kontrola logu

[MimushinQa]

Dobrý deň, prosím vás o kontrolu logu: nový log z RSITU

Logfile of random's system information tool 1.07 (written by random/random)
Run by Mimka at 2010-05-22 21:10:20
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 24 GB (60%) free of 40 GB
Total RAM: 240 MB (11% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:10:38, on 22.5.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TEXTware\BOOKcase40\BC40CASE.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Mimka\Local Settings\Data aplikací\Skype\Phone\Skype.exe
C:\Documents and Settings\Mimka\Local Settings\Data aplikací\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mimka\Dokumenty\Stažené soubory\RSIT(3).exe
C:\Program Files\trend micro\Mimka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program

Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program

Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program

Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program

Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program

Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program

Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program

Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program

Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader

8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP

UT\"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program

Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common

Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer\Application\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave

11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6.3;

.NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR

3.5.30729; AskTB5.4)" -"http://data3.superhry.cz/HST_40e1f9z/cz/def/577.html"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL

SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK

SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: BOOKcase 4.0.lnk = C:\Program Files\TEXTware\BOOKcase40\BC40CASE.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google

Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program

Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Documents and

Settings\Mimka\Plocha\MimushinQa\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Documents and

Settings\Mimka\Plocha\MimushinQa\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) -

http://192.168.7.73:8088/VatDec.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -

http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -

http://www.grab.com//media/6512bd/games ... der_v6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\DOCUME~1\Mimka\LOCALS~1\DATAAP~1\Skype\Shared\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} -

C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí -

{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common

Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program

Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program

Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 8562 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for Mimka.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07

1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-30 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

[2010-02-04 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll

[2010-01-03 1019128]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google

Toolbar\GoogleToolbar_32.dll [2010-01-30 279664]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program

Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11

40048]
""= []
"HPUsageTracking"=C:\Program Files\HP\HP UT\bin\hppusg.exe [2007-03-07 36864]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2008-04-30

1326040]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2008-04-30

905112]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2008-04-30

136472]
"ServiceLayer"=C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe [2002-05-23 69632]
"DataLayer"=C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer\Application\DataLayer.exe []
"Nokia Tray Application"=C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe [2002-09-11 401408]
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-09-27 39408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update

-1151601 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6.3; .NET CLR 1.1.4322; .NET CLR

2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; AskTB5.4)

-http://data3.superhry.cz/HST_40e1f9z/cz/def/577.html []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
BOOKcase 4.0.lnk - C:\Program Files\TEXTware\BOOKcase40\BC40CASE.exe
McAfee Security Scan.lnk - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe

C:\Documents and Settings\Mimka\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x91000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standar

dprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network

Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Need For Speed III\nfs3.exe"="D:\Need For Speed III\nfs3.exe:*:Disabled:Need For Speed III for Win32"
"C:\Program Files\Electronic Arts\Need For Speed III\nfs3.exe"="C:\Program Files\Electronic Arts\Need For

Speed III\nfs3.exe:*:Enabled:Need For Speed III for Win32"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Průzkumník Windows"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Mimka\Plocha\MimushinQa\ICQ6.5\ICQ.exe"="C:\Documents and

Settings\Mimka\Plocha\MimushinQa\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe"
"C:\Documents and Settings\Mimka\Local Settings\Data aplikací\Skype\Phone\Skype.exe"="C:\Documents and

Settings\Mimka\Local Settings\Data aplikací\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Mimka\Local Settings\Data

aplikací\AntikVirtualSTB\AntikVirtualSTB.exe"="C:\Documents and Settings\Mimka\Local Settings\Data

aplikací\AntikVirtualSTB\AntikVirtualSTB.exe:*:Enabled:AntikVirtualSTB"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domain

profile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network

Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Mimka\Plocha\MimushinQa\ICQ6.5\ICQ.exe"="C:\Documents and

Settings\Mimka\Plocha\MimushinQa\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##pcvchlieviku#f]
shell\AutoRun\command - Z:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4940a95-4a10

-11df-b55d-00e0182e18ea}]
shell\AutoRun\command - F:\USBAutoRun.exe


======List of files/folders created in the last 1 months======

2010-05-22 20:49:25 ----D---- C:\Documents and Settings\Mimka\Data aplikací\vlc
2010-05-22 19:22:18 ----D---- C:\Program Files\trend micro
2010-05-22 19:21:52 ----D---- C:\rsit
2010-05-12 21:48:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-05-09 19:43:53 ----D---- C:\Documents and Settings\Mimka\Data aplikací\PhotoFiltre Studio X
2010-04-29 10:34:49 ----D---- C:\Program Files\Common Files\Imagine
2010-04-29 08:47:32 ----SHD---- C:\WINDOWS\ftpcache
2010-04-29 08:46:41 ----D---- C:\Program Files\Electrotank
2010-04-28 16:29:59 ----D---- C:\Documents and Settings\Mimka\Data aplikací\Facebook

