Antivirus 2010
Napsal: 11 pro 2010 17:57
Sestra byla na počítači a zničeho nic jí tam skočil tenhle "antivirus",podle mne se o antivir nejedá a je to opět nějakej vir.tak prosím o pomoc.
LOG RSIT: Logfile of random's system information tool 1.08 (written by random/random)
Run by Michal at 2010-12-11 17:53:42
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 10 GB (26%) free of 38 GB
Total RAM: 255 MB (21% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:45:26, on 19.11.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Michal\Data aplikací\hotfix.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre-07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ICQ7.2\ICQ.exe
C:\Documents and Settings\Michal\Data aplikací\Microsoft-5858-2574\winsvcrn.exe
C:\Program Files\OvisLink WL-5480USB WLAN USB\WlanUtil.exe
C:\Program Files\TuneUp Utilities 2009\OneClick.exe
C:\Program Files\TuneUp Utilities 2009\RegistryCleaner.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\WINDOWS\Ohixyb.exe
C:\Documents and Settings\Michal\Plocha\RSIT.exe
C:\Program Files\trend micro\Michal.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched,] C:\Program Files\Java\jre-07\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MicrosoftMSDUpdateService] C:\Documents and Settings\Michal\Data aplikací\Microsoft-5858-2574\winsvcrn.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [HJRUDZ5DT2] C:\DOCUME~1\Michal\LOCALS~1\Temp\Onl.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: OvisLink WL-5480USB WLAN USB Utility.lnk = C:\Program Files\OvisLink WL-5480USB WLAN USB\WlanUtil.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\PROGRAM FILES\ICQTOOLBAR\TBUE2B3\TBU63A0\TBUC4\TBUD253\TBU2015\TBU92B5\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (file missing) (HKCU)
O16 - DPF: Win32 Classes -
O16 - DPF: {BD0D1F18-5561-11DC-A0D9-692F56D89593} - http://www.my-new.net-home-page.php-got ... e/2026.exe
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.trafficredlight.net/10637-69.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\PROGRA~1\ALWILS~1\Avast4\ashMaiSv.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O24 - Desktop Component 0: Security - C:\WINDOWS\desktop.html
--
End of file - 6606 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\1-Click Maintenance.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 440056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2002-08-02 46592]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-07-15 4112384]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2004-07-15 81920]
"SunJavaUpdateSched8"=C:\Program Files\Java\jre-08\bin\jusched.exe [2010-11-23 64512]
"SunJavaUpdateSched,"=C:\Program Files\Java\jre-07\bin\jusched.exe [2010-11-24 64000]
"bfwdrv"=C:\DOCUME~1\Michal\LOCALS~1\Temp\0713228.exe [2010-12-11 192512]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MicrosoftMSDUpdateService"=C:\Documents and Settings\Michal\Data aplikací\Microsoft-5858-2574\winsvcrn.exe [2010-11-09 584731]
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe [2010-11-04 133432]
"HJRUDZ5DT2"=C:\DOCUME~1\Michal\LOCALS~1\Temp\On0.exe [2010-11-21 217088]
"C8H1KKCTZV"=C:\WINDOWS\Ohixye.exe [2010-11-21 208896]
"MSNServices2011"=C:\Documents and Settings\Michal\crssnrs.exe [2010-11-21 57856]
"NIBIOM"=C:\Documents and Settings\Michal\Data aplikací\Microsoft-Driver-Service-5836-2574-8888\winmsnmngr.exe [2010-11-22 114688]
"WindowsLiveUpdateServices"=C:\Documents and Settings\Michal\Data aplikací\Microsoft-Update-Service-2568-6479-5400\winrsnmgr.exe [2010-11-27 57344]
