Můj log z RSIT a HijackThis

Zpráva

no_-_name · #1 Příspěvek od **no_-_name** » 25 kvě 2010 18:02

Dobrý den, přítelkyni se nějak povedlo zneprovoznit její PC a já už si tu pomalu zoufám

Nějaká potvůrka odpojila veškeré připojení k internetu (ve správci zařízení jsou u síťovek vykřičníky) a třeba NOD nejde vůbec nainstalovat...

Mám log z RSIT a HijackThis, zaujalo mě tam snad jen jo2lej.exe což asi bude nějaký bordel, ale jak to dát pryč to netuším. Asi v tom logu bude víc nekalostí, ale to už moje laické oko nepozná... Díky moc!

takže RSIT
Logfile of random's system information tool 1.07 (written by random/random)
Run by Lúca at 2010-05-25 18:54:08
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 38 GB (76%) free of 50 GB
Total RAM: 511 MB (46% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Program Files\Internet Explorer\qipsearchbar.dll [2009-07-09 150768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-16 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-16 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"rabcoxicđ"=C:\WINDOWS\System32\rabcoxicđ.exe []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-02-15 417792]
"NodEnabler"=C:\Program Files\ESET\NodEnabler\NodEnabler.exe []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"rtw9ws"=C:\DOCUME~1\LCA~1\LOCALS~1\Temp\jo2lej.exe [2010-05-24 41472]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ICQ"=C:\PROGRA~1\ICQ6.5\ICQ.exe silent []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-11-24 94208]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Aktualizovat ESET licenci.lnk - C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\StrongDC++\StrongDC.exe"="C:\Program Files\StrongDC++\StrongDC.exe:*:Enabled:StrongDC++"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-05-25 18:51:35 ----D---- C:\WINDOWS\LastGood
2010-05-25 18:38:43 ----D---- C:\Documents and Settings\Lúca\Data aplikací\Malwarebytes
2010-05-25 18:38:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-25 18:38:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-05-25 18:37:58 ----A---- C:\WINDOWS\system32\PxSecure.dll-288531
2010-05-25 18:37:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\PrevxCSI
2010-05-25 18:27:17 ----D---- C:\Program Files\trend micro
2010-05-25 18:27:16 ----D---- C:\rsit
2010-05-25 18:23:14 ----A---- C:\WINDOWS\resetlog.txt
2010-05-25 17:59:46 ----D---- C:\WINDOWS\pss
2010-05-25 17:56:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-05-24 23:22:09 ----A---- C:\WINDOWS\system32\MRT.INI
2010-05-24 23:22:06 ----D---- C:\WINDOWS\system32\MpEngineStore
2010-05-24 20:04:03 ----A---- C:\WINDOWS\ntbtlog.txt
2010-05-17 00:18:08 ----D---- C:\Program Files\SnadBoy's Revelation v2
2010-05-12 00:37:50 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$