======List of files/folders modified in the last 1 months======

2010-05-22 20:55:43 ----D---- C:\Documents and Settings\Mimka\Data aplikací\Skype
2010-05-22 20:19:22 ----D---- C:\WINDOWS\Temp
2010-05-22 20:18:10 ----D---- C:\WINDOWS\system32
2010-05-22 19:22:18 ----D---- C:\Program Files
2010-05-22 12:53:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-22 08:19:15 ----D---- C:\Documents and Settings\Mimka\Data aplikací\skypePM
2010-05-22 08:18:29 ----D---- C:\WINDOWS\Prefetch
2010-05-20 19:17:12 ----A---- C:\WINDOWS\wincmd.ini
2010-05-18 20:37:54 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-18 20:30:07 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-05-15 15:33:06 ----RSD---- C:\WINDOWS\Fonts
2010-05-13 14:13:15 ----D---- C:\WINDOWS
2010-05-12 21:48:29 ----HD---- C:\WINDOWS\inf
2010-05-12 21:48:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-12 21:48:22 ----D---- C:\Program Files\Outlook Express
2010-05-12 17:42:36 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-09 19:43:59 ----D---- C:\Documents and Settings\Mimka\Data aplikací\Identities
2010-05-04 17:21:46 ----D---- C:\Program Files\Mozilla Firefox
2010-04-30 20:51:06 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-29 10:34:49 ----D---- C:\Program Files\Common Files
2010-04-25 08:28:44 ----D---- C:\Program Files\LG PC Suite II
2010-04-25 08:28:23 ----D---- C:\WINDOWS\system32\drivers

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-17 46336]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-10-03 43424]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys

[2004-08-04 14080]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2004-08-04 28672]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SiS300i;SiS300i; C:\WINDOWS\system32\DRIVERS\sis300ip.sys [2001-08-17 101760]
R3 SiS7018;Služba pro ovladač vzorků AC'97 (WDM); C:\WINDOWS\system32\drivers\ac97sis.sys

[2001-08-17 297728]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-04

32768]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys

[2001-10-24 6784]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-17

57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;

C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-17 17024]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17

14848]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11

55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys

[2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers;

C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers;

C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers;

C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys

[2004-08-03 22016]
S3 sermouse;Ovladač sériové myši; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-10-24 17664]
S3 STIrUsb;SigmaTel USB-IrDA Dongle; C:\WINDOWS\system32\DRIVERS\irstusb.sys [2001-08-17 26624]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys

[2008-11-11 13056]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys

[2004-08-03 31616]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2008-11-11

19968]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2008-11-11

24832]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;

C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector;

C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-17 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand,

4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common

Files\Acronis\Schedule2\schedul2.exe [2008-04-30 431384]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 TryAndDecideService;Acronis Try And Decide Service; C:\Program Files\Common

Files\Acronis\Fomatik\TrueImageTryStartService.exe [2008-04-30 492896]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework;

C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-04

135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program

Files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-04 1029456]
S3 aspnet_state;Stavová služba ASP.NET;

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86;

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;

C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe [2009-09-27 182768]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows

Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media

Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows

Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[franticek]

Na logu se již pracuje.

[franticek]

Než začneme chtěl bych doporučit
1. odinstalovat nepotřebné věci jako:
- askbar
- google toolbar
- icq toolbar

2. Stáhněte na plochu UsbFix
- připojte všechny externí disky a flashdisky
-spusťte, zvolte jazyk E - potvrdťe enter
-klikněte na volbu 2 - enter
- po skenu sem vložte log , pokud na Vás nevyskočí, najdete ho C:\UsbFix.txt

3. doporučuji doinstalovat XP service pack 3

[MimushinQa]

Ďakujem za rýchlu odpoveď a aj za pomoc Stiahla som si ten program UsbFix a urobilo to nejaku kontrolu. Odinstalovala som google toolbar a icq toolbar. A tu je log, ktoŕy mi potom vyskočil:

############################## | UsbFix V6.114 |

User : Mimka (Users) # NB-ASUS
Update on 17/05/2010 by El Desaparecido , C_XX & Chimay8
Start at: 19:25:26 | 24.5.2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Procesor Intel Celeron
Systém Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.11
Windows Firewall Status : Enabled

A:\ -> Disketová jednotka 3 1/2"
C:\ -> Místní pevný disk # 39,08 Go (23,22 Go free) # NTFS
D:\ -> Místní pevný disk # 72,71 Go (55,74 Go free) [DATA] # NTFS
E:\ -> Disk CD-ROM # 4,38 Go (0 Mo free) [Disk] # CDFS

