Facebook Virus

[pinea]

Ahoj,

jsem další blbeček do řady s podobným problémem. Kliknul jsem na odkaz a nechal nainstalovat Flash Player. Ted se mi obcas restartuje PC, hlavne kdyz na vir zautocim. Díky za pomoc

Log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Koudy at 2011-08-19 16:45:32
Microsoft Windows XP Professional Service Pack 3
System drive C: has 70 GB (46%) free of 153 GB
Total RAM: 1944 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:45:44 PM, on 8/19/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
c:\Program Files\Encentuate\SOCIAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Aventail\Connect\as32svc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Zend\Apache2\bin\httpd.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Zend\Apache2\bin\httpd.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Zend\ZendServer\bin\php-cgi.exe
C:\Program Files\C4ebreg\c4ebreg.exe
c:\sdwork\issimsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\notes\nsd.exe
c:\notes\ntmulti.exe
C:\PROGRA~1\AT&TNE~2\netcfgsvr.exe
C:\Program Files\Zend\ZendServer\bin\php-cgi.exe
C:\Program Files\AT&T Network Client\NetClientSvc.exe
c:\Program Files\Encentuate\ObsService.exe
C:\WINDOWS\system32\PGPserv.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM\Personal Communications\tpam.exe
C:\Program Files\Zend\ZendServer\bin\JavaServer.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\Drivers\ldlcserv6.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.3.14\pmonmh.exe
C:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe
C:\Program Files\C4ebreg\isamtray.exe
C:\Program Files\Lenovo\Productivity Keyboard\SKDaemon.exe
C:\Program Files\Encentuate\AATray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\Program Files\Encentuate\DataProvider.exe
C:\Program Files\IBM\Infoprint Select\ipnotify.exe
c:\Program Files\Encentuate\Sync.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\IBM\My Help\MyHelp.exe
C:\Program Files\IBM\My Help\jre\bin\myhelpw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\RSIT(1).exe
C:\Program Files\trend micro\Koudy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/
O2 - BHO: EnBHO - {089D765F-DF2D-42EA-8013-E9F6BCE95216} - c:\Program Files\Encentuate\WebSSOAgent.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32maing.exe /cleanup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [MyHelpService] C:\Program Files\IBM\My Help\workspace\service\delayStart.exe
O4 - HKLM\..\Run: [pmonmh] C:\Program Files\IBM\My Help\workspace\..\plugins\com.ibm.myhelp.common_1.3.14/pmonmh.exe
O4 - HKLM\..\Run: [ISSI Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [ipmcmu] c:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe "c:\Program Files\IBM\IPM Client Migration Utility"
O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\C4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [Isamtray] "C:\Program Files\C4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [SKDaemon.exe] C:\Program Files\Lenovo\Productivity Keyboard\SKDaemon.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [AAAgent] "c:\Program Files\Encentuate\AATray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\PROGRA~1\AT&TNE~2\NetSP.exe" -show
O4 - HKCU\..\Run: [Meebo Notifier] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe" /startup
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: H.lnk = C:\WINDOWS\system32\subst.exe
O4 - Startup: TODO.txt.lnk = C:\Documents and Settings\Administrator\Desktop\TODO.txt
O4 - Global Startup: InfoPrint Select Notification.lnk = C:\Program Files\IBM\Infoprint Select\ipnotify.exe
O4 - Global Startup: PGPtray.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.6.0) - http://
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com,intern.dmdata.dk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ibm.com,intern.dmdata.dk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com,intern.dmdata.dk
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: Apache2.2-Zend - Apache Software Foundation - C:\Program Files\Zend\Apache2\bin\httpd.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Aventail Connect (As32Svc) - Aventail Corporation - C:\Program Files\Aventail\Connect\as32svc.exe
O23 - Service: BES Client (BESClient) - IBM Corp. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: csrcmds - IBM Corporation - C:\Program Files\IBM\Personal Communications\csrcmds.exe
O23 - Service: IBM Command Line Trace (cstrcser) - IBM Corporation - C:\WINDOWS\system32\drivers\cstrcser.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ISAM SMT Service (ISAMsmt) - Unknown owner - C:\Program Files\C4ebreg\isamsmt.exe (file missing)
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Corp. - C:\Program Files\C4ebreg\c4ebreg.exe
O23 - Service: ISSI (ISSIMon) - IBM Corp. - c:\sdwork\issimsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: IBM Enterprise Extender (IPv4) (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: IBM Enterprise Extender (IPv6) (ldlcserv6) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv6.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lotus Notes Diagnostics - IBM Corp - c:\notes\nsd.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - c:\notes\ntmulti.exe
O23 - Service: My Help (MyHelp) - Unknown owner - C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe (file missing)
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~2\netcfgsvr.exe
O23 - Service: AT&T Global Network Client Service (NetClientSvc) - AT&T - C:\Program Files\AT&T Network Client\NetClientSvc.exe
O23 - Service: ObsService - IBM Corporation - c:\Program Files\Encentuate\ObsService.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SOCIAccess - IBM Corporation - c:\Program Files\Encentuate\SOCIAccess.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe
O23 - Service: Zend Java Bridge (ZendJavaBridge) - Zend Technologies Ltd. - C:\Program Files\Zend\ZendServer\bin\JavaServer.exe