======List of files/folders modified in the last 1 months======

2010-05-25 18:53:42 ----RD---- C:\Program Files
2010-05-25 18:53:42 ----D---- C:\WINDOWS\Temp
2010-05-25 18:53:40 ----D---- C:\WINDOWS\system32\drivers
2010-05-25 18:53:40 ----D---- C:\WINDOWS\system32
2010-05-25 18:51:39 ----SHD---- C:\WINDOWS\Installer
2010-05-25 18:51:39 ----SHD---- C:\Config.Msi
2010-05-25 18:51:38 ----HD---- C:\WINDOWS\inf
2010-05-25 18:51:35 ----D---- C:\WINDOWS
2010-05-25 18:51:34 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-25 18:51:26 ----D---- C:\WINDOWS\system32\inetsrv
2010-05-25 18:48:58 ----DC---- C:\WINDOWS\$NtUninstallKB929399$
2010-05-25 18:48:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-25 18:38:48 ----D---- C:\WINDOWS\Prefetch
2010-05-25 18:37:52 ----A---- C:\WINDOWS\Wininit.ini
2010-05-25 18:23:05 ----D---- C:\WINDOWS\system32\Restore
2010-05-25 18:22:29 ----SHD---- C:\System Volume Information
2010-05-25 18:22:06 ----SH---- C:\boot.ini
2010-05-25 18:22:06 ----A---- C:\WINDOWS\win.ini
2010-05-25 18:22:06 ----A---- C:\WINDOWS\system.ini
2010-05-25 17:56:06 ----D---- C:\Program Files\ESET
2010-05-25 17:51:24 ----D---- C:\Documents and Settings
2010-05-24 23:18:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-24 23:18:48 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-05-24 23:18:29 ----A---- C:\WINDOWS\imsins.BAK
2010-05-24 23:18:22 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-05-24 23:17:53 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9$
2010-05-24 23:17:31 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-05-24 23:17:17 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-05-24 23:17:01 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-05-24 23:16:31 ----D---- C:\Program Files\Outlook Express
2010-05-24 23:16:08 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-05-24 20:34:47 ----RSHD---- C:\RECYCLER
2010-05-24 20:24:08 ----D---- C:\WINDOWS\Registration
2010-05-24 20:19:04 ----D---- C:\WINDOWS\system32\CatRoot
2010-05-24 20:17:45 ----D---- C:\WINDOWS\system32\Logfiles
2010-05-24 20:15:42 ----D---- C:\WINDOWS\system32\config
2010-05-24 20:15:00 ----D---- C:\WINDOWS\system32\wbem
2010-05-24 20:14:08 ----D---- C:\Program Files\Mozilla Firefox
2010-05-24 20:13:28 ----D---- C:\Program Files\Nokia
2010-05-24 20:12:24 ----D---- C:\Program Files\Common Files\Nokia(2)
2010-05-24 20:12:24 ----D---- C:\Program Files\Common Files
2010-05-24 20:12:21 ----D---- C:\Documents and Settings\Lúca\Data aplikací\Nokia
2010-05-24 20:12:21 ----D---- C:\Documents and Settings\Lúca\Data aplikací\dvdcss
2010-05-24 20:12:17 ----DC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-05-24 20:11:40 ----D---- C:\Program Files\PC Connectivity Solution(2)
2010-05-24 20:10:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2010-05-24 20:10:29 ----DC---- C:\WINDOWS\$NtUninstallWudf01007$
2010-05-24 20:10:18 ----DC---- C:\WINDOWS\$NtUninstallKB941569$
2010-05-24 20:08:13 ----D---- C:\Program Files\Opera
2010-05-24 19:58:46 ----D---- C:\Documents and Settings\Lúca\Data aplikací\vlc
2010-05-12 00:22:06 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-10 16:00:51 ----SD---- C:\Documents and Settings\Lúca\Data aplikací\Microsoft
2010-04-30 11:51:08 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2003-12-12 784832]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 pxkbf;pxkbf; C:\WINDOWS\System32\drivers\pxkbf.sys []
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R4 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys []
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S2 pxrts;pxrts; C:\WINDOWS\System32\drivers\pxrts.sys []
S3 aa73zk2g;aa73zk2g; C:\WINDOWS\system32\drivers\aa73zk2g.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-04-14 1897408]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
R2 IISADMIN;Správa služby IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-16 153376]
S2 SamSsWebClient;Správce zabezpečení účtů SamSsWebClient; C:\WINDOWS\system32\1029u.exe [2008-04-14 69120]
S2 W3SVC;Publikování na webu; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

A HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:21, on 25.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
G:\aaa\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qip.ru/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qip.ru/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by QIP.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Program Files\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Program Files\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [rabcoxicđ] C:\WINDOWS\System32\rabcoxicđ.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NodEnabler] C:\Program Files\ESET\NodEnabler\NodEnabler.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKLM\..\Policies\Explorer\Run: [rtw9ws] C:\DOCUME~1\LCA~1\LOCALS~1\Temp\jo2lej.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Aktualizovat ESET licenci.lnk = C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O9 - Extra button: QIP Infium - {3D6E4C09-E3B3-4206-97B0-59FF062B144A} - C:\Program Files\QIP Infium\infium.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Správce zabezpečení účtů SamSsWebClient (SamSsWebClient) - Unknown owner - C:\WINDOWS\system32\1029u.exe

--
End of file - 6277 bytes

#2 Příspěvek od **motji** » 25 kvě 2010 19:06

Dobrý večer

Vzhledem k tomu, že nelegální programy tu neřešíme, dejte nejdříve pryř ten nelegální Nod.

Vidím, že jste použil mbam, našel by jste log?

no_-_name · #3 Příspěvek od **no_-_name** » 25 kvě 2010 20:08

Za ten Nod se omluvám

MBAM mi nic extra nevypsalo

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

25.5.2010 21:04:05
mbam-log-2010-05-25 (21-04-05).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 146644
Uplynulý čas: 23 minuta(y), 1 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

#4 Příspěvek od **motji** » 25 kvě 2010 20:21

V dalším logu ho už nechci vidět

Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázek

záložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner

Obrázek

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy

ok

zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

no_-_name · #5 Příspěvek od **no_-_name** » 25 kvě 2010 20:48

Houstone, máme problém. OTL se zasekává, zřejmě někde v posledních fázích prohledávání. Naskočí tmavé okno příkazové řádky, poté zmizí a jeho bílý "stín" zůstane.

poslední nápis ve spodní liště OTL je Looking at file C:\windows\system32\zipfldr.dll
p.s. v tom černém okně je něco jako poslední řádek z toho skriptu co jsem zadával a rčení "systém nemůže nalézt uvedenou cestu"

