RSIT - log, smzano vsechno z profilu uzivatele win XP

[KEnik]

Zdravím,
mám podezření na smazání a znovu vytvoření profilu nebo řádění vira
Pc ma XP SP2
asi 5 uživatelů. Jeden uživatel "Mira" - administrator
zničeho nic přišel o všechny soubory na ploše, v dokumentech, prazdny koš atd.
PC měl 10MB volneho místa když jsme k němu přišel. Tak jsme odinstaloval nejaky SW a je to lepší.
(z toho duvodu asi ani nevidim ztracené dokumenty jako smazané - programem na obnovu smazaných souborů)

Když uživateli nastavim zobrazení ikon jako PC, dokumenty (klasicka nabidka start) tak po restartu musim udelat znovu.
Zástupci instalovaných programu ale po restartu nezmizí

IE8 chce potvrdit sputsu veci( asi prvni spusteni) ale nakonec se zasekne , FF a Chrome bezi.

V dokumentech byly smlouvy a dalsi dulezite dokumenty a na plose fotky z dovolene.
Jeste zkusim prohledat ostatni uzivatele zda jen nekdo nemixoval s ucty.
Koukněte prosím na log a dejte vědět. Díky moc!

Kód: Vybrat vše

Logfile of random's system information tool 1.08 (written by random/random)

Run by Míra at 2010-11-01 19:28:40

Microsoft Windows XP Home Edition Service Pack 2

System drive C: has 959 MB (6%) free of 15 GB

Total RAM: 511 MB (20% free)



HijackThis download failed



======Scheduled tasks folder======



C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{CCDB7941-2C87-4591-A2C2-AD50AE7CCA74}.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{FB0A6EF5-98FE-4E5A-9203-600928CCCC85}.job



======Registry dump======



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]

MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL [2010-07-24 54704]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-04-04 61888]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]

mwsBar BHO - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL [2010-07-24 775696]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-09-17 1615200]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-09-27 2118984]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-26 297648]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]

Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-26 843832]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}]

NavHelper Class - C:\Program Files\NavExcel\NavHelper\v2.0.4\NHelper.dll []



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]

{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My Web Search - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL [2010-07-24 775696]

{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-09-27 2118984]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-26 297648]



[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"ASUS Probe"=C:\Program Files\ASUS\Probe\AsusProb.exe [2002-12-06 617984]

"mmtask"=c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe [2003-10-29 53248]

"MMTray"=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [2003-10-29 118784]

"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-09-12 335872]

"NeroCheck"=C:\WINDOWS\System32\\NeroCheck.exe [2001-07-09 155648]

"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2003-07-01 1130546]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-10-20 282624]

"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]

"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [2004-03-04 172032]

"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2004-02-18 49152]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]

"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe [2010-07-24 32849]

"My Web Search Bar Search Scope Monitor"=C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe [2010-07-24 28783]

"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-09-17 2065248]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2003-09-12 86016]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

C:\WINDOWS\system32\avgrsstx.dll [2010-09-13 12464]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]



[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1



[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=149



[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=1



[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"F:\TrackMania Nations ESWC\TmNationsESWC.exe"="F:\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"

"C:\Program Files\ABC\Alpine Skiing & Ski Jumping\Ski Jumping\skijumping.exe"="C:\Program Files\ABC\Alpine Skiing & Ski Jumping\Ski Jumping\skijumping.exe:*:Enabled:skijumping"

"C:\Documents and Settings\maky\Data aplikací\ICQ\Application\ICQ7.0\ICQ.exe"="C:\Documents and Settings\maky\Data aplikací\ICQ\Application\ICQ7.0\ICQ.exe:*:Disabled:ICQ"

"C:\Documents and Settings\maky\Local Settings\Data aplikací\Skype\Phone\Skype.exe"="C:\Documents and Settings\maky\Local Settings\Data aplikací\Skype\Phone\Skype.exe:*:Disabled:Skype "

"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"

"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"

"C:\Documents and Settings\maky\Data aplikací\ICQ\Application\ICQ7.1\ICQ.exe"="C:\Documents and Settings\maky\Data aplikací\ICQ\Application\ICQ7.1\ICQ.exe:*:Disabled:ICQ"