"UAYQDZP39B"=C:\WINDOWS\Ohixyw.exe [2010-11-28 188928]
"CFDUpdateService"=C:\Documents and Settings\Michal\Data aplikací\Nvidia-857865\wincdrv32n.exe [2010-12-01 143500]
"MSDNUpdateService"=C:\Documents and Settings\Michal\Data aplikací\MSDNServices35\windrvsn32.exe [2010-12-04 106500]
"WindowsLiveUpdateService"=C:\Documents and Settings\Michal\Data aplikací\Microsoft-Update-Service-8758-8428-8530\winrnsmgr.exe [2010-12-06 56320]
"MSConfig"=C:\Documents and Settings\Michal\slswmh.exe [2010-12-11 19968]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
OvisLink WL-5480USB WLAN USB Utility.lnk - C:\Program Files\OvisLink WL-5480USB WLAN USB\WlanUtil.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cfi47.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\exnxzcui.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Cfi47.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\exnxzcui.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"EditLevel"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\EA GAMES\MOHAA\MOHAA.exe"="C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\Program Files\Vietcong\vietcong.exe"="C:\Program Files\Vietcong\vietcong.exe:*:Disabled:vietcong"
"C:\Program Files\Vietcong\vcded.exe"="C:\Program Files\Vietcong\vcded.exe:*:Enabled:vcded"
"C:\WINDOWS\System32\dpnsvr.exe"="C:\WINDOWS\System32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Codemasters\OperationFlashpoint\OperationFlashpoint.exe"="C:\Program Files\Codemasters\OperationFlashpoint\OperationFlashpoint.exe:*:Disabled:Operation Flashpoint"
"C:\Documents and Settings\Michal\Plocha\Hry\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE"="C:\Documents and Settings\Michal\Plocha\Hry\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Documents and Settings\Michal\Data aplikací\Microsoft-5858-2574\winsvcrn.exe"="C:\Documents and Settings\Michal\Data aplikací\Microsoft-5858-2574\winsvcrn.exe:*:Enabled:MicrosoftMSDUpdateService"
"C:\Program Files\Java\jre-07\bin\jusched.exe"="C:\Program Files\Java\jre-07\bin\jusched.exe:*:Enabled:JavaUpdate,"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Michal\Data aplikací\Microsoft-Driver-Service-5836-2574-8888\winmsnmngr.exe"="C:\Documents and Settings\Michal\Data aplikací\Microsoft-Driver-Service-5836-2574-8888\winmsnmngr.exe:*:Enabled:NIBIOM"
"C:\Program Files\Java\jre-08\bin\jusched.exe"="C:\Program Files\Java\jre-08\bin\jusched.exe:*:Enabled:JavaUpdate8"
"C:\Documents and Settings\Michal\Data aplikací\Microsoft-Update-Service-2568-6479-5400\winrsnmgr.exe"="C:\Documents and Settings\Michal\Data aplikací\Microsoft-Update-Service-2568-6479-5400\winrsnmgr.exe:*:Enabled:WindowsLiveUpdateServices"
"C:\Documents and Settings\Michal\Data aplikací\Nvidia-857865\wincdrv32n.exe"="C:\Documents and Settings\Michal\Data aplikací\Nvidia-857865\wincdrv32n.exe:*:Enabled:CFDUpdateService"
"C:\Documents and Settings\Michal\VDAGDAGDJG.exe"="C:\Documents and Settings\Michal\VDAGDAGDJG.exe:*:Enabled:CFDUpdateService"
"C:\Documents and Settings\Michal\Data aplikací\MSDNServices35\windrvsn32.exe"="C:\Documents and Settings\Michal\Data aplikací\MSDNServices35\windrvsn32.exe:*:Enabled:MSDNUpdateService"
"C:\Documents and Settings\Michal\Data aplikací\Microsoft-Update-Service-8758-8428-8530\winrnsmgr.exe"="C:\Documents and Settings\Michal\Data aplikací\Microsoft-Update-Service-8758-8428-8530\winrnsmgr.exe:*:Enabled:WindowsLiveUpdateService"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
======List of files/folders created in the last 1 months======