#6 Příspěvek od **motji** » 25 kvě 2010 21:04

Dobře, zkuste ho spustit v nouzovém režimu, pokud se opět sekne, tak bez skriptu.

no_-_name · #7 Příspěvek od **no_-_name** » 25 kvě 2010 22:53

OTL logfile created on: 25.5.2010 23:34:38 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Lúca\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

511,00 Mb Total Physical Memory | 362,00 Mb Available Physical Memory | 71,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 37,57 Gb Free Space | 76,94% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 165,38 Gb Free Space | 89,86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 7,45 Gb Total Space | 4,41 Gb Free Space | 59,23% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SROTIK
Current User Name: Lúca
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.25 21:23:28 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lúca\Plocha\OTL.exe
PRC - [2009.09.24 08:50:10 | 003,520,256 | ---- | M] (Ghisler Software GmbH) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010.05.25 21:23:28 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lúca\Plocha\OTL.exe
MOD - [2008.04.14 08:49:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2008.07.29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.04.14 08:52:50 | 000,069,120 | --S- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\1029u.exe -- (SamSsWebClient)
SRV - [2008.04.14 08:52:28 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008.04.14 08:52:28 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)

========== Driver Services (SafeList) ==========

DRV - [2010.03.16 21:52:29 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.02.11 09:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.04.14 02:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.04.14 00:04:32 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008.04.13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001.08.18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1078081533-884357618-1417001333-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qip.ru/
IE - HKU\S-1-5-21-1078081533-884357618-1417001333-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-1078081533-884357618-1417001333-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-1078081533-884357618-1417001333-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qip.ru/
IE - HKU\S-1-5-21-1078081533-884357618-1417001333-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-1078081533-884357618-1417001333-1005\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1078081533-884357618-1417001333-1005\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Program Files\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-1078081533-884357618-1417001333-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://seznam.cz/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://search.qip.ru/search?from=FF&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.24 20:14:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.24 20:20:36 | 000,000,000 | ---D | M]