"C:\Documents and Settings\Owner\Local Settings\Temp\ImInstaller\incredimail_installer.exe"="C:\Documents and Settings\Owner\Local Settings\Temp\ImInstaller\incredimail_installer.exe:*:Enabled:IncrediMail Installer"

"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"

"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"



[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"

"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"



======File associations======



.scr - open - "%1" /S "%3"



======List of files/folders created in the last 1 months======



2010-11-01 19:28:41 ----D---- C:\Program Files\trend micro

2010-11-01 19:28:40 ----D---- C:\rsit

2010-11-01 19:28:18 ----D---- C:\Documents and Settings\TEMP\Data aplikací\Mozilla

2010-11-01 19:28:04 ----D---- C:\Program Files\Mozilla Firefox

2010-11-01 19:26:46 ----D---- C:\WINDOWS\LastGood

2010-11-01 19:12:23 ----D---- C:\Documents and Settings\TEMP\Data aplikací\Adobe

2010-11-01 19:06:42 ----D---- C:\Documents and Settings\TEMP\Data aplikací\Google

2010-11-01 18:50:21 ----A---- C:\WINDOWS\system32\MRT.exe

2010-11-01 18:49:21 ----D---- C:\Documents and Settings\TEMP\Data aplikací\Microsoft

2010-10-29 07:36:04 ----D---- C:\Hudba

2010-10-10 12:22:38 ----D---- C:\Program Files\Common Files\Skype

2010-10-10 12:22:35 ----RD---- C:\Program Files\Skype



======List of files/folders modified in the last 1 months======



2010-11-01 19:28:41 ----RD---- C:\Program Files

2010-11-01 19:28:22 ----D---- C:\WINDOWS

2010-11-01 19:28:20 ----D---- C:\WINDOWS\Prefetch

2010-11-01 19:27:54 ----D---- C:\WINDOWS\Temp

2010-11-01 19:27:33 ----D---- C:\WINDOWS\system32\drivers

2010-11-01 19:26:28 ----D---- C:\WINDOWS\system32\CatRoot2

2010-11-01 18:50:40 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-11-01 18:50:21 ----D---- C:\WINDOWS\system32

2010-11-01 18:10:52 ----D---- C:\Documents and Settings

2010-11-01 07:05:00 ----A---- C:\WINDOWS\OEWABLog.txt

2010-10-31 17:29:09 ----HD---- C:\WINDOWS\inf

2010-10-31 17:08:57 ----D---- C:\Program Files\ICQ7.1

2010-10-31 08:07:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-10-29 10:11:00 ----SHD---- C:\WINDOWS\Installer

2010-10-22 06:56:33 ----RD---- C:\Dokumenty

2010-10-17 18:33:56 ----A---- C:\WINDOWS\cgolfvr.ini

2010-10-16 18:49:48 ----A---- C:\WINDOWS\imsins.BAK

2010-10-13 10:38:09 ----D---- C:\Program Files\Pohádkový příběh

2010-10-10 12:22:38 ----D---- C:\Program Files\Common Files

2010-10-10 12:16:16 ----D---- C:\Program Files\totalcmd

2010-10-10 12:07:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype



======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======



R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [2002-09-06 13568]

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]

R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\WINDOWS\System32\drivers\sfdrv01a.sys [2006-07-05 63352]

R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-06-14 13680]

R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2006-07-10 27032]

R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2007-01-12 82296]

R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-17 41216]

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-09-13 216200]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-09-17 29584]

R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-09-17 242896]

R1 InCDPass;InCdPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2003-07-01 28208]

R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []

R2 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [2003-08-05 13824]

R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-09-12 611328]

R3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [2003-08-05 104960]

R3 ltmodem5;DeskPorte 56K Internal L; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2002-09-20 607104]

R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]

R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2009-11-22 28256]

R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2002-12-05 13056]

R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-09-23 80896]

R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2002-12-05 241664]

R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

R3 USBSTOR;Ovladač velkokapacitního paměového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2003-07-01 86496]

S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]

S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-03 10880]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-03 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-03 15360]

S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]