################## | Files # Infected Folders |

Deleted ! C:\DOCUME~1\Mimka\LOCALS~1\Temp\Setup.exe
Deleted ! C:\Recycler\S-1-5-21-927220738-2277459969-45988955-1004
Deleted ! C:\Recycler\S-1-5-21-927220738-2277459969-45988955-1006
Deleted ! C:\Recycler\S-1-5-21-927220738-2277459969-45988955-1007
Deleted ! C:\Recycler\S-1-5-21-927220738-2277459969-45988955-1008
Deleted ! D:\sys
Deleted ! D:\Recycler\S-1-5-21-927220738-2277459969-45988955-1004
Deleted ! D:\Recycler\S-1-5-21-927220738-2277459969-45988955-1006
Deleted ! D:\Recycler\S-1-5-21-927220738-2277459969-45988955-1007
Deleted ! D:\Recycler\S-1-5-21-927220738-2277459969-45988955-1008

################## | Registry |


################## | Mountpoints2 |

Deleted ! HKCU\...\Explorer\MountPoints2\##pcvchlieviku#f\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{c4940a95-4a10-11df-b55d-00e0182e18ea}\Shell\AutoRun\Command

################## | Listing of the present files |

[24.05.2010 19:24|--a------|84444] C:\aaw7boot.log
[24.06.2007 16:07|--a------|0] C:\AUTOEXEC.BAT
[24.06.2007 16:29|--ahs----|211] C:\boot.ini
[25.10.2001 14:00|--ahs----|4952] C:\Bootfont.bin
[21.08.2007 13:22|--a------|44195] C:\can17.txt
[24.06.2007 16:07|--a------|0] C:\CONFIG.SYS
[03.01.2008 20:19|--a------|178] C:\fwdownload.log
[?|?|?] C:\hiberfil.sys
[31.07.2009 21:45|--a------|25842] C:\igdlog.txt
[24.06.2007 16:07|--ahs----|0] C:\IO.SYS
[19.06.2009 14:50|--a------|7604] C:\kelvin_log2.txt
[24.06.2007 16:07|--ahs----|0] C:\MSDOS.SYS
[03.08.2004 22:38|--ahs----|47564] C:\NTDETECT.COM
[03.08.2004 22:59|--ahs----|250048] C:\ntldr
[?|?|?] C:\pagefile.sys
[09.01.2010 19:33|--a------|0] C:\qwerqwer
[24.05.2010 19:43|--a------|2392] C:\UsbFix.txt
[01.01.1998 04:02|--a------|88244] C:\x2.wav

################## | Vaccination |

# C:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# D:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).

################## | Upload |

Please send the file : C:\UsbFix_Upload_Me_NB-ASUS.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution .

################## | ! End of report # UsbFix V6.114 ! |

[franticek]

USBfix něco vyčistil.
Stahněte si ComboFix
( http://download.bleepingcomputer.com/sUBs/ComboFix.exe ,
http://www.forospyware.com/sUBs/ComboFix.exe ) na plochu,
- ukoncete vsechna aktivni okna, vypnete rezidentni programy(antiviry atd.) a spuste ho pod uctem administratora.
- potvrdte licencni podminky - klik na "Ano", pripadne dalsi vyzvy programu.
- v pripade problemu si zapiste informace proc se ukoncil nebo co mu brani v provozu (sdelte radci)
- nechte stahnout i nainstalovat recovery konzolu (velmi doporucuji)
- behem skenu neklikejte do zobrazeneho okna, je mozne ze CF restartuje PC.
- sken by mel trvat max. 20 minut. Pokud ani do uvedene doby nedojde k jeho ukonceni, ukoncite ho, kdy uvedeny problem nahlaste radci.
- po ukonceni se otevre log (textovy soubor) - pokud se tak nestane lze log najit C:\ComboFix.txt - cely obsah logu zkopirujte do sveho prispevku.

[MimushinQa]

Dobrý deň. Ďakujem znovu za skoru odpoveď. Stiahla som si ten program a vyčistil: Tu je log:
ComboFix 10-05-24.07 - Mimka 25.05.2010 15:13:10.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.240.97 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mimka\Dokumenty\Stažené soubory\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-25 do 2010-05-25 )))))))))))))))))))))))))))))))
.