[2010.03.16 03:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lúca\Data aplikací\Mozilla\Extensions
[2010.05.25 17:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lúca\Data aplikací\Mozilla\Firefox\Profiles\7yku9bku.default\extensions
[2010.05.25 17:49:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Lúca\Data aplikací\Mozilla\Firefox\Profiles\7yku9bku.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.24 20:07:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Lúca\Data aplikací\Mozilla\Firefox\Profiles\7yku9bku.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2010.05.24 20:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lúca\Data aplikací\Mozilla\Firefox\Profiles\7yku9bku.default\extensions\DTToolbar@toolbarnet(2).com
[2010.03.16 22:22:02 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Lúca\Data aplikací\Mozilla\Firefox\Profiles\7yku9bku.default\searchplugins\daemon-search.xml
[2010.03.21 21:23:40 | 000,002,061 | ---- | M] () -- C:\Documents and Settings\Lúca\Data aplikací\Mozilla\Firefox\Profiles\7yku9bku.default\searchplugins\qipsearch.xml
[2010.05.19 16:18:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.24 20:07:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.01.16 02:50:40 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.16 02:50:40 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.01.16 02:50:40 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.16 02:50:40 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.16 02:50:40 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.05.25 23:23:01 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Program Files\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1078081533-884357618-1417001333-1005\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKU\S-1-5-21-1078081533-884357618-1417001333-1005..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1078081533-884357618-1417001333-1005..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Aktualizovat ESET licenci.lnk = C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: rtw9ws = C:\DOCUME~1\LCA~1\LOCALS~1\Temp\jo2lej.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-884357618-1417001333-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Lúca\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lúca\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1999.01.02 03:48:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.05.25 21:29:04 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lúca\Plocha\OTL.exe
[2010.05.25 21:27:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Lúca\IECompatCache
[2010.05.25 21:27:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lúca\Recent
[2010.05.25 21:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.05.25 18:38:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lúca\Data aplikací\Malwarebytes
[2010.05.25 18:38:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.05.25 18:38:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.05.25 18:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.05.25 18:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.05.25 18:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\PrevxCSI
[2010.05.25 18:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.05.25 18:27:16 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.25 17:59:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.05.25 17:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2010.05.24 23:22:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010.05.17 00:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\SnadBoy's Revelation v2
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.25 23:33:31 | 000,000,133 | ---- | M] () -- C:\Documents and Settings\Lúca\Plocha\cmd.bat
[2010.05.25 23:25:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.25 23:25:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.25 23:23:01 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.05.25 21:51:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.25 21:50:51 | 001,777,664 | ---- | M] () -- C:\Documents and Settings\Lúca\ntuser.dat
[2010.05.25 21:50:51 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Lúca\ntuser.ini
[2010.05.25 21:50:46 | 004,839,840 | -H-- | M] () -- C:\Documents and Settings\Lúca\Local Settings\Data aplikací\IconCache.db
[2010.05.25 21:28:06 | 000,187,262 | ---- | M] () -- C:\Documents and Settings\Lúca\Dokumenty\cc_20100525_212758.reg
[2010.05.25 21:26:41 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Lúca\Plocha\CCleaner.lnk
[2010.05.25 21:23:28 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lúca\Plocha\OTL.exe
[2010.05.25 18:38:39 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.05.25 18:37:52 | 000,000,048 | ---- | M] () -- C:\WINDOWS\Wininit.ini
[2010.05.25 18:27:22 | 000,000,038 | ---- | M] () -- C:\Documents and Settings\Lúca\online_{28eb76b2-6fd0-40f0-8d04-a80653852e5c}
[2010.05.25 18:27:22 | 000,000,038 | ---- | M] () -- C:\Documents and Settings\Lúca\{28eb76b2-6fd0-40f0-8d04-a80653852e5c}
[2010.05.25 18:22:37 | 000,000,737 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2010.05.25 18:22:06 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.05.25 18:22:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.05.25 18:22:06 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010.05.24 23:22:09 | 000,000,206 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010.05.24 23:06:39 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.05.24 21:13:03 | 000,046,210 | ---- | M] () -- C:\Documents and Settings\Lúca\ifarmed.html
[2010.05.24 20:43:29 | 000,043,707 | ---- | M] () -- C:\WINDOWS\System32\ifarmed.html
[2010.05.24 20:37:33 | 000,000,186 | --S- | M] () -- C:\WINDOWS\System32\1963830916.dat
[2010.05.24 20:23:29 | 000,000,038 | ---- | M] () -- C:\WINDOWS\System32\online_{28eb76b2-6fd0-40f0-8d04-a80653852e5c}
[2010.05.24 20:23:25 | 000,000,038 | ---- | M] () -- C:\WINDOWS\System32\{28eb76b2-6fd0-40f0-8d04-a80653852e5c}
[2010.05.24 20:20:36 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2010.05.24 19:58:54 | 000,210,816 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ndis.sys
[2010.05.06 22:35:18 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Lúca\Dokumenty\dotazníky spokojenosti.doc
[2010.05.04 23:30:51 | 000,022,080 | ---- | M] () -- C:\Documents and Settings\Lúca\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.25 21:38:53 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Lúca\Plocha\cmd.bat
[2010.05.25 21:28:02 | 000,187,262 | ---- | C] () -- C:\Documents and Settings\Lúca\Dokumenty\cc_20100525_212758.reg
[2010.05.25 21:26:41 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Lúca\Plocha\CCleaner.lnk
[2010.05.25 18:38:39 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.05.25 18:22:56 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
[2010.05.25 18:22:56 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Aktualizovat ESET licenci.lnk
[2010.05.24 23:22:09 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010.05.24 21:12:56 | 000,046,210 | ---- | C] () -- C:\Documents and Settings\Lúca\ifarmed.html
[2010.05.24 20:36:09 | 000,000,186 | --S- | C] () -- C:\WINDOWS\System32\1963830916.dat
[2010.05.24 20:29:46 | 000,043,707 | ---- | C] () -- C:\WINDOWS\System32\ifarmed.html
[2010.05.24 20:20:36 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2010.05.24 20:18:42 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\Lúca\online_{28eb76b2-6fd0-40f0-8d04-a80653852e5c}
[2010.05.24 20:18:39 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\Lúca\{28eb76b2-6fd0-40f0-8d04-a80653852e5c}
[2010.05.24 20:17:20 | 000,000,038 | ---- | C] () -- C:\WINDOWS\System32\online_{28eb76b2-6fd0-40f0-8d04-a80653852e5c}
[2010.05.24 20:17:19 | 000,000,038 | ---- | C] () -- C:\WINDOWS\System32\{28eb76b2-6fd0-40f0-8d04-a80653852e5c}
[2010.05.06 22:35:16 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Lúca\Dokumenty\dotazníky spokojenosti.doc
[2010.03.31 15:36:00 | 000,634,880 | ---- | C] () -- C:\WINDOWS\System32\SAFEQ.DLL
[2010.03.31 15:36:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\SAFEQUI.DLL
[2010.03.31 15:36:00 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\SafeQEvent.dll
[2010.03.16 22:27:46 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.03.16 21:52:29 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.03.16 21:30:10 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.03.16 21:30:04 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.03.16 21:29:47 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.03.16 21:29:47 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.03.16 21:29:38 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010.03.16 21:29:06 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010.03.16 21:29:04 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.03.16 09:58:42 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2010.03.16 09:58:42 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2010.03.16 09:58:41 | 000,000,048 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2010.03.16 09:58:40 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2010.03.16 09:58:40 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[1999.01.02 03:44:14 | 000,058,716 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[1999.01.02 03:44:14 | 000,014,691 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[1999.01.02 03:44:12 | 000,018,097 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini

========== LOP Check ==========

[2010.03.16 22:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ACD Systems
[2010.03.16 22:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2010.05.25 17:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2010.03.17 19:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.04.15 18:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2010.04.15 20:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\OviInstallerCache
[2010.05.24 20:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2010.05.25 18:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PrevxCSI
[2010.03.16 22:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lúca\Data aplikací\DAEMON Tools Lite
[2010.03.16 09:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lúca\Data aplikací\GHISLER
[2010.03.23 01:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lúca\Data aplikací\gtk-2.0
[2010.05.24 20:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lúca\Data aplikací\Nokia
[2010.04.13 18:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lúca\Data aplikací\OpenOffice.org
[2010.03.16 21:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lúca\Data aplikací\Opera
[2010.04.15 19:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lúca\Data aplikací\PC Suite

========== Purity Check ==========

< End of report >

===================================================================================================

OTL Extras logfile created on: 25.5.2010 23:34:38 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Lúca\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

511,00 Mb Total Physical Memory | 362,00 Mb Available Physical Memory | 71,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 37,57 Gb Free Space | 76,94% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 165,38 Gb Free Space | 89,86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 7,45 Gb Total Space | 4,41 Gb Free Space | 59,23% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SROTIK
Current User Name: Lúca
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1078081533-884357618-1417001333-1005\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 10.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\StrongDC++\StrongDC.exe" = C:\Program Files\StrongDC++\StrongDC.exe:*:Enabled:StrongDC++ -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{368E88DE-E5D2-83E7-11AF-23375B581029}" = Nero 7 Demo
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{5DE71D48-01EB-4BF2-A643-50FE6C9B6AC9}" = OpenOffice.org 3.2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{90280405-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional s aplikací FrontPage
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{F8B98EB6-FC06-45BF-87D4-9784E0408611}" = ACDSee 10 Photo Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner (remove only)
"C-Media Audio" = C-Media 3D Audio
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.8.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2)
"StrongDC++" = StrongDC++ 2.40
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 1.0.5
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1078081533-884357618-1417001333-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP 2005" = QIP 2005 8095

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25.5.2010 11:53:42 | Computer Name = SROTIK | Source = JavaQuickStarterService | ID = 1
Description =

Error - 25.5.2010 11:58:16 | Computer Name = SROTIK | Source = JavaQuickStarterService | ID = 1
Description =

Error - 25.5.2010 11:59:22 | Computer Name = SROTIK | Source = MsiInstaller | ID = 11500
Description = Product: ESET NOD32 Antivirus -- Error 1500. Another installation
is in progress. You must complete that installation before continuing this one.

Error - 25.5.2010 12:02:17 | Computer Name = SROTIK | Source = JavaQuickStarterService | ID = 1
Description =

Error - 25.5.2010 12:24:40 | Computer Name = SROTIK | Source = JavaQuickStarterService | ID = 1
Description =

Error - 25.5.2010 12:49:26 | Computer Name = SROTIK | Source = JavaQuickStarterService | ID = 1
Description =

Error - 25.5.2010 14:34:14 | Computer Name = SROTIK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace mbam.exe, verze 1.46.0.1, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.

Error - 25.5.2010 15:35:00 | Computer Name = SROTIK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace OTL.exe, verze 3.2.5.0, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.

Error - 25.5.2010 15:50:40 | Computer Name = SROTIK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace OTL.exe, verze 3.2.5.0, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.

Error - 25.5.2010 15:52:00 | Computer Name = SROTIK | Source = JavaQuickStarterService | ID = 1
Description =

[ System Events ]
Error - 13.5.2010 14:38:03 | Computer Name = SROTIK | Source = SideBySide | ID = 16842784
Description = Závislá symbolická adresa Microsoft.VC80.MFCLOC nebyla nalezena a
poslední chyba byla Sestavení určené odkazem není v systému nainstalováno. .

Error - 13.5.2010 14:38:03 | Computer Name = SROTIK | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly pro Microsoft.VC80.MFCLOC se nezdařila. Referenční
chybová zpráva: Sestavení určené odkazem není v systému nainstalováno. .

Error - 13.5.2010 14:38:03 | Computer Name = SROTIK | Source = SideBySide | ID = 16842811
Description = Generate Activation Context pro C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL
se nezdařila. Referenční chybová zpráva: Operace byla dokončena úspěšně. .

Error - 13.5.2010 14:38:03 | Computer Name = SROTIK | Source = SideBySide | ID = 16842784
Description = Závislá symbolická adresa Microsoft.VC80.MFCLOC nebyla nalezena a
poslední chyba byla Sestavení určené odkazem není v systému nainstalováno. .

Error - 13.5.2010 14:38:03 | Computer Name = SROTIK | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly pro Microsoft.VC80.MFCLOC se nezdařila. Referenční
chybová zpráva: Sestavení určené odkazem není v systému nainstalováno. .