======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======



R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2003-09-12 376832]

R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-09-13 916760]

R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-09-17 308064]

R2 InCDsrv;InCD File System Service; C:\Program Files\Ahead\InCD\InCDsrv.exe [2003-07-01 770100]

S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2003-09-12 114688]

S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-20 135664]

S2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe [2010-07-24 28762]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-09-27 431432]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-20 182768]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]



-----------------EOF-----------------

[riffman]

zdravim

nejdriv ze vseho odinstalujte MyWebSearch

restart a novy log z RSIT (nevkladejte ho do code)

[KEnik]

zdravim

nejdriv ze vseho odinstalujte MyWebSearch

restart a novy log z RSIT (nevkladejte ho do code)

Diky ya pomoc.
Novz LOg>


Logfile of random's system information tool 1.08 (written by random/random)
Run by Míra at 2010-11-02 16:49:49
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 717 MB (5%) free of 15 GB
Total RAM: 511 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:50:09, on 2.11.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\setup.exe
C:\Program Files\FreeCommander\FreeCommander.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
F:\Instalačky\RSIT.exe
C:\Program Files\trend micro\Míra.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1614895754-1960408961-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Jana')
O4 - HKUS\S-1-5-21-1614895754-1960408961-725345543-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Terezka')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - Unknown owner - C:\Program Files\AVG\AVG9\avgemc.exe (file missing)
O23 - Service: AVG Free WatchDog (avg9wd) - Unknown owner - C:\Program Files\AVG\AVG9\avgwdsvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe

--
End of file - 7176 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{CCDB7941-2C87-4591-A2C2-AD50AE7CCA74}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{FB0A6EF5-98FE-4E5A-9203-600928CCCC85}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-04-04 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-26 297648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-26 843832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-26 297648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ASUS Probe"=C:\Program Files\ASUS\Probe\AsusProb.exe [2002-12-06 617984]
"mmtask"=c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe [2003-10-29 53248]
"MMTray"=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [2003-10-29 118784]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-09-12 335872]
"NeroCheck"=C:\WINDOWS\System32\\NeroCheck.exe [2001-07-09 155648]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2003-07-01 1130546]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-10-20 282624]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [2004-03-04 172032]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2004-02-18 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"MyWebSearch bar Uninstall"=rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3 []
"AvgUninstallURL"=cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.819 []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2003-09-12 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\TrackMania Nations ESWC\TmNationsESWC.exe"="F:\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\Program Files\ABC\Alpine Skiing & Ski Jumping\Ski Jumping\skijumping.exe"="C:\Program Files\ABC\Alpine Skiing & Ski Jumping\Ski Jumping\skijumping.exe:*:Enabled:skijumping"
"C:\Documents and Settings\maky\Data aplikací\ICQ\Application\ICQ7.0\ICQ.exe"="C:\Documents and Settings\maky\Data aplikací\ICQ\Application\ICQ7.0\ICQ.exe:*:Disabled:ICQ"
"C:\Documents and Settings\maky\Local Settings\Data aplikací\Skype\Phone\Skype.exe"="C:\Documents and Settings\maky\Local Settings\Data aplikací\Skype\Phone\Skype.exe:*:Disabled:Skype "
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Documents and Settings\maky\Data aplikací\ICQ\Application\ICQ7.1\ICQ.exe"="C:\Documents and Settings\maky\Data aplikací\ICQ\Application\ICQ7.1\ICQ.exe:*:Disabled:ICQ"
"C:\Documents and Settings\Owner\Local Settings\Temp\ImInstaller\incredimail_installer.exe"="C:\Documents and Settings\Owner\Local Settings\Temp\ImInstaller\incredimail_installer.exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"

======File associations======

.scr - open - "%1" /S "%3"