--
End of file - 16830 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\PMTask.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gf75zumt.default

prefs.js - "browser.startup.homepage" - "http://w3.ibm.com/"
prefs.js - "extensions.enabledItems" - "IBM-cck@firefox-extensions.ibm.com:2.0.8, {0E33DD4F-A358-4b33-922F-A34A5DA07024}:1.0, {2CF6AC3D-EDE7-4f33-92A4-50E0B1EB4E0E}:1.0, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, bpaddtonab@firefox-extensions.ibm.com:1.1.2, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, jqs@sun.com:1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=green ... =302398&p="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{2CF6AC3D-EDE7-4f33-92A4-50E0B1EB4E0E}"=c:\Program Files\Encentuate\Firefox_xpcom
"{0E33DD4F-A358-4b33-922F-A34A5DA07024}"=c:\Program Files\Encentuate\Firefox_ext
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@IBM.com/Java,version=1.6.0]
"Description"=IBM� Next Generation Java� Plug-In
"Path"=C:\Program Files\IBM\Java60\jre\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@IBM.com/WDPlugin,version=1]
"Description"=Generic NS Plugin
"Path"=C:\Program Files\Mozilla Firefox\plugins

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
bpaddtonab@firefox-extensions.ibm.com
IBM-cck@firefox-extensions.ibm.com
ietab@ip.cn
{0E33DD4F-A358-4b33-922F-A34A5DA07024}
{2CF6AC3D-EDE7-4f33-92A4-50E0B1EB4E0E}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
chrome.manifest
FirefoxEnXpCom.dll
IFirefoxEnXpCom.xpt
install.rdf
nsIWDPlugin821.xpt
XpComJScriptImpl.js

C:\Program Files\Mozilla Firefox\plugins\
npcpsweb.dll
npdeployJava1.dll
nppdf32.dll
npwdplugin821.dll

C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
wikipedia.xml
yahoo.xml

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gf75zumt.default\extensions\
bpaddtonab@firefox-extensions.ibm.com
IBM-cck@firefox-extensions.ibm.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089D765F-DF2D-42EA-8013-E9F6BCE95216}]
CEnBrowserListener Object - c:\Program Files\Encentuate\WebSSOAgent.dll [2010-12-20 1793216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-06-30 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-06-30 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"stgclean"=c:\sdwork\w32maing.exe [2011-07-28 288256]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-07-19 52896]
"vptray"=C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe [2006-09-27 125168]
"Tpam.exe"=C:\Program Files\IBM\Personal Communications\tpam.exe [2007-11-02 28672]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-06-17 150040]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-06-17 170520]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-06-17 141848]
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2008-06-06 181536]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog []
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-11-22 820520]
"TPFNF7"=C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [2008-07-31 60192]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2008-03-24 68464]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2007-01-09 868352]
"ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2008-08-15 143360]
"MyHelpService"=C:\Program Files\IBM\My Help\workspace\service\delayStart.exe [2008-03-19 94208]
"pmonmh"=C:\Program Files\IBM\My Help\workspace\..\plugins\com.ibm.myhelp.common_1.3.14/pmonmh.exe [2008-03-19 184371]
"ISSI Service"=c:\sdwork\issimsvc.exe [2011-07-28 184048]
"ipmcmu"=c:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe [2009-02-23 204800]
"C4EBReg"=C:\Program Files\C4ebreg\c4ebreg.exe [2011-02-21 490776]
"Isamtray"=C:\Program Files\C4ebreg\isamtray.exe [2011-02-21 294168]
"SKDaemon.exe"=C:\Program Files\Lenovo\Productivity Keyboard\SKDaemon.exe [2007-02-09 262144]
"Client Access Service"=C:\Program Files\IBM\Client Access\cwbsvstr.exe [2007-03-05 20531]
"AAAgent"=c:\Program Files\Encentuate\AATray.exe [2010-12-20 2267840]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NetSP - restore settings on power failure"=C:\PROGRA~1\AT&TNE~2\NetSP.exe [2009-10-07 87392]
"Meebo Notifier"=C:\Documents and Settings\Administrator\Local Settings\Application Data\Meebo\Meebo Notifier\MeeboNotifier.exe [2010-07-15 818888]
"T-Mobile Communication Centre"=C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe [2011-06-30 1363984]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
InfoPrint Select Notification.lnk - C:\Program Files\IBM\Infoprint Select\ipnotify.exe
PGPtray.exe.lnk - C:\WINDOWS\Installer\{8E87C7E9-A77B-4FD0-B81B-4258FE08090B}\Icon6560581611.exe

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
H.lnk - C:\WINDOWS\system32\subst.exe
TODO.txt.lnk - C:\Documents and Settings\Administrator\Desktop\TODO.txt