Error - 13.5.2010 14:38:03 | Computer Name = SROTIK | Source = SideBySide | ID = 16842811
Description = Generate Activation Context pro C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL
se nezdařila. Referenční chybová zpráva: Operace byla dokončena úspěšně. .

Error - 16.5.2010 17:58:06 | Computer Name = SROTIK | Source = SideBySide | ID = 16842784
Description = Závislá symbolická adresa Microsoft.VC80.MFCLOC nebyla nalezena a
poslední chyba byla Sestavení určené odkazem není v systému nainstalováno. .

Error - 16.5.2010 17:58:06 | Computer Name = SROTIK | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly pro Microsoft.VC80.MFCLOC se nezdařila. Referenční
chybová zpráva: Sestavení určené odkazem není v systému nainstalováno. .

Error - 16.5.2010 17:58:06 | Computer Name = SROTIK | Source = SideBySide | ID = 16842811
Description = Generate Activation Context pro C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL
se nezdařila. Referenční chybová zpráva: Operace byla dokončena úspěšně. .

Error - 16.5.2010 17:58:06 | Computer Name = SROTIK | Source = SideBySide | ID = 16842784
Description = Závislá symbolická adresa Microsoft.VC80.MFCLOC nebyla nalezena a
poslední chyba byla Sestavení určené odkazem není v systému nainstalováno. .

< End of report >

#8 Příspěvek od **motji** » 26 kvě 2010 06:21

Ještě log z názvel OTL.txt by se tam nenašel?

no_-_name · #9 Příspěvek od **no_-_name** » 26 kvě 2010 07:54

to je ten první v mém předchozím příspěvku, hned za ním je extras. Udělám tam nějakou větší mezeru

#10 Příspěvek od **motji** » 26 kvě 2010 10:21

TAk to se omlouvám, se mi to všechno slilo v jedno

, čekala jsem delší log, ale asi jste ho nakonec spouštěl bez skriptu,že?
Zazálohujte si důležité soubory a použijeme combofix.Máte v případě potřeby inst. cd na opravu? Ale pokusíme se to zvládnout bez něj

Stáhněte na plochu ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-klikněte na něj pravým tlačítkem a přejmenujte ho na cokoliv.com

Jděte na tuto internetovou stránku: http://support.microsoft.com/kb/310994
- Dole na stránce klikněte na odkaz ke stažení instalátoru Konzole pro zotavení, který odpovídá typu (Windows XP Home/Professional) a verzi (bez Service Packu / Service Pack 1 / Service Pack 2) vašeho operačního systému.(verze pro sp2 platí i pro Váš sp3)
- Instalátor stáhněte do stejného umístění, kde máte uložený ComboFix.

Obrázek

Uchopte myší stažený instalátor a přetáhněte ho nad ComboFix.

Obrázek

- Postupujte podle pokynů na obrazovce a potvrďte licenční podmínky pro zahájení instalace konzole.
- Při další výzvě klikněte na tlačítko Yes a ComboFix dodatečně proskenuje váš počítač.
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah zde

no_-_name · #11 Příspěvek od **no_-_name** » 26 kvě 2010 11:51

ComboFix 10-05-25.05 - Lúca 26.05.2010 12:43:50.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.299 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lúca\Plocha\blabla.exe
Použité ovládací přepínače :: c:\documents and settings\Lúca\Plocha\WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\qiPSearchbar.dll
c:\windows\system32\1029u.exe
c:\windows\system32\1963830916.dat
c:\windows\system32\Cache
c:\windows\system32\zh9qide.log

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SAMSSWEBCLIENT
-------\Service_SamSsWebClient

((((((((((((((((((((((((( Soubory vytvořené od 2010-04-26 do 2010-05-26 )))))))))))))))))))))))))))))))
.

2010-05-25 19:26 . 2010-05-25 19:26 -------- d-----w- c:\program files\CCleaner
2010-05-25 16:38 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-25 16:38 . 2010-05-25 16:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-25 16:38 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-25 16:27 . 2010-05-25 16:27 -------- d-----w- c:\program files\trend micro
2010-05-24 21:22 . 2010-05-24 21:22 -------- d-----w- c:\windows\system32\MpEngineStore
2010-05-24 18:37 . 2010-05-24 18:37 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-05-24 18:17 . 2010-05-24 18:17 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-05-24 18:16 . 2010-05-24 18:16 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-24 18:14 . 2010-05-24 18:14 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-16 22:18 . 2010-05-24 18:05 -------- d-----w- c:\program files\SnadBoy's Revelation v2

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-25 18:21 . 2010-03-16 08:11 -------- d-----w- c:\program files\ESET
2010-05-24 18:13 . 2010-04-15 16:39 -------- d-----w- c:\program files\Nokia
2010-05-24 18:12 . 2010-04-15 16:59 -------- d-----w- c:\program files\Common Files\Nokia(2)
2010-05-24 18:11 . 2010-04-15 18:56 -------- d-----w- c:\program files\PC Connectivity Solution(2)
2010-05-24 18:08 . 2010-03-16 19:30 -------- d-----w- c:\program files\Opera
2010-04-15 19:02 . 2010-04-15 19:02 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-04-15 19:02 . 2010-04-15 19:02 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-04-15 17:01 . 2001-10-25 14:00 87626 ----a-w- c:\windows\system32\perfc005.dat
2010-04-15 17:01 . 2001-10-25 14:00 464256 ----a-w- c:\windows\system32\perfh005.dat
2010-04-15 16:57 . 2010-04-15 16:57 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-04-15 16:57 . 2010-04-15 16:57 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-03-31 13:38 . 2010-03-17 17:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-18 12:12 . 2010-03-18 12:12 0 ----a-w- c:\windows\ativpsrm.bin
2010-03-17 17:34 . 2010-03-17 17:34 16282912 ----a-w- c:\program files\icq65cz.exe
2010-03-17 17:25 . 1999-01-02 01:47 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-17 17:25 . 1999-01-02 01:47 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-17 17:24 . 1999-01-02 01:47 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-03-16 19:52 . 2010-03-16 19:52 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-16 07:52 . 2010-03-16 07:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-16 01:07 . 2010-03-16 01:07 0 ----a-w- c:\windows\nsreg.dat
2010-03-14 18:00 . 2010-03-16 19:29 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-03-10 06:17 . 2008-04-14 06:52 420352 ----a-w- c:\windows\system32\vbscript.dll
.

------- Sigcheck -------

[-] 2010-05-24 17:58 . 09925C49086F2785C061418F7FCA406F . 210816 . . [------] . . c:\windows\system32\dllcache\ndis.sys

c:\windows\System32\drivers\ndis.sys ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-24 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-15 417792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\StrongDC++\\StrongDC.exe"=

S0 hxkxfh;hxkxfh; [x]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.3.2010 21:52 721904]
.
Obsah adresáře 'Naplánované úlohy'

2010-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.qip.ru/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Lúca\Data aplikací\Mozilla\Firefox\Profiles\7yku9bku.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-26 12:48
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,ae,be,65,64,cf,b5,40,b0,f9,f0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,ae,be,65,64,cf,b5,40,b0,f9,f0,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(272)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1792)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDll32.exe
.
**************************************************************************
.
Celkový čas: 2010-05-26 12:49:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-26 10:49

Před spuštěním: Volných bajtů: 39 702 491 136
Po spuštění: Volných bajtů: 45 621 972 992

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 16EE62CA84E755CB4771C3FE15238052

#12 Příspěvek od **motji** » 26 kvě 2010 12:38

Z přílohy stahněte soubor v raru, rozbalte ho a uložte přímo na disk C, tak aby cesta k němu byla c:\ndis.sys
Pokud by Vám soubor nešel na plochu nakopírovat, někdy to vir blokuje, napište

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

FCOPY::
c:\ndis.sys | c:\windows\System32\drivers\ndis.sys 
c:\ndis.sys | c:\windows\system32\dllcache\ndis.sys

Driver::
hxkxfh

Extra::

DDS::
uStart Page = hxxp://start.qip.ru/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip

Firefox::
FF - ProfilePath - c:\documents and settings\Lúca\Data aplikací\Mozilla\Firefox\Profiles\7yku9bku.default\
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

no_-_name · #13 Příspěvek od **no_-_name** » 31 kvě 2010 14:41

log co vylezl z combofixu po předcházející akci

ComboFix 10-05-25.05 - Lúca 31.05.2010 15:31:00.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.293 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lúca\Plocha\blabla.exe
Použité ovládací přepínače :: c:\documents and settings\Lúca\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\ndis.sys --> c:\windows\System32\drivers\ndis.sys
c:\ndis.sys --> c:\windows\system32\dllcache\ndis.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_HXKXFH
-------\Service_hxkxfh

((((((((((((((((((((((((( Soubory vytvořené od 2010-04-28 do 2010-05-31 )))))))))))))))))))))))))))))))
.

2010-05-31 13:30 . 2009-08-17 14:26 182656 -c--a-w- c:\windows\system32\dllcache\ndis.sys
2010-05-31 13:30 . 2009-08-17 14:26 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-05-31 13:26 . 2009-08-17 14:26 182656 ------w- C:\ndis.sys
2010-05-31 13:25 . 2010-05-31 13:29 -------- d-----w- C:\aaa
2010-05-25 19:26 . 2010-05-25 19:26 -------- d-----w- c:\program files\CCleaner
2010-05-25 16:38 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-25 16:38 . 2010-05-25 16:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-25 16:38 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-25 16:27 . 2010-05-25 16:27 -------- d-----w- c:\program files\trend micro
2010-05-24 21:22 . 2010-05-24 21:22 -------- d-----w- c:\windows\system32\MpEngineStore
2010-05-24 18:37 . 2010-05-24 18:37 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-05-24 18:17 . 2010-05-24 18:17 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-05-24 18:16 . 2010-05-24 18:16 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-24 18:14 . 2010-05-24 18:14 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-16 22:18 . 2010-05-24 18:05 -------- d-----w- c:\program files\SnadBoy's Revelation v2

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-25 18:21 . 2010-03-16 08:11 -------- d-----w- c:\program files\ESET
2010-05-24 18:13 . 2010-04-15 16:39 -------- d-----w- c:\program files\Nokia
2010-05-24 18:12 . 2010-04-15 16:59 -------- d-----w- c:\program files\Common Files\Nokia(2)
2010-05-24 18:11 . 2010-04-15 18:56 -------- d-----w- c:\program files\PC Connectivity Solution(2)
2010-05-24 18:08 . 2010-03-16 19:30 -------- d-----w- c:\program files\Opera
2010-04-15 19:02 . 2010-04-15 19:02 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-04-15 19:02 . 2010-04-15 19:02 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-04-15 17:01 . 2001-10-25 14:00 87626 ----a-w- c:\windows\system32\perfc005.dat
2010-04-15 17:01 . 2001-10-25 14:00 464256 ----a-w- c:\windows\system32\perfh005.dat
2010-04-15 16:57 . 2010-04-15 16:57 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-04-15 16:57 . 2010-04-15 16:57 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-03-18 12:12 . 2010-03-18 12:12 0 ----a-w- c:\windows\ativpsrm.bin
2010-03-17 17:34 . 2010-03-17 17:34 16282912 ----a-w- c:\program files\icq65cz.exe
2010-03-17 17:25 . 1999-01-02 01:47 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-17 17:25 . 1999-01-02 01:47 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-17 17:24 . 1999-01-02 01:47 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-03-16 19:52 . 2010-03-16 19:52 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-16 07:52 . 2010-03-16 07:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-16 01:07 . 2010-03-16 01:07 0 ----a-w- c:\windows\nsreg.dat
2010-03-14 18:00 . 2010-03-16 19:29 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-03-10 06:17 . 2008-04-14 06:52 420352 ----a-w- c:\windows\system32\vbscript.dll
.

------- Sigcheck -------

[-] 2009-08-17 14:26 . 98A85863BC3774AF0B2647DDCA376FEC . 182656 . . [------] . . c:\windows\system32\dllcache\ndis.sys
[-] 2009-08-17 14:26 . 98A85863BC3774AF0B2647DDCA376FEC . 182656 . . [------] . . c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-05-26_10.48.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-07 11:31 . 2010-05-31 13:35 211814 c:\windows\system32\inetsrv\MetaBase.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-24 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-15 417792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\StrongDC++\\StrongDC.exe"=

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.3.2010 21:52 721904]
.
Obsah adresáře 'Naplánované úlohy'

2010-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Lúca\Data aplikací\Mozilla\Firefox\Profiles\7yku9bku.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-HijackThis - g:\aaa\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-31 15:35
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,ae,be,65,64,cf,b5,40,b0,f9,f0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,ae,be,65,64,cf,b5,40,b0,f9,f0,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(272)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1988)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-05-31 15:37:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-31 13:37
ComboFix2.txt 2010-05-26 10:49

Před spuštěním: Volných bajtů: 45 603 811 328
Po spuštění: Volných bajtů: 45 570 895 872

- - End Of File - - AA920C7D0A449586E30CFA77DF9E459E

#14 Příspěvek od **motji** » 31 kvě 2010 17:30

Něco to tam bude znovu infikovat

, než to nahradím znovu přes avenger, zkuste udělat sken Gmerem

odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
(neprovádějte, pokud nepoužíváte virtuální jednotky, tedy ani nestahujte SPTD)
-----------------------------------------------------

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.

stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu

start-spustit
do okénka zkopírujte

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

ok

vytvoří se log s názvem mbr.log, vložte ho zde

VIRY.CZ

Můj log z RSIT a HijackThis

Můj log z RSIT a HijackThis

Re: Můj log z RSIT a HijackThis

Re: Můj log z RSIT a HijackThis

Re: Můj log z RSIT a HijackThis

Re: Můj log z RSIT a HijackThis

Re: Můj log z RSIT a HijackThis

Re: Můj log z RSIT a HijackThis

Re: Můj log z RSIT a HijackThis

Re: Můj log z RSIT a HijackThis

Re: Můj log z RSIT a HijackThis

Re: Můj log z RSIT a HijackThis

Re: Můj log z RSIT a HijackThis

Re: Můj log z RSIT a HijackThis

Re: Můj log z RSIT a HijackThis