======List of files/folders created in the last 1 months======

2010-11-02 16:38:38 ----D---- C:\Program Files\FreeCommander
2010-11-02 16:34:50 ----A---- C:\Program Files\Uninstall Fun Web Products.dll
2010-11-01 20:03:06 ----D---- C:\Documents and Settings\TEMP\Data aplikací\Macromedia
2010-11-01 19:56:08 ----D---- C:\Documents and Settings\TEMP\Data aplikací\Software602
2010-11-01 19:55:16 ----D---- C:\Program Files\File Scavenger 3.0
2010-11-01 19:46:23 ----D---- C:\Program Files\eSupport.com
2010-11-01 19:44:43 ----D---- C:\Program Files\CCleaner
2010-11-01 19:28:41 ----D---- C:\Program Files\trend micro
2010-11-01 19:28:40 ----D---- C:\rsit
2010-11-01 19:28:18 ----D---- C:\Documents and Settings\TEMP\Data aplikací\Mozilla
2010-11-01 19:28:04 ----D---- C:\Program Files\Mozilla Firefox
2010-11-01 19:12:23 ----D---- C:\Documents and Settings\TEMP\Data aplikací\Adobe
2010-11-01 19:06:42 ----D---- C:\Documents and Settings\TEMP\Data aplikací\Google
2010-11-01 18:50:21 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-01 18:49:21 ----D---- C:\Documents and Settings\TEMP\Data aplikací\Microsoft
2010-10-29 07:36:04 ----D---- C:\Hudba
2010-10-10 12:22:38 ----D---- C:\Program Files\Common Files\Skype
2010-10-10 12:22:35 ----RD---- C:\Program Files\Skype

======List of files/folders modified in the last 1 months======

2010-11-02 16:50:10 ----D---- C:\WINDOWS\Temp
2010-11-02 16:50:00 ----D---- C:\WINDOWS\system32\drivers
2010-11-02 16:49:56 ----D---- C:\WINDOWS\Prefetch
2010-11-02 16:49:54 ----D---- C:\WINDOWS\system32
2010-11-02 16:48:44 ----D---- C:\Documents and Settings
2010-11-02 16:48:43 ----D---- C:\WINDOWS
2010-11-02 16:43:50 ----RD---- C:\Program Files
2010-11-02 16:34:48 ----AD---- C:\Program Files\FunWebProducts
2010-11-02 16:34:10 ----D---- C:\WINDOWS\Minidump
2010-11-02 16:34:10 ----D---- C:\WINDOWS\Debug
2010-11-01 20:08:27 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-11-01 19:45:03 ----D---- C:\Program Files\Google
2010-11-01 19:26:28 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-31 17:29:09 ----HD---- C:\WINDOWS\inf
2010-10-31 17:08:57 ----D---- C:\Program Files\ICQ7.1
2010-10-31 08:07:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-29 10:11:00 ----SHD---- C:\WINDOWS\Installer
2010-10-22 06:56:33 ----RD---- C:\Dokumenty
2010-10-17 18:33:56 ----A---- C:\WINDOWS\cgolfvr.ini
2010-10-13 10:38:09 ----D---- C:\Program Files\Pohádkový příběh
2010-10-10 12:22:38 ----D---- C:\Program Files\Common Files
2010-10-10 12:16:16 ----D---- C:\Program Files\totalcmd
2010-10-10 12:07:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [2002-09-06 13568]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\WINDOWS\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2006-07-10 27032]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2007-01-12 82296]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 InCDPass;InCdPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2003-07-01 28208]
R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R2 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [2003-08-05 13824]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-09-12 611328]
R3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [2003-08-05 104960]
R3 ltmodem5;DeskPorte 56K Internal L; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2002-09-20 607104]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2009-11-22 28256]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2002-12-05 13056]
R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-09-23 80896]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2002-12-05 241664]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R4 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys []
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2003-07-01 86496]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys []
S4 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2003-09-12 376832]
R2 InCDsrv;InCD File System Service; C:\Program Files\Ahead\InCD\InCDsrv.exe [2003-07-01 770100]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2003-09-12 114688]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-20 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-20 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S4 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe []
S4 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe []

-----------------EOF-----------------

[riffman]

jste si jisty, ze to je log po restartu? vidim tam jednorazovy klic uninstallu MyWebSearch

[KEnik]

No neprovedl jsme restart kalsicky al po zaseknuti tlacitkemna case.