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-06-11 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-09-27 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pcsinst]
C:\WINDOWS\system32\pcsinst.dll [2007-11-02 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2008-03-17 34080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDevMgrUpdate"=1
"Btn_Home"=0
"Btn_Fullscreen"=0
"Btn_Tools"=0
"Btn_Print"=0
"Btn_Edit"=0
"Btn_Cut"=0
"Btn_Copy"=0
"Btn_Paste"=0
"Btn_Encoding"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=323
"NoMSAppLogo5ChannelNotify"=0
"NoBandCustomize"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe"="C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe:*:Enabled:BES Client"
"C:\Documents and Settings\Administrator\My Documents\Downloads\Flash-Player.exe"="C:\Documents and Settings\Administrator\My Documents\Downloads\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Administrator\My Documents\Downloads\Flash-Player.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-08-19 16:43:04 ----A---- C:\ComboFix.txt
2011-08-19 16:26:14 ----A---- C:\WINDOWS\zip.exe
2011-08-19 16:26:14 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-08-19 16:26:14 ----A---- C:\WINDOWS\SWSC.exe
2011-08-19 16:26:14 ----A---- C:\WINDOWS\SWREG.exe
2011-08-19 16:26:14 ----A---- C:\WINDOWS\sed.exe
2011-08-19 16:26:14 ----A---- C:\WINDOWS\PEV.exe
2011-08-19 16:26:14 ----A---- C:\WINDOWS\NIRCMD.exe
2011-08-19 16:26:14 ----A---- C:\WINDOWS\MBR.exe
2011-08-19 16:26:14 ----A---- C:\WINDOWS\grep.exe
2011-08-19 16:25:57 ----D---- C:\WINDOWS\ERDNT
2011-08-19 16:24:08 ----D---- C:\Qoobox
2011-08-19 16:09:06 ----D---- C:\Program Files\trend micro
2011-08-19 16:09:05 ----D---- C:\rsit
2011-08-15 08:22:29 ----D---- C:\Program Files\T-Mobile
2011-08-03 09:25:43 ----D---- C:\Documents and Settings\Administrator\Application Data\Download Manager
2011-07-26 10:00:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276$
2011-07-26 10:00:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$
2011-07-26 09:55:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2476490$
2011-07-26 09:54:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2011-07-26 09:50:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2011-07-26 09:48:22 ----D---- C:\WINDOWS\ie8updates
2011-07-26 09:46:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2011-07-26 08:43:12 ----A---- C:\WINDOWS\system32\wmpns.dll
2011-07-26 08:43:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2011-07-26 08:42:35 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2011-07-26 08:42:09 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2011-07-25 15:12:39 ----HD---- C:\WINDOWS\msdownld.tmp
2011-07-25 15:12:27 ----D---- C:\WINDOWS\WBEM
2011-07-25 15:12:03 ----HDC---- C:\WINDOWS\ie8
2011-07-22 10:00:54 ----A---- C:\WINDOWS\system32\selpms.dll
2011-07-22 10:00:54 ----A---- C:\WINDOWS\system32\selpmcui.dll