2010-12-11 17:25:25 ----RD---- C:\32788R22FWJFW
2010-12-11 16:57:54 ----A---- C:\WINDOWS\system32\drivers\exnxzcui.sys
2010-12-11 16:56:46 ----A---- C:\WINDOWS\system32\drivers\Cfi47.sys
2010-12-11 16:55:31 ----RSH---- C:\Documents and Settings\Michal\Data aplikací\juzjf.exe
2010-12-11 16:55:31 ----RA---- C:\Documents and Settings\Michal\Data aplikací\KhCFdmhI8H.txt
2010-12-06 20:50:53 ----A---- C:\WINDOWS\fghe.exe
2010-12-06 19:47:29 ----A---- C:\WINDOWS\Ohixyw.exe
2010-12-06 19:04:51 ----RSHD---- C:\Documents and Settings\Michal\Data aplikací\Microsoft-Update-Service-8758-8428-8530
2010-12-06 19:04:45 ----A---- C:\WINDOWS\dgd.exe
2010-12-06 18:55:11 ----A---- C:\WINDOWS\Ohixyv.exe
2010-12-05 16:21:29 ----A---- C:\WINDOWS\Ohixyu.exe
2010-12-05 10:47:15 ----A---- C:\WINDOWS\Ohixyt.exe
2010-12-04 14:29:20 ----RSHD---- C:\Documents and Settings\Michal\Data aplikací\MSDNServices35
2010-12-04 11:03:49 ----A---- C:\WINDOWS\Ohixys.exe
2010-12-01 15:20:04 ----RSHD---- C:\Documents and Settings\Michal\Data aplikací\Nvidia-857865
2010-12-01 12:55:02 ----A---- C:\WINDOWS\Ohixyr.exe
2010-12-01 08:16:59 ----A---- C:\WINDOWS\Ohixyq.exe
2010-12-01 06:56:43 ----A---- C:\WINDOWS\Ohixyp.exe
2010-12-01 00:07:23 ----A---- C:\WINDOWS\Ohixyo.exe
2010-11-30 18:59:14 ----A---- C:\WINDOWS\Ohixyn.exe
2010-11-30 17:16:51 ----A---- C:\WINDOWS\Ohixym.exe
2010-11-30 11:07:41 ----A---- C:\WINDOWS\Ohixyl.exe
2010-11-29 18:06:43 ----A---- C:\WINDOWS\Ohixyk.exe
2010-11-29 18:06:42 ----A---- C:\WINDOWS\Ohixyj.exe
2010-11-28 19:47:20 ----A---- C:\WINDOWS\Ohixyi.exe
2010-11-28 19:47:18 ----A---- C:\WINDOWS\Ohixyh.exe
2010-11-28 14:30:05 ----A---- C:\WINDOWS\Ohixyg.exe
2010-11-28 06:57:50 ----A---- C:\WINDOWS\Ohixyf.exe
2010-11-27 20:26:48 ----AH---- C:\Documents and Settings\Michal\Data aplikací\wincbdrv32.txt
2010-11-27 20:26:47 ----RSHD---- C:\Documents a
LOG RSIT: Logfile of random's system information tool 1.08 (written by random/random)
Run by Michal at 2010-12-11 17:53:42
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 10 GB (26%) free of 38 GB
Total RAM: 255 MB (21% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:45:26, on 19.11.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Michal\Data aplikací\hotfix.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre-07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ICQ7.2\ICQ.exe
C:\Documents and Settings\Michal\Data aplikací\Microsoft-5858-2574\winsvcrn.exe
C:\Program Files\OvisLink WL-5480USB WLAN USB\WlanUtil.exe
C:\Program Files\TuneUp Utilities 2009\OneClick.exe
C:\Program Files\TuneUp Utilities 2009\RegistryCleaner.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\WINDOWS\Ohixyb.exe
C:\Documents and Settings\Michal\Plocha\RSIT.exe
C:\Program Files\trend micro\Michal.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched,] C:\Program Files\Java\jre-07\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MicrosoftMSDUpdateService] C:\Documents and Settings\Michal\Data aplikací\Microsoft-5858-2574\winsvcrn.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [HJRUDZ5DT2] C:\DOCUME~1\Michal\LOCALS~1\Temp\Onl.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: OvisLink WL-5480USB WLAN USB Utility.lnk = C:\Program Files\OvisLink WL-5480USB WLAN USB\WlanUtil.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\PROGRAM FILES\ICQTOOLBAR\TBUE2B3\TBU63A0\TBUC4\TBUD253\TBU2015\TBU92B5\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (file missing) (HKCU)
O16 - DPF: Win32 Classes -
O16 - DPF: {BD0D1F18-5561-11DC-A0D9-692F56D89593} - http://www.my-new.net-home-page.php-got ... e/2026.exe
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.trafficredlight.net/10637-69.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\PROGRA~1\ALWILS~1\Avast4\ashMaiSv.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O24 - Desktop Component 0: Security - C:\WINDOWS\desktop.html
--
End of file - 6606 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\1-Click Maintenance.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 440056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2002-08-02 46592]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-07-15 4112384]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2004-07-15 81920]
"SunJavaUpdateSched8"=C:\Program Files\Java\jre-08\bin\jusched.exe [2010-11-23 64512]
"SunJavaUpdateSched,"=C:\Program Files\Java\jre-07\bin\jusched.exe [2010-11-24 64000]
"bfwdrv"=C:\DOCUME~1\Michal\LOCALS~1\Temp\0713228.exe [2010-12-11 192512]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MicrosoftMSDUpdateService"=C:\Documents and Settings\Michal\Data aplikací\Microsoft-5858-2574\winsvcrn.exe [2010-11-09 584731]
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe [2010-11-04 133432]
"HJRUDZ5DT2"=C:\DOCUME~1\Michal\LOCALS~1\Temp\On0.exe [2010-11-21 217088]
"C8H1KKCTZV"=C:\WINDOWS\Ohixye.exe [2010-11-21 208896]
"MSNServices2011"=C:\Documents and Settings\Michal\crssnrs.exe [2010-11-21 57856]
"NIBIOM"=C:\Documents and Settings\Michal\Data aplikací\Microsoft-Driver-Service-5836-2574-8888\winmsnmngr.exe [2010-11-22 114688]
"WindowsLiveUpdateServices"=C:\Documents and Settings\Michal\Data aplikací\Microsoft-Update-Service-2568-6479-5400\winrsnmgr.exe [2010-11-27 57344]
"UAYQDZP39B"=C:\WINDOWS\Ohixyw.exe [2010-11-28 188928]
"CFDUpdateService"=C:\Documents and Settings\Michal\Data aplikací\Nvidia-857865\wincdrv32n.exe [2010-12-01 143500]
"MSDNUpdateService"=C:\Documents and Settings\Michal\Data aplikací\MSDNServices35\windrvsn32.exe [2010-12-04 106500]
"WindowsLiveUpdateService"=C:\Documents and Settings\Michal\Data aplikací\Microsoft-Update-Service-8758-8428-8530\winrnsmgr.exe [2010-12-06 56320]
"MSConfig"=C:\Documents and Settings\Michal\slswmh.exe [2010-12-11 19968]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
OvisLink WL-5480USB WLAN USB Utility.lnk - C:\Program Files\OvisLink WL-5480USB WLAN USB\WlanUtil.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cfi47.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\exnxzcui.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Cfi47.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\exnxzcui.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"EditLevel"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\EA GAMES\MOHAA\MOHAA.exe"="C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\Program Files\Vietcong\vietcong.exe"="C:\Program Files\Vietcong\vietcong.exe:*:Disabled:vietcong"
"C:\Program Files\Vietcong\vcded.exe"="C:\Program Files\Vietcong\vcded.exe:*:Enabled:vcded"
"C:\WINDOWS\System32\dpnsvr.exe"="C:\WINDOWS\System32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Codemasters\OperationFlashpoint\OperationFlashpoint.exe"="C:\Program Files\Codemasters\OperationFlashpoint\OperationFlashpoint.exe:*:Disabled:Operation Flashpoint"
"C:\Documents and Settings\Michal\Plocha\Hry\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE"="C:\Documents and Settings\Michal\Plocha\Hry\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Documents and Settings\Michal\Data aplikací\Microsoft-5858-2574\winsvcrn.exe"="C:\Documents and Settings\Michal\Data aplikací\Microsoft-5858-2574\winsvcrn.exe:*:Enabled:MicrosoftMSDUpdateService"