Logfile of random's system information tool 1.08 (written by random/random)

Run by Míra at 2010-11-04 10:31:25

Microsoft Windows XP Home Edition Service Pack 2

System drive C: has 155 MB (1%) free of 15 GB

Total RAM: 511 MB (59% free)



Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:31:30, on 4.11.2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

F:\Instalaèky\RSIT.exe

C:\Program Files\trend micro\Míra.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

O2 - BHO: (no name) - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - (no file)

O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Proces mezipamìti kategorií souèástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe



--

End of file - 7474 bytes



======Scheduled tasks folder======



C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{CCDB7941-2C87-4591-A2C2-AD50AE7CCA74}.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{FB0A6EF5-98FE-4E5A-9203-600928CCCC85}.job



======Registry dump======



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-04-04 61888]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll []



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-26 297648]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]

Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-26 843832]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]

{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-26 297648]



[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"ASUS Probe"=C:\Program Files\ASUS\Probe\AsusProb.exe [2002-12-06 617984]

"mmtask"=c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe [2003-10-29 53248]

"MMTray"=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [2003-10-29 118784]

"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-09-12 335872]

"NeroCheck"=C:\WINDOWS\System32\\NeroCheck.exe [2001-07-09 155648]

"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2003-07-01 1130546]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-10-20 282624]

"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]

"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [2004-03-04 172032]

"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2004-02-18 49152]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]

"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]

"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2010-05-31 63048]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2003-09-12 86016]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]

C:\WINDOWS\system32\LMIinit.dll [2010-09-27 87424]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]



[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1



[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=149



[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=1



[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"F:\TrackMania Nations ESWC\TmNationsESWC.exe"="F:\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"

"C:\Program Files\ABC\Alpine Skiing & Ski Jumping\Ski Jumping\skijumping.exe"="C:\Program Files\ABC\Alpine Skiing & Ski Jumping\Ski Jumping\skijumping.exe:*:Enabled:skijumping"

"C:\Documents and Settings\maky\Data aplikací\ICQ\Application\ICQ7.0\ICQ.exe"="C:\Documents and Settings\maky\Data aplikací\ICQ\Application\ICQ7.0\ICQ.exe:*:Disabled:ICQ"

"C:\Documents and Settings\maky\Local Settings\Data aplikací\Skype\Phone\Skype.exe"="C:\Documents and Settings\maky\Local Settings\Data aplikací\Skype\Phone\Skype.exe:*:Disabled:Skype "

"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"

"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"

"C:\Documents and Settings\maky\Data aplikací\ICQ\Application\ICQ7.1\ICQ.exe"="C:\Documents and Settings\maky\Data aplikací\ICQ\Application\ICQ7.1\ICQ.exe:*:Disabled:ICQ"

"C:\Documents and Settings\Owner\Local Settings\Temp\ImInstaller\incredimail_installer.exe"="C:\Documents and Settings\Owner\Local Settings\Temp\ImInstaller\incredimail_installer.exe:*:Enabled:IncrediMail Installer"

"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"



[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"

"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"



======File associations======



.scr - open - "%1" /S "%3"



======List of files/folders created in the last 1 months======



2010-11-02 18:48:23 ----D---- C:\WINDOWS\l2schemas

2010-11-02 18:48:22 ----D---- C:\WINDOWS\system32\cs

2010-11-02 18:48:22 ----D---- C:\WINDOWS\system32\bits

2010-11-02 18:42:41 ----D---- C:\WINDOWS\network diagnostic

2010-11-02 17:04:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\LogMeIn

2010-11-02 17:04:24 ----A---- C:\WINDOWS\system32\LMIport.dll

2010-11-02 17:04:22 ----A---- C:\WINDOWS\system32\LMIRfsClientNP.dll

2010-11-02 17:04:22 ----A---- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

2010-11-02 17:04:05 ----A---- C:\WINDOWS\system32\LMIinit.dll

2010-11-02 17:03:39 ----D---- C:\Program Files\LogMeIn

2010-11-02 16:56:15 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys

2010-11-02 16:56:15 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys

2010-11-02 16:56:14 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys

2010-11-02 16:56:12 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys

2010-11-02 16:56:10 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys

2010-11-02 16:56:10 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys

2010-11-02 16:56:09 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys

2010-11-02 16:55:40 ----A---- C:\WINDOWS\system32\aswBoot.exe

2010-11-02 16:55:34 ----D---- C:\Program Files\Alwil Software

2010-11-02 16:55:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software

2010-11-02 16:38:38 ----D---- C:\Program Files\FreeCommander

2010-11-01 20:03:06 ----D---- C:\Documents and Settings\TEMP\Data aplikací\Macromedia

