VIRY.CZ

Logfile of random's system information tool 1.08 (written by random/random)
Run by Počítač at 2011-02-12 16:33:27
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 39 GB (51%) free of 76 GB
Total RAM: 447 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:33:42, on 12.2.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\instalacky\RSIT.exe
C:\Program Files\trend micro\Počítač.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {95289393-33EA-4F8D-B952-483415B9C955} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Google Update Service (gupdate1ca03eb54709946) (gupdate1ca03eb54709946) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 5692 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-12 41368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2005-10-17 7307264]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2005-10-17 86016]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-10-04 90112]
"Lexmark 1200 Series"=C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [2006-07-13 57344]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe []
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-11-24 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305]
C:\WINDOWS\VM305_STI.EXE [2005-08-05 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\System32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-11-17 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Documents and Settings\Počítač\Plocha\Monika\laky\winbox.exe"="C:\Documents and Settings\Počítač\Plocha\Monika\laky\winbox.exe:*:Enabled:winbox"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"D:\EasySetupAssistant\EasySetupAssistant.exe"="D:\EasySetupAssistant\EasySetupAssistant.exe:*:Enabled:TP-LINK Easy Setup Assistant"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2011-02-12 16:33:27 ----D---- C:\rsit
2011-02-12 16:33:27 ----D---- C:\Program Files\trend micro
2011-02-08 19:27:32 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2011-02-08 19:22:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2011-02-07 20:32:52 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2011-02-07 20:30:43 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2011-02-07 20:30:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2011-02-07 20:30:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2011-02-07 20:30:24 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2011-02-07 20:30:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2011-02-07 20:29:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2011-02-07 20:29:02 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2011-02-07 20:28:40 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2011-02-07 20:27:26 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2011-02-07 20:26:42 ----D---- C:\WINDOWS\system32\KB905474
2011-02-07 20:22:49 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2011-02-07 20:22:44 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2011-02-07 20:22:35 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2011-02-07 20:22:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2011-02-07 20:22:21 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2011-02-07 20:22:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2011-02-07 20:22:06 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2011-02-07 20:21:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2011-02-07 20:21:24 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2011-02-07 20:21:05 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2011-02-07 20:21:02 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2011-02-07 20:20:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2011-02-07 20:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2011-02-07 20:20:37 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2011-02-07 20:20:31 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2011-02-07 20:20:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2011-02-07 20:19:38 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2011-02-07 20:19:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2011-02-07 20:19:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2011-02-07 20:19:03 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2011-02-07 20:18:58 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2011-02-07 20:18:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2011-02-07 20:18:30 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2011-02-07 20:18:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2011-02-07 20:18:19 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2011-02-07 20:18:16 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2011-02-07 20:18:10 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2011-02-07 20:18:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2011-02-07 20:17:55 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2011-02-07 20:17:32 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2011-02-07 20:17:23 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2011-02-07 20:17:17 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2011-02-07 20:17:12 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2011-02-07 20:16:53 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2011-02-07 20:16:50 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2011-02-07 20:16:45 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2011-02-07 20:16:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2011-02-07 20:16:32 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2011-02-07 20:16:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2011-02-07 20:16:21 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2011-02-07 20:16:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2011-02-07 20:16:04 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9L$
2011-02-07 20:15:13 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2011-02-07 20:15:03 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2011-02-07 20:14:58 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2011-02-07 20:14:35 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2011-02-07 18:48:26 ----N---- C:\WINDOWS\system32\browserchoice.exe
2011-02-05 12:29:25 ----A---- C:\WINDOWS\system32\muweb.dll
2011-02-05 12:29:25 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2011-02-05 12:29:25 ----A---- C:\WINDOWS\system32\mucltui.dll
2011-02-05 12:26:59 ----A---- C:\WINDOWS\system32\javaws.exe
2011-02-05 12:26:59 ----A---- C:\WINDOWS\system32\javaw.exe
2011-02-05 12:26:59 ----A---- C:\WINDOWS\system32\java.exe
2011-02-05 12:26:59 ----A---- C:\WINDOWS\system32\deployJava1.dll
2011-02-05 12:19:15 ----D---- C:\instalacky
2011-02-05 12:12:02 ----D---- C:\WINDOWS\pss