======List of files/folders modified in the last 1 month======

2011-08-19 16:45:39 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-08-19 16:43:06 ----D---- C:\WINDOWS\Temp
2011-08-19 16:42:22 ----A---- C:\Log.txt
2011-08-19 16:39:03 ----D---- C:\WINDOWS\security
2011-08-19 16:38:37 ----D---- C:\WINDOWS
2011-08-19 16:38:37 ----A---- C:\WINDOWS\system.ini
2011-08-19 16:38:18 ----D---- C:\WINDOWS\system32\CatRoot2
2011-08-19 16:38:17 ----D---- C:\WINDOWS\system32\drivers\etc
2011-08-19 16:37:47 ----D---- C:\sdwork
2011-08-19 16:37:46 ----D---- C:\Program Files\C4ebreg
2011-08-19 16:37:01 ----D---- C:\WINDOWS\system32\drivers
2011-08-19 16:35:33 ----D---- C:\WINDOWS\system32\config
2011-08-19 16:34:44 ----D---- C:\WINDOWS\system32
2011-08-19 16:31:49 ----D---- C:\WINDOWS\AppPatch
2011-08-19 16:31:48 ----D---- C:\Program Files\Common Files
2011-08-19 16:26:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-08-19 16:18:57 ----A---- C:\boot.ini
2011-08-19 16:09:06 ----RD---- C:\Program Files
2011-08-19 15:37:41 ----A---- C:\Zend Optimizer+_errors.txt
2011-08-19 15:37:13 ----D---- C:\WINDOWS\Prefetch
2011-08-19 15:34:38 ----A---- C:\WINDOWS\ntbtlog.txt
2011-08-19 12:40:32 ----D---- C:\Program Files\WST
2011-08-19 09:48:28 ----D---- C:\swd
2011-08-19 09:48:17 ----D---- C:\H_Koudy
2011-08-16 14:42:07 ----A---- C:\WINDOWS\ModemLog_ThinkPad Modem Adapter.txt
2011-08-16 14:40:05 ----D---- C:\WINDOWS\Help
2011-08-12 12:15:19 ----D---- C:\Documents and Settings\Administrator\Application Data\FileZilla
2011-08-11 15:17:09 ----D---- C:\temp
2011-08-05 10:07:31 ----RD---- C:\BCDR_tool
2011-08-01 08:19:26 ----SHD---- C:\WINDOWS\Installer
2011-07-26 15:20:23 ----HD---- C:\WINDOWS\inf
2011-07-26 12:22:20 ----D---- C:\WINDOWS\Microsoft.NET
2011-07-26 12:22:17 ----RSD---- C:\WINDOWS\assembly
2011-07-26 11:35:39 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-26 11:30:43 ----A---- C:\WINDOWS\imsins.BAK
2011-07-26 10:15:29 ----D---- C:\Config.Msi
2011-07-26 10:03:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-26 10:02:41 ----D---- C:\Program Files\Internet Explorer
2011-07-26 09:59:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-07-26 09:58:43 ----D---- C:\WINDOWS\WinSxS
2011-07-26 09:51:26 ----A---- C:\WINDOWS\iis6.BAK
2011-07-26 09:14:28 ----A---- C:\WINDOWS\win.ini
2011-07-26 08:42:16 ----D---- C:\Program Files\Movie Maker
2011-07-25 15:12:27 ----D---- C:\WINDOWS\system32\en-us
2011-07-25 15:12:23 ----D---- C:\WINDOWS\Media
2011-07-22 10:13:48 ----D---- C:\Program Files\Google
2011-07-22 10:13:31 ----SD---- C:\WINDOWS\Tasks
2011-07-22 10:01:20 ----D---- C:\Program Files\InstallShield Installation Information
2011-07-20 15:14:06 ----D---- C:\Utilities
2011-07-20 15:14:05 ----D---- C:\Documents and Settings\Administrator\Application Data\IBM
2011-07-20 15:12:51 ----D---- C:\Program Files\IBM
2011-07-20 10:31:18 ----D---- C:\Documents and Settings\Administrator\Application Data\WDPlugin