2010-11-01 19:56:08 ----D---- C:\Documents and Settings\TEMP\Data aplikací\Software602

2010-11-01 19:55:16 ----D---- C:\Program Files\File Scavenger 3.0

2010-11-01 19:46:23 ----D---- C:\Program Files\eSupport.com

2010-11-01 19:44:43 ----D---- C:\Program Files\CCleaner

2010-11-01 19:28:41 ----D---- C:\Program Files\trend micro

2010-11-01 19:28:40 ----D---- C:\rsit

2010-11-01 19:28:18 ----D---- C:\Documents and Settings\TEMP\Data aplikací\Mozilla

2010-11-01 19:28:04 ----D---- C:\Program Files\Mozilla Firefox

2010-11-01 19:12:23 ----D---- C:\Documents and Settings\TEMP\Data aplikací\Adobe

2010-11-01 19:06:42 ----D---- C:\Documents and Settings\TEMP\Data aplikací\Google

2010-11-01 18:50:21 ----A---- C:\WINDOWS\system32\MRT.exe

2010-11-01 18:49:21 ----D---- C:\Documents and Settings\TEMP\Data aplikací\Microsoft

2010-10-29 07:36:04 ----D---- C:\Hudba

2010-10-10 12:22:38 ----D---- C:\Program Files\Common Files\Skype

2010-10-10 12:22:35 ----RD---- C:\Program Files\Skype



======List of files/folders modified in the last 1 months======



2010-11-04 10:31:27 ----D---- C:\WINDOWS\Temp

2010-11-04 10:26:35 ----D---- C:\WINDOWS\Prefetch

2010-11-04 10:26:34 ----D---- C:\WINDOWS\system32\CatRoot2

2010-11-03 20:18:37 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-11-02 19:06:38 ----D---- C:\WINDOWS\system32

2010-11-02 19:06:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-11-02 19:02:53 ----RD---- C:\Program Files

2010-11-02 19:02:45 ----D---- C:\WINDOWS\system32\CatRoot_bak

2010-11-02 19:02:45 ----D---- C:\WINDOWS

2010-11-02 19:02:44 ----HD---- C:\WINDOWS\inf

2010-11-02 19:02:40 ----D---- C:\WINDOWS\system32\CatRoot

2010-11-02 18:59:27 ----D---- C:\WINDOWS\system32\Setup

2010-11-02 18:48:40 ----D---- C:\WINDOWS\WinSxS

2010-11-02 18:48:37 ----D---- C:\Program Files\Messenger

2010-11-02 18:48:36 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-11-02 18:48:36 ----D---- C:\WINDOWS\system32\wbem