2010-05-24 17:43 . 2010-05-24 17:43 6706435 ----a-w- C:\UsbFix_Upload_Me_NB-ASUS.zip
2010-05-24 17:21 . 2010-05-24 17:43 -------- d-----w- C:\UsbFix
2010-05-22 17:22 . 2010-05-22 19:10 -------- d-----w- c:\program files\trend micro
2010-05-22 17:21 . 2010-05-22 17:27 -------- d-----w- C:\rsit
2010-04-29 08:34 . 2010-04-29 08:34 -------- d-----w- c:\program files\Common Files\Imagine
2010-04-29 06:47 . 2010-04-29 06:47 -------- d-sh--w- c:\windows\ftpcache
2010-04-29 06:46 . 2010-04-29 06:46 -------- d-----w- c:\program files\Electrotank

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-25 12:14 . 2010-01-31 07:14 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-05-25 12:14 . 2010-01-31 07:14 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-05-24 17:51 . 2007-06-29 16:45 -------- d-----w- c:\program files\Google
2010-05-20 17:08 . 2009-03-07 14:33 1956 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-18 18:30 . 2009-01-09 14:14 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-25 06:28 . 2010-04-17 10:44 -------- d-----w- c:\program files\LG PC Suite II
2010-04-17 11:10 . 2010-04-17 10:46 -------- d-----w- c:\program files\LG Electronics
2010-04-17 10:46 . 2007-06-24 17:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-17 10:46 . 2007-06-24 17:21 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-29 18:05 . 2007-06-24 15:42 481144 ----a-w- c:\windows\system32\perfh005.dat
2010-03-29 18:05 . 2007-06-24 15:42 106654 ----a-w- c:\windows\system32\perfc005.dat
2010-03-11 12:36 . 2007-06-24 15:42 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:36 . 2007-06-24 15:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:36 . 2007-06-24 15:41 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:11 . 2007-06-24 15:42 430080 ----a-w- c:\windows\system32\vbscript.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-03-07 36864]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-30 1326040]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-30 905112]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-30 136472]
"Nokia Tray Application"="c:\program files\Common Files\Nokia\NCLTools\NclTray.exe" [2002-09-11 401408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\•uboslava\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-15 384512]

c:\documents and settings\Mimka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-15 384512]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BOOKcase 4.0.lnk - c:\program files\TEXTware\BOOKcase40\BC40CASE.exe [2007-6-30 426028]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Mimka\\Plocha\\MimushinQa\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\Mimka\\Local Settings\\Data aplikací\\AntikVirtualSTB\\AntikVirtualSTB.exe"=
"c:\\Documents and Settings\\Ľuboslava\\Local Settings\\Data aplikací\\AntikVirtualSTB\\AntikVirtualSTB.exe"=
"c:\\Documents and Settings\\Mimka\\Local Settings\\Data aplikací\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8.2.2009 9:12 64160]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4.2.2010 11:34 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3.7.2009 16:49 1029456]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:02]

2010-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 09:34]

2010-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 09:34]

2010-05-18 c:\windows\Tasks\Norton Security Scan for Mimka.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-20 22:04]

2010-05-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 15:50]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://192.168.7.73:8088/VatDec.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Mimka\Data aplikací\Mozilla\Firefox\Profiles\ja4fazmw.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npImagine.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe
HKLM-Run-DataLayer - c:\program files\Nokia\Nokia PC Suite 5\DataLayer\Application\DataLayer.exe
AddRemove-dsb - c:\documents and settings\Mimka\Plocha\Hry\dsb\uninst.exe
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe
AddRemove-KnowAll - c:\documents and settings\Mimka\Plocha\Hry\KnowAll\uninst.exe
AddRemove-PhotoFiltre - c:\documents and settings\Mimka\Plocha\Maľovanie\PhotoFiltre\Uninst.exe
AddRemove-Člověče nezlob se_is1 - c:\documents and settings\Mimka\Plocha\MimushinQa\CNS\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-25 15:38
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(696)
c:\windows\system32\relog_ap.dll
.
Celkový čas: 2010-05-25 15:44:32
ComboFix-quarantined-files.txt 2010-05-25 13:44

Před spuštěním: Volných bajtů: 25 117 986 816
Po spuštění: Volných bajtů: 26 524 663 808

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 75D2E998861D65C986471F702644C0FB

[franticek]

Log vypadá čistý až na ask.bar.

Stáhněte OtMoveIt3 a spusťte s tímto skriptem:

Kód: Vybrat vše

:Processes
explorer.exe

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-  
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=- 
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""=-

:Files
c:\program files\Ask.com /s
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

:Commands
[emptytemp]
[start explorer]

Log vložte zde.
Poprosím ještě o nový RSIT.

[MimushinQa]

Lenze ked ja ten priram spustima dam tam ten skript, tak sa mi cely PC zasekne. Prosím pomôžte mi.

[franticek]

Zdravím.

Zkuste dát znovu log z RSIT.
Díky.