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
R0 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
R0 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
R0 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
R0 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
R0 iastor;Intel AHCI Controller; C:\WINDOWS\System32\Drivers\iaStor.sys [2008-07-22 319000]
R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PGPwded;PGPwded Storage Filter Service; C:\WINDOWS\system32\drivers\PGPwded.sys [2010-03-02 266360]
R0 Pgpwdefs;Pgpwdefs; C:\WINDOWS\system32\DRIVERS\Pgpwdefs.sys [2010-03-02 13432]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-09-17 36528]
R0 Shockprf;Shockprf; C:\WINDOWS\System32\DRIVERS\Apsx86.sys [2008-05-14 114728]
R0 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-08-01 691696]
R0 TPDIGIMN;TPDIGIMN; C:\WINDOWS\System32\DRIVERS\ApsHM86.sys [2008-05-14 19496]
R0 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]
R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2008-08-15 11520]
R1 Askernel;Askernel; \??\C:\Program Files\Aventail\Connect\asntkrnl.sys []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2008-05-13 17844]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2008-07-29 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2008-07-31 4608]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 agnwifi;AT&T Wi-Fi Support Driver; C:\WINDOWS\system32\DRIVERS\agnwifi.sys [2009-10-07 19328]
R2 AppnApi;AppnApi; C:\WINDOWS\System32\drivers\appnapi.sys [2007-11-02 120256]
R2 EGATHDRV;IBM Access Support; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS []
R2 Ethpdrv;Ethernet Packet Driver; C:\WINDOWS\system32\DRIVERS\ethpdrv.sys [2007-08-01 16376]
R2 IBM_LLC2;IBM Personal Communications LLC2 Driver; C:\WINDOWS\system32\DRIVERS\llc2.sys [2007-11-02 101696]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2008-04-10 12672]
R2 NsTrcNT;NsTrcNT; C:\WINDOWS\System32\drivers\nstrcnt.sys [2007-11-02 12028]
R2 pdlnctdl;Twinax CUT Adapter; C:\WINDOWS\System32\drivers\pdlnctdl.sys [2007-11-02 12288]
R2 pdlndldl;IBM Enterprise Extender (HPR/IPv4); C:\WINDOWS\System32\drivers\pdlndldl.sys [2007-11-02 64512]
R2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6); C:\WINDOWS\System32\drivers\pdlndldl6.sys [2007-11-02 70656]
R2 PGPdisk;PGPdisk; C:\WINDOWS\system32\drivers\PGPdisk.sys [2010-03-02 243832]
R2 PGPsdkDriver;PGPsdkDriver; C:\WINDOWS\System32\Drivers\PGPsdk.sys [2010-03-02 40568]
R2 PMEM;PMEM; \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2008-04-18 11904]
R3 agnfilt;AGN Filter Interface; C:\WINDOWS\system32\DRIVERS\agnfilt.sys [2009-10-07 219776]
R3 Anydlc;Anydlc; C:\WINDOWS\System32\drivers\anydlc.sys [2007-11-02 38280]
R3 Appn;Appn; C:\WINDOWS\System32\drivers\appn.sys [2007-11-02 1315392]
R3 AppnBase;AppnBase; C:\WINDOWS\System32\drivers\AppnBase.sys [2007-11-02 208896]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 Astdi;Astdi; \??\C:\Program Files\Aventail\Connect\asnttdi.sys []
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-05 37160]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-08-20 991656]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAU32.sys [2008-05-22 754176]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\WINDOWS\system32\DRIVERS\e1y5132.sys [2008-06-13 243856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2008-03-26 40832]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2008-04-10 985472]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2008-04-10 210560]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-06-11 6021184]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2008-03-31 23720]
R3 KLOGNT;KLOGNT; C:\WINDOWS\System32\drivers\klognt.sys [2007-11-02 24588]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110818.003\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110818.003\navex15.sys []
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-06-26 3630080]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 pdlnacom;PDLC Adapter -- COM; C:\WINDOWS\System32\drivers\pdlnacom.sys [2007-11-02 75200]
R3 pdlnafac;PDLC Adapter Factory; C:\WINDOWS\System32\drivers\pdlnafac.sys [2007-11-02 36048]
R3 pdlnatcm;Twinax Adapter Common; C:\WINDOWS\System32\drivers\pdlnatcm.sys [2007-11-02 20480]
R3 pdlnatdl;Twinax Adapter; C:\WINDOWS\System32\drivers\pdlnatdl.sys [2007-11-02 18432]
R3 pdlncbas;PDLC CxM Classes; C:\WINDOWS\System32\drivers\pdlncbas.sys [2007-11-02 6784]
R3 pdlncfwk;PDLC Connection Manager; C:\WINDOWS\System32\drivers\pdlncfwk.sys [2007-11-02 160288]
R3 pdlndint;PDLC DLC Classes; C:\WINDOWS\System32\drivers\pdlndint.sys [2007-11-02 12800]
R3 pdlndlpb;PDLC LAPB; C:\WINDOWS\System32\drivers\pdlndlpb.sys [2007-11-02 70144]
R3 pdlndoem;PDLC OEM Interface; C:\WINDOWS\System32\drivers\pdlndoem.sys [2007-11-02 18944]
R3 pdlndqll;PDLC QLLC; C:\WINDOWS\System32\drivers\pdlndqll.sys [2007-11-02 53248]
R3 pdlndsdl;PDLC SDLC; C:\WINDOWS\System32\drivers\pdlndsdl.sys [2007-11-02 67072]
R3 pdlndtdl;Twinax DLC; C:\WINDOWS\System32\drivers\pdlndtdl.sys [2007-11-02 51712]
R3 pdlnebas;PDLC Environment; C:\WINDOWS\System32\drivers\pdlnebas.sys [2007-11-02 8608]
R3 pdlnecfg;PDLC Configuration; C:\WINDOWS\System32\drivers\pdlnecfg.sys [2007-11-02 50336]
R3 pdlnemap;PDLC Mapper; C:\WINDOWS\System32\drivers\pdlnemap.sys [2007-11-02 67184]
R3 pdlnemsg;PDLC Message Driver; C:\WINDOWS\System32\drivers\pdlnemsg.sys [2007-11-02 12768]
R3 pdlnepkt;PDLC Buffer Manager; C:\WINDOWS\System32\drivers\pdlnepkt.sys [2007-11-02 19984]
R3 pdlnshay;PDLC Hayes At signalling; C:\WINDOWS\System32\drivers\pdlnshay.sys [2007-11-02 59504]
R3 pdlnslea;PDLC SDLC Leased; C:\WINDOWS\System32\drivers\pdlnslea.sys [2007-11-02 22384]
R3 pdlnsv25;PDLC V25bis signalling; C:\WINDOWS\System32\drivers\pdlnsv25.sys [2007-11-02 54416]
R3 pdlnsx25;PDLC X.25; C:\WINDOWS\System32\drivers\pdlnsx25.sys [2007-11-02 58432]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2006-08-07 12992]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2006-08-07 110784]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2006-08-07 31936]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20110818.001\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2006-08-07 28352]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-08-07 24768]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-11-22 181168]
R3 tpm;tpm; C:\WINDOWS\system32\DRIVERS\tpm.sys [2008-03-26 13824]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2005-11-30 474184]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2008-04-10 731264]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Ascrypto;Ascrypto; \??\C:\Program Files\Aventail\Connect\ascrypto.sys []
S3 avpnnic;AGN Virtual Network Adapter; C:\WINDOWS\system32\DRIVERS\avpnnic.sys [2009-10-07 11392]
S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-05-06 114688]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2008-05-30 534568]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-07-25 156816]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2008-02-05 37032]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-08-20 47272]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-03-08 88960]
S3 IpwP;IPWireless 3G Network Adapter; C:\WINDOWS\system32\DRIVERS\ipw3gnet.sys [2008-10-10 51040]
S3 IsamFilter;IsamFilter; C:\WINDOWS\system32\DRIVERS\isamfilter.sys [2010-02-24 6400]
S3 mbr;mbr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys []
S3 rockusb27;Driver for Emgeton Cult M9; C:\WINDOWS\system32\DRIVERS\rockusb27.sys [2010-06-25 44400]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2008-08-15 90112]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2008-08-15 212992]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service; C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2011-06-24 123120]
R2 Apache2.2-Zend;Apache2.2-Zend; C:\Program Files\Zend\Apache2\bin\httpd.exe [2011-03-09 26496]
R2 As32Svc;Aventail Connect; C:\Program Files\Aventail\Connect\as32svc.exe [2006-08-03 77824]
R2 BESClient;BES Client; C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe [2011-02-03 2982624]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2008-08-18 346720]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-07-19 192160]
R2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2006-07-19 202400]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-07-19 169632]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [2006-09-27 31472]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-07-10 819200]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2008-03-31 36640]
R2 ISAMSvc;IBM Standard Asset Manager Service; C:\Program Files\C4ebreg\c4ebreg.exe [2011-02-21 490776]
R2 ISSIMon;ISSI; c:\sdwork\issimsvc.exe [2011-07-28 184048]
R2 ISSVC;IS Service; C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe [2006-09-27 87728]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 ldlcserv;IBM Enterprise Extender (IPv4); C:\WINDOWS\system32\Drivers\ldlcserv.exe [2007-11-02 28672]
R2 ldlcserv6;IBM Enterprise Extender (IPv6); C:\WINDOWS\system32\Drivers\ldlcserv6.exe [2007-11-02 40960]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics; c:\notes\nsd.exe [2010-09-30 3399680]
R2 Multi-user Cleanup Service;Multi-user Cleanup Service; c:\notes\ntmulti.exe [2009-09-29 58760]
R2 NetCfgSvr;Network Configuration Service; C:\PROGRA~1\AT&TNE~2\netcfgsvr.exe [2009-10-07 619872]
R2 NetClientSvc;AT&T Global Network Client Service; C:\Program Files\AT&T Network Client\NetClientSvc.exe [2009-10-07 263520]
R2 ObsService;ObsService; c:\Program Files\Encentuate\ObsService.exe [2010-12-20 152256]
R2 PGPserv;PGPserv; C:\WINDOWS\system32\PGPserv.exe [2010-03-02 135288]
R2 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2008-07-29 94208]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-07-10 466944]
R2 S24EventMonitor;Intel® PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2008-07-10 901120]
R2 SavRoam;SAVRoam; c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]
R2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-08-07 214720]
R2 SOCIAccess;SOCIAccess; c:\Program Files\Encentuate\SOCIAccess.exe [2010-12-20 1000128]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [2006-09-27 1813232]
R2 SymSecurePort;Symantec SecurePort; C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [2006-09-27 173744]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2008-05-14 37416]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2006-06-29 32768]
R2 TrcBoot;IBM Trace Facility; C:\WINDOWS\system32\Drivers\trcboot.exe [2007-11-02 32768]
R2 ZendJavaBridge;Zend Java Bridge; C:\Program Files\Zend\ZendServer\bin\JavaServer.exe [2011-03-09 22800]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-22 136176]
S2 ISAMsmt;ISAM SMT Service; C:\Program Files\C4ebreg\isamsmt.exe []
S2 MyHelp;My Help; C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe []
S3 AppnNode;AppnNode; C:\WINDOWS\system32\Drivers\appnnode.exe [2007-11-02 32768]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 csrcmds;csrcmds; C:\Program Files\IBM\Personal Communications\csrcmds.exe [2007-11-02 49152]
S3 cstrcser;IBM Command Line Trace; C:\WINDOWS\system32\drivers\cstrcser.exe [2007-11-02 36864]
S3 Cwbrxd;iSeries Access for Windows Remote Command; C:\WINDOWS\CWBRXD.EXE [2007-03-05 65585]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-22 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-25 2528960]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Roli]