2010-11-02 18:48:35 ----D---- C:\WINDOWS\ime

2010-11-02 18:48:35 ----D---- C:\WINDOWS\Help

2010-11-02 18:48:35 ----D---- C:\WINDOWS\AppPatch

2010-11-02 18:48:24 ----D---- C:\WINDOWS\system32\usmt

2010-11-02 18:48:24 ----D---- C:\WINDOWS\system32\cs-CZ

2010-11-02 18:48:23 ----D---- C:\Program Files\Internet Explorer

2010-11-02 18:48:22 ----SHD---- C:\WINDOWS\Installer

2010-11-02 18:48:22 ----D---- C:\WINDOWS\peernet

2010-11-02 18:48:22 ----D---- C:\Program Files\Movie Maker

2010-11-02 18:48:02 ----D---- C:\WINDOWS\security

2010-11-02 18:44:57 ----D---- C:\WINDOWS\system32\Restore

2010-11-02 18:44:57 ----D---- C:\WINDOWS\system32\npp

2010-11-02 18:44:56 ----D---- C:\WINDOWS\msagent

2010-11-02 18:44:55 ----D---- C:\WINDOWS\srchasst

2010-11-02 18:44:52 ----D---- C:\Program Files\NetMeeting

2010-11-02 18:44:49 ----D---- C:\WINDOWS\system32\Com

2010-11-02 18:44:46 ----D---- C:\Program Files\Windows Media Player

2010-11-02 18:44:44 ----D---- C:\Program Files\Windows NT

2010-11-02 18:44:44 ----D---- C:\Program Files\Outlook Express

2010-11-02 18:44:39 ----D---- C:\Program Files\Common Files\System

2010-11-02 18:44:18 ----RSD---- C:\WINDOWS\Fonts

2010-11-02 18:44:15 ----D---- C:\WINDOWS\system32\oobe

2010-11-02 18:44:13 ----D---- C:\WINDOWS\system

2010-11-02 18:42:40 ----D---- C:\WINDOWS\system32\drivers

2010-11-02 18:41:55 ----D---- C:\WINDOWS\system32\ReinstallBackups

2010-11-02 18:41:47 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$

2010-11-02 18:38:21 ----D---- C:\WINDOWS\EHome

2010-11-02 16:53:01 ----D---- C:\Documents and Settings

2010-11-02 16:34:48 ----AD---- C:\Program Files\FunWebProducts

2010-11-02 16:34:10 ----D---- C:\WINDOWS\Minidump

2010-11-02 16:34:10 ----D---- C:\WINDOWS\Debug

2010-11-01 19:45:03 ----D---- C:\Program Files\Google

2010-10-31 17:08:57 ----D---- C:\Program Files\ICQ7.1

2010-10-22 06:56:33 ----RD---- C:\Dokumenty

2010-10-17 18:33:56 ----A---- C:\WINDOWS\cgolfvr.ini

2010-10-13 10:38:09 ----D---- C:\Program Files\Pohádkový pøíbìh

2010-10-10 12:22:38 ----D---- C:\Program Files\Common Files

2010-10-10 12:16:16 ----D---- C:\Program Files\totalcmd

2010-10-10 12:07:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype



======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======



R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [2002-09-06 13568]

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]

R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\WINDOWS\System32\drivers\sfdrv01a.sys [2006-07-05 63352]

R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-06-14 13680]

R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2006-07-10 27032]

R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2007-01-12 82296]

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]

R1 AmdK7;Ovladaè procesoru AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41600]

R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]

R1 InCDPass;InCdPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2003-07-01 28208]

R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]

R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]

R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []

R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []

R2 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [2003-08-05 13824]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]

R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-09-12 611328]

R3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [2003-08-05 104960]

R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2010-05-31 10144]

R3 ltmodem5;DeskPorte 56K Internal L; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2002-09-20 607104]

R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]

R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2009-11-22 28256]

R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2002-12-05 13056]

R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-09-23 80896]

R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2002-12-05 241664]

R3 usbprint;Tøída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2003-07-01 86496]

S1 kbdhid;Ovladaè klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]

S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 HidUsb;Ovladaè tøídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 USBSTOR;Ovladaè velkokapacitního pamìového zaøízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 WSTCODEC;Dálnopisný kodek svìtového standardu; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []



======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======



R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2003-09-12 376832]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]

R2 InCDsrv;InCD File System Service; C:\Program Files\Ahead\InCD\InCDsrv.exe [2003-07-01 770100]

R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe [2010-09-27 374152]

R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2010-09-27 116104]

R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2010-05-31 63040]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]

R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]

S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2003-09-12 114688]

S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-20 135664]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-20 182768]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]



-----------------EOF-----------------

[riffman]

stahnete a ulozte na plochu ComboFix

pote spustte aplikaci pod uctem s administratorskym opravnenim (nikoli pod uctem s omezenym opravnenim)

v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce"

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:



dale muze dojit k varovani ohledne rezidentniho stitu vaseho antiviru a upozorneni na nenainstalovanou konzoli pro zotaveni; tu zatim neinstalujte.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, deaktivujte jeho rezidentni stit, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim Combofixu s rezidentem antispyware


po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem