Files\Trend Micro\HijackThis\Tomas.exe , má tuto ikonku

- Klikněte na "Do a system scan only"
- U řádku
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip

- Dejte fajfku do čtverečku a zmáčkněte Fix checked
- restartujte pc

start - spustit - napsat
sc delete ensqio
ok
sc delete npggsvc
ok


Nemáte firewall,k čemu je užitečný se dozvíte zde http://www.viry.cz/forum/viewtopic.php?f=41&t=20980
Firewall můžu doporučit Zone Alarm, je sice v angličtině, ale jednoduchý .
(potvrdit instalaci pouze firewallu)
Zde, když to projdete, je trošku popsáno jak firewall nastavit
http://www.viry.cz/forum/viewtopic.php?f=3&t=91519


Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

[Anubides]

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3902
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23.3.2010 17:00:32
mbam-log-2010-03-23 (17-00-21).txt

Typ kontroly: Kompletní kontrola (C:\|F:\|H:\|I:\|)
Zkontrolované objekty: 236474
Uplynulý čas: 3 hour(s), 45 minute(s), 8 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
F:\Dokumenty\ISWorkv1.6\ISWorkv1.6\ISWork.exe (Trojan.Downloader) -> No action taken.

[motji]

co našel mbam, smažte.
Pokud nejsou s tmto počítačem problémy, je to vše

[Anubides]

Smazáno. PC šlape jinak v pohodě. Děkuju za tipy na programy a za pomoc =) Vratme se k tomu notasu pokud je tam ještě co řešit ohledně obtížného hmyzu

[motji]

Není zač, jdeme na ten notas