======List of files/folders modified in the last 1 months======

2011-02-12 16:33:32 ----D---- C:\WINDOWS\Prefetch
2011-02-12 16:33:27 ----RD---- C:\Program Files
2011-02-12 16:30:21 ----D---- C:\WINDOWS\system32\drivers
2011-02-12 16:29:26 ----D---- C:\WINDOWS\Temp
2011-02-12 13:14:18 ----D---- C:\WINDOWS
2011-02-12 13:14:18 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2011-02-12 13:14:12 ----SHD---- C:\WINDOWS\Installer
2011-02-12 13:13:31 ----RD---- C:\Program Files\Skype
2011-02-12 13:11:52 ----HD---- C:\WINDOWS\inf
2011-02-12 13:11:52 ----D---- C:\Program Files\GTRAN
2011-02-12 13:11:51 ----D---- C:\WINDOWS\system32
2011-02-12 13:07:10 ----D---- C:\Program Files\Google
2011-02-12 12:47:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-02-09 19:02:31 ----A---- C:\WINDOWS\system32\MRT.exe
2011-02-09 19:02:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-02-09 15:37:56 ----D---- C:\Temp
2011-02-09 15:37:56 ----A---- C:\WINDOWS\lexstat.ini
2011-02-09 13:39:37 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-02-09 13:25:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-02-08 19:27:37 ----D---- C:\WINDOWS\system32\CatRoot2
2011-02-08 19:27:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-02-08 19:22:43 ----A---- C:\WINDOWS\imsins.BAK
2011-02-08 19:19:17 ----D---- C:\ekonom.win
2011-02-08 17:06:19 ----HD---- C:\WINDOWS\$hf_mig$
2011-02-08 10:02:53 ----RSD---- C:\WINDOWS\Fonts
2011-02-08 10:02:40 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-02-08 10:02:14 ----D---- C:\WINDOWS\WinSxS
2011-02-08 10:02:13 ----D---- C:\Program Files\Microsoft Works
2011-02-08 10:00:49 ----D---- C:\Program Files\Common Files\System
2011-02-08 10:00:49 ----A---- C:\WINDOWS\win.ini
2011-02-08 08:46:55 ----D---- C:\WINDOWS\system32\wbem
2011-02-08 08:46:55 ----D---- C:\WINDOWS\system32\Setup
2011-02-08 08:46:55 ----D---- C:\WINDOWS\AppPatch
2011-02-07 20:26:44 ----SD---- C:\WINDOWS\Tasks
2011-02-07 20:20:32 ----D---- C:\Program Files\Movie Maker
2011-02-07 20:17:24 ----D---- C:\Program Files\Outlook Express
2011-02-07 20:15:39 ----D---- C:\WINDOWS\system32\cs-cz
2011-02-07 20:15:39 ----D---- C:\Program Files\Internet Explorer
2011-02-07 18:42:14 ----D---- C:\WINDOWS\system32\CatRoot_bak
2011-02-07 18:42:14 ----D---- C:\WINDOWS\system32\CatRoot
2011-02-05 12:29:24 ----D---- C:\WINDOWS\Help
2011-02-05 12:28:11 ----D---- C:\Program Files\ESET
2011-02-05 12:26:55 ----D---- C:\Program Files\Java
2011-02-05 12:17:31 ----RASH---- C:\boot.ini
2011-02-05 12:17:31 ----A---- C:\WINDOWS\system.ini
2011-01-23 18:28:49 ----D---- C:\Documents and Settings\Počítač\Data aplikací\AdobeUM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvata;nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [2005-08-12 98432]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2004-08-04 61056]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-06-29 5632]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-10-04 3797632]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2005-10-17 3530880]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 gtcdcmdm;GTRAN USB CDC Driver (PID 3196); C:\WINDOWS\System32\DRIVERS\gtusbmdm_gpc6400.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 ZSMC0305;VIMICRO USB PC Camera V; C:\WINDOWS\System32\Drivers\usbVM305.sys [2006-04-05 391099]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-17 311296]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2005-10-17 131139]
S2 gupdate1ca03eb54709946;Google Update Service (gupdate1ca03eb54709946); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-13 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

ComboFix 11-02-11.02 - Počítač 12.02.2011 19:10:25.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.447.21 [GMT 1:00]
Spuštěný z: c:\documents and settings\Počítač\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\VM305Cap.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-12 do 2011-02-12 )))))))))))))))))))))))))))))))
.

2011-02-12 15:33 . 2011-02-12 15:33 -------- d-----w- C:\rsit
2011-02-12 15:33 . 2011-02-12 15:33 -------- d-----w- c:\program files\trend micro
2011-02-07 19:26 . 2011-02-07 19:26 -------- d-----w- c:\windows\system32\KB905474
2011-02-07 19:21 . 2011-02-07 19:21 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-02-07 18:02 . 2008-04-21 21:28 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-02-07 18:00 . 2009-11-21 16:46 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-02-07 17:59 . 2010-06-14 14:30 743936 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-02-07 17:56 . 2005-07-26 04:42 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2011-02-07 17:56 . 2009-03-06 14:47 283648 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-02-07 17:56 . 2009-02-09 10:22 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-02-07 17:56 . 2009-02-09 10:22 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-02-07 17:56 . 2009-02-09 10:11 111104 -c----w- c:\windows\system32\dllcache\services.exe
2011-02-07 17:56 . 2009-02-06 16:39 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-02-07 17:56 . 2009-02-09 10:22 709632 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-02-07 17:56 . 2009-02-09 10:22 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-02-07 17:56 . 2009-02-09 10:22 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-02-07 17:55 . 2009-06-21 22:07 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-02-07 17:55 . 2009-10-23 14:27 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-02-07 17:48 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-02-07 17:45 . 2009-06-05 07:46 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2011-02-05 11:29 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-02-05 11:29 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-02-05 11:26 . 2010-11-12 17:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-05 11:26 . 2010-11-12 17:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-05 11:19 . 2011-02-12 15:40 -------- d-----w- C:\instalacky

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-10-17 7307264]
"nwiz"="nwiz.exe" [2005-10-17 1519616]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-10-17 86016]
"SoundMan"="SOUNDMAN.EXE" [2005-10-04 90112]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 21:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-11-24 14:38 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305]
2005-08-05 07:15 61440 ----a-r- c:\windows\VM305_STI.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-11-17 13:51 77824 ----a-w- c:\program files\QuickTime\qttask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\Počítač\\Plocha\\Monika\\laky\\winbox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S2 gupdate1ca03eb54709946;Google Update Service (gupdate1ca03eb54709946);c:\program files\Google\Update\GoogleUpdate.exe [13.7.2009 19:54 133104]
S3 gtcdcmdm;GTRAN USB CDC Driver (PID 3196);c:\windows\system32\DRIVERS\gtusbmdm_gpc6400.sys --> c:\windows\system32\DRIVERS\gtusbmdm_gpc6400.sys [?]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [9.9.2007 18:41 391099]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - PROCEXP141
.
Obsah adresáře 'Naplánované úlohy'

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-13 18:54]

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-13 18:54]

2011-02-12 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-02-07 21:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\www
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Počítač\Data aplikací\Mozilla\Firefox\Profiles\zcut1wwn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2247187&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2247187&SearchSource=2&q=
FF - Ext: BabelFish: {ca0849e8-2c76-42ae-9abe-34e14d337acf} - %profile%\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-12 19:15
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2011-02-12 19:18:11
ComboFix-quarantined-files.txt 2011-02-12 18:17

Před spuštěním: Volných bajtů: 40 495 280 128
Po spuštění: Volných bajtů: 40 779 759 616

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 9EEB4B6404E28208DFC6BED938B8E830