Zdravím, tohle fixni v HJT :

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TODO.txt.lnk = C:\Documents and Settings\Administrator\Desktop\TODO.txt

HJT najdeš zde :

C:\Program Files\trend micro\Koudy.exe

Fix znamená že spustíš HJT

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :

Google Update Service (gupdate)

Google Update Service (gupdatem)

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Dále bych rád viděl ten log z ComboFixu který tam na C:\ComboFix.txt máš.

[pinea]

Trosku jsem si s tim hral podle jednoho navodu:
http://www.viruskasino.com/2011/07/face ... t-vir.html

Takze tady je log ale ne ten predchozi. Sorry

ComboFix 11-08-19.02 - Koudy 08/20/2011 0:44.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1944.836 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *Disabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-19 to 2011-08-19 )))))))))))))))))))))))))))))))
.
.
2011-08-19 18:13 . 2011-08-19 19:08 133208 ----a-w- c:\windows\system32\drivers\47469072.sys
2011-08-19 18:06 . 2011-08-19 18:06 -------- d-----w- c:\program files\CCleaner
2011-08-19 18:04 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-08-19 18:04 . 2011-08-19 18:14 -------- d-----w- c:\windows\LastGood
2011-08-19 15:19 . 2011-08-19 15:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-08-19 14:55 . 2011-08-19 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-19 14:55 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-19 14:55 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-19 14:55 . 2011-08-19 14:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-19 14:09 . 2011-08-19 22:34 -------- d-----w- c:\program files\trend micro
2011-08-19 14:09 . 2011-08-19 14:09 -------- d-----w- C:\rsit
2011-08-15 06:22 . 2011-08-15 06:22 -------- d-----w- c:\program files\T-Mobile
2011-08-03 07:25 . 2011-08-06 08:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Download Manager
2011-07-26 08:02 . 2011-04-25 16:11 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-07-26 08:02 . 2011-04-25 16:11 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-07-26 08:02 . 2011-04-25 16:11 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-07-26 08:02 . 2011-04-25 16:11 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-07-26 08:02 . 2011-04-25 16:11 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-07-26 08:02 . 2011-04-25 16:11 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-07-26 08:00 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-07-26 07:55 . 2010-12-20 17:32 551936 -c----w- c:\windows\system32\dllcache\oleaut32.dll
2011-07-26 07:53 . 2009-05-07 15:32 345600 -c----w- c:\windows\system32\dllcache\localspl.dll
2011-07-26 07:46 . 2011-01-27 11:57 677888 -c----w- c:\windows\system32\dllcache\lhmstsc.exe
2011-07-26 07:46 . 2011-02-02 07:58 2067456 -c----w- c:\windows\system32\dllcache\lhmstscx.dll
2011-07-26 06:43 . 2008-04-14 04:42 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-07-25 13:18 . 2011-07-25 13:18 -------- d-s---w- c:\documents and settings\Administrator\PrivacIE
2011-07-25 13:16 . 2011-07-25 13:16 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-07-25 13:16 . 2011-07-25 13:16 -------- d-s---w- c:\documents and settings\LocalService\IETldCache
2011-07-25 13:12 . 2011-07-25 13:12 -------- dc----w- c:\windows\ie8
2011-07-22 08:00 . 2010-03-15 20:58 208896 ----a-w- c:\windows\system32\selpms.dll
2011-07-22 08:00 . 2010-03-15 20:57 86016 ----a-w- c:\windows\system32\selpmcui.dll
2011-07-22 07:59 . 2010-08-02 12:01 122880 ----a-w- c:\program files\Mozilla Firefox\plugins\npcpsweb.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-22 08:13 . 2011-05-19 14:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-18 06:23 . 2011-05-09 06:57 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-12-20 13:32 . 2011-01-21 11:34 460800 ----a-w- c:\program files\mozilla firefox\components\FirefoxEnXpCom.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2010-03-02 16:40 613496 ----a-w- c:\windows\system32\PGPfsshl.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetSP - restore settings on power failure"="c:\progra~1\AT&TNE~2\NetSP.exe" [2009-10-07 87392]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2011-06-30 1363984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"stgclean"="c:\sdwork\w32maing.exe" [2011-07-28 288256]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~2\SYMANT~2\VPTray.exe" [2006-09-27 125168]
"Tpam.exe"="c:\program files\IBM\Personal Communications\tpam.exe" [2007-11-02 28672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 141848]
"TpShocks"="TpShocks.exe" [2008-06-06 181536]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-07-29 331776]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-07-29 208896]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-22 820520]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-08-15 143360]
"MyHelpService"="c:\program files\IBM\My Help\workspace\service\delayStart.exe" [2008-03-19 94208]
"pmonmh"="c:\program files\IBM\My Help\workspace\..\plugins\com.ibm.myhelp.common_1.3.14/pmonmh.exe" [2008-03-19 184371]
"ISSI Service"="c:\sdwork\issimsvc.exe" [2011-07-28 184048]
"ipmcmu"="c:\program files\IBM\IPM Client Migration Utility\ipmcmu.exe" [2009-02-23 204800]
"C4EBReg"="c:\program files\C4ebreg\c4ebreg.exe" [2011-02-21 490776]
"Isamtray"="c:\program files\C4ebreg\isamtray.exe" [2011-02-21 294168]
"SKDaemon.exe"="c:\program files\Lenovo\Productivity Keyboard\SKDaemon.exe" [2007-02-09 262144]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2007-03-05 20531]
"AAAgent"="c:\program files\Encentuate\AATray.exe" [2010-12-20 2267840]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
H.lnk - c:\windows\system32\subst.exe [2004-8-4 9216]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