"C:\Program Files\Java\jre-07\bin\jusched.exe"="C:\Program Files\Java\jre-07\bin\jusched.exe:*:Enabled:JavaUpdate,"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Michal\Data aplikací\Microsoft-Driver-Service-5836-2574-8888\winmsnmngr.exe"="C:\Documents and Settings\Michal\Data aplikací\Microsoft-Driver-Service-5836-2574-8888\winmsnmngr.exe:*:Enabled:NIBIOM"
"C:\Program Files\Java\jre-08\bin\jusched.exe"="C:\Program Files\Java\jre-08\bin\jusched.exe:*:Enabled:JavaUpdate8"
"C:\Documents and Settings\Michal\Data aplikací\Microsoft-Update-Service-2568-6479-5400\winrsnmgr.exe"="C:\Documents and Settings\Michal\Data aplikací\Microsoft-Update-Service-2568-6479-5400\winrsnmgr.exe:*:Enabled:WindowsLiveUpdateServices"
"C:\Documents and Settings\Michal\Data aplikací\Nvidia-857865\wincdrv32n.exe"="C:\Documents and Settings\Michal\Data aplikací\Nvidia-857865\wincdrv32n.exe:*:Enabled:CFDUpdateService"
"C:\Documents and Settings\Michal\VDAGDAGDJG.exe"="C:\Documents and Settings\Michal\VDAGDAGDJG.exe:*:Enabled:CFDUpdateService"
"C:\Documents and Settings\Michal\Data aplikací\MSDNServices35\windrvsn32.exe"="C:\Documents and Settings\Michal\Data aplikací\MSDNServices35\windrvsn32.exe:*:Enabled:MSDNUpdateService"
"C:\Documents and Settings\Michal\Data aplikací\Microsoft-Update-Service-8758-8428-8530\winrnsmgr.exe"="C:\Documents and Settings\Michal\Data aplikací\Microsoft-Update-Service-8758-8428-8530\winrnsmgr.exe:*:Enabled:WindowsLiveUpdateService"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
======List of files/folders created in the last 1 months======
2010-12-11 17:25:25 ----RD---- C:\32788R22FWJFW
2010-12-11 16:57:54 ----A---- C:\WINDOWS\system32\drivers\exnxzcui.sys
2010-12-11 16:56:46 ----A---- C:\WINDOWS\system32\drivers\Cfi47.sys
2010-12-11 16:55:31 ----RSH---- C:\Documents and Settings\Michal\Data aplikací\juzjf.exe
2010-12-11 16:55:31 ----RA---- C:\Documents and Settings\Michal\Data aplikací\KhCFdmhI8H.txt
2010-12-06 20:50:53 ----A---- C:\WINDOWS\fghe.exe
2010-12-06 19:47:29 ----A---- C:\WINDOWS\Ohixyw.exe
2010-12-06 19:04:51 ----RSHD---- C:\Documents and Settings\Michal\Data aplikací\Microsoft-Update-Service-8758-8428-8530
2010-12-06 19:04:45 ----A---- C:\WINDOWS\dgd.exe
2010-12-06 18:55:11 ----A---- C:\WINDOWS\Ohixyv.exe
2010-12-05 16:21:29 ----A---- C:\WINDOWS\Ohixyu.exe
2010-12-05 10:47:15 ----A---- C:\WINDOWS\Ohixyt.exe
2010-12-04 14:29:20 ----RSHD---- C:\Documents and Settings\Michal\Data aplikací\MSDNServices35
2010-12-04 11:03:49 ----A---- C:\WINDOWS\Ohixys.exe
2010-12-01 15:20:04 ----RSHD---- C:\Documents and Settings\Michal\Data aplikací\Nvidia-857865
2010-12-01 12:55:02 ----A---- C:\WINDOWS\Ohixyr.exe
2010-12-01 08:16:59 ----A---- C:\WINDOWS\Ohixyq.exe
2010-12-01 06:56:43 ----A---- C:\WINDOWS\Ohixyp.exe
2010-12-01 00:07:23 ----A---- C:\WINDOWS\Ohixyo.exe
2010-11-30 18:59:14 ----A---- C:\WINDOWS\Ohixyn.exe
2010-11-30 17:16:51 ----A---- C:\WINDOWS\Ohixym.exe
2010-11-30 11:07:41 ----A---- C:\WINDOWS\Ohixyl.exe
2010-11-29 18:06:43 ----A---- C:\WINDOWS\Ohixyk.exe
2010-11-29 18:06:42 ----A---- C:\WINDOWS\Ohixyj.exe
2010-11-28 19:47:20 ----A---- C:\WINDOWS\Ohixyi.exe
2010-11-28 19:47:18 ----A---- C:\WINDOWS\Ohixyh.exe
2010-11-28 14:30:05 ----A---- C:\WINDOWS\Ohixyg.exe
2010-11-28 06:57:50 ----A---- C:\WINDOWS\Ohixyf.exe
2010-11-27 20:26:48 ----AH---- C:\Documents and Settings\Michal\Data aplikací\wincbdrv32.txt
2010-11-27 20:26:47 ----RSHD---- C:\Documents a