InfoPrint Select Notification.lnk - c:\program files\IBM\Infoprint Select\ipnotify.exe [2008-11-14 278528]
PGPtray.exe.lnk - c:\windows\Installer\{8E87C7E9-A77B-4FD0-B81B-4258FE08090B}\Icon6560581611.exe [2011-3-3 55296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]
2007-11-02 10:45 49152 ----a-w- c:\windows\system32\pcsinst.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 16:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 16:02 34080 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"IBMconfig"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BigFix Enterprise\\BES Client\\BESClient.exe"=
.
R0 47469072;47469072;c:\windows\system32\drivers\47469072.sys [8/19/2011 8:13 PM 133208]
R0 Pgpwdefs;Pgpwdefs;c:\windows\system32\drivers\PGPwdefs.sys [3/2/2010 6:40 PM 13432]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/1/2010 9:20 PM 691696]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [5/14/2008 6:21 PM 19496]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [6/24/2011 9:17 PM 123120]
R2 Apache2.2-Zend;Apache2.2-Zend;c:\program files\Zend\Apache2\bin\httpd.exe [3/9/2011 4:03 PM 26496]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [10/25/2010 9:33 PM 16376]
R2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6);c:\windows\system32\drivers\pdlndldl6.sys [11/2/2007 6:09 AM 70656]
R3 Astdi;Astdi;c:\program files\Aventail\Connect\asnttdi.sys [2/4/2010 1:50 PM 127977]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [7/14/2009 8:23 PM 243856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/29/2011 8:16 AM 105592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/19/2011 4:55 PM 22712]
S3 Ascrypto;Ascrypto;c:\program files\Aventail\Connect\ascrypto.sys [2/4/2010 1:50 PM 219291]
S3 csrcmds;csrcmds;c:\program files\IBM\Personal Communications\csrcmds.exe [11/2/2007 6:09 AM 49152]
S3 cstrcser;IBM Command Line Trace;c:\windows\system32\drivers\cstrcser.exe [11/2/2007 6:09 AM 36864]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\drivers\ipw3gnet.sys [3/12/2010 9:21 AM 51040]
S3 IsamFilter;IsamFilter;c:\windows\system32\drivers\isamfilter.sys [2/4/2010 12:28 PM 6400]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/19/2011 4:55 PM 41272]
S3 rockusb27;Driver for Emgeton Cult M9;c:\windows\system32\drivers\rockusb27.sys [6/15/2011 1:17 PM 44400]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/22/2011 10:13 AM 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/22/2011 10:13 AM 136176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 1216021DRV
*NewlyCreated* - 47469072
*NewlyCreated* - GUPDATEM
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-19 c:\windows\Tasks\At1.job
- c:\program files\IBM\IPM Client Migration Utility\ipmcmu.exe [2009-07-15 18:52]
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-22 08:13]
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-22 08:13]
.
2011-08-19 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-07-14 00:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://w3.ibm.com
uInternet Connection Wizard,ShellNext = hxxp://w3.ibm.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
LSP: c:\windows\system32\Hummingbird\Connectivity\8.00\Socks\\hclsock5.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gf75zumt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://w3.ibm.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=
FF - prefs.js: network.proxy.ftp - 149.6.118.94
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 149.6.118.94
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 149.6.118.94
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 149.6.118.94
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 149.6.118.94
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-20 00:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ipmcmu = c:\program files\IBM\IPM Client Migration Utility\ipmcmu.exe "c:\program files\IBM\IPM Client Migration Utility"?run key ipmcmu was set successfully?run key ipmcmu was not set successfully?Error, Windows run key not found?The service "Task Scheduler" is not ru
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: FUJITSU_ rev.0084 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0xF7A3E864
user & kernel MBR OK
copy of MBR has been found in sector 6 !
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-423980714-3712553699-3720434300-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,09,19,8c,a7,b6,63,48,b3,c1,2f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,09,19,8c,a7,b6,63,48,b3,c1,2f,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(932)
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\windows\system32\pcsinst.dll
c:\windows\system32\igfxdev.dll
c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
- - - - - - - > 'lsass.exe'(988)
c:\windows\system32\Hummingbird\Connectivity\8.00\Socks\hclsock5.dll
.
- - - - - - - > 'explorer.exe'(4340)
c:\windows\system32\WININET.dll
c:\windows\system32\PGPhk.dll
c:\windows\system32\PGPfsshl.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-08-20 00:55:08
ComboFix-quarantined-files.txt 2011-08-19 22:55
ComboFix2.txt 2011-08-19 14:43
.
Pre-Run: 78,363,058,176 bytes free
Post-Run: 78,339,149,824 bytes free
.
- - End Of File - - 28AEC91044AC7D18F831472BDEE47FC7

[Roli]

Trosku jsem si s tim hral podle jednoho navodu:
http://www.viruskasino.com/2011/07/face ... t-vir.html

V tom případě já už nemám co řešit, jen

přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Pak dej vědět jaký je stav PC.

[pinea]

Díky za pomoc. Notes je v dobrem stavu. Ještě vyzkouším přechod do nouzového režimu.
Trošku jsem na to spěchal je to totiž pracovní notebook a nechtěl jsem ho s virem pouštět do intranetu.

[Roli]

Není zač.