Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o pomoc, vir Rootkit.Agent.NUS Trojský kůň

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15712
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Prosím o pomoc, vir Rootkit.Agent.NUS Trojský kůň

#76 Příspěvek od JaRon »

OKi - tak este pouzi ASK Toolbar remover
http://www.softpedia.com/progDownload/A ... 60388.html

a restart - vloz aktualny RSIT a popis aktualne problemy PC (pretoze tema je dlha)
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Nahoru
chris.h
Návštěvník
Návštěvník
Příspěvky: 121
Registrován: 17 lis 2011 12:20

Re: Prosím o pomoc, vir Rootkit.Agent.NUS Trojský kůň

#77 Příspěvek od chris.h »

Tak, na začátku jsem tu řešila problém s rootkitem, ale později se mi objevil další problém... přestalo mi fungovat připojení na internet a nefungovala ani brána firewall... internet se nám podařilo zprovoznit pouze přes otlpe net a to jen přímo přes kabel a ne přes wifi, přes kterou se běžně připojuji k domácí síti...

a teď mi zase poměrně dlouho trvá než se mi zobrazí složky v: tento počítač...

RSIT:


Logfile of random's system information tool 1.09 (written by random/random)
Run by OEM at 2011-11-24 10:28:40
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 19 GB (13%) free of 148 GB
Total RAM: 1014 MB (45% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
C:\WINDOWS\tasks\PMTask.job
C:\WINDOWS\tasks\Připomenutí registrace 1.job
C:\WINDOWS\tasks\Připomenutí registrace 2.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\6jts2rqn.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "www.seznam.cz"
prefs.js - "extensions.enabledItems" - "{3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872, smartwebprinting@hp.com:4.5, {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, jqs@sun.com:1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://websearch.ask.com/redirect?clien ... ^YY^CZ&&q="

"smartwebprinting@hp.com"=C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1]
"Description"=Yahoo! activeX Plug-in Bridge
"Path"=C:\Program Files\Yahoo!\Common\npyaxmpb.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll
npqtplugin.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml

C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\6jts2rqn.default\extensions\
toolbar@ask.com

C:\Documents and Settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\6jts2rqn.default\searchplugins\
askcom.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
MHTBPos00 Class - C:\Program Files\Family Toolbar\tbcore3.dll [2009-05-07 2642432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2009-09-28 520192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GrooveShellExtensions.dll [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-08-23 1515688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-03-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-03-17 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2009-09-28 520192]
{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - Family Toolbar - C:\Program Files\Family Toolbar\tbcore3.dll [2009-05-07 2642432]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-08-23 1515688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog []
"TPFNF7"=C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [2007-04-09 58416]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2007-03-09 66176]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-03-05 172032]
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2007-03-29 181808]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2007-03-28 243248]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-02-26 131072]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-02-26 155648]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-02-26 131072]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2007-02-08 536576]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"ISUSPM Startup"=C:\Program Files\Common Files\Installshield\UpdateService\isuspm.exe [2005-08-11 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"AwaySch"=C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [2006-11-07 91688]
"LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2007-03-22 120368]
"AMSG"=C:\Program Files\ThinkVantage\AMSG\Amsg.exe [2007-02-01 419376]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2011-08-23 887976]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-08 3076144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.894 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]
"Advanced SystemCare 4"=C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe [2011-08-09 417112]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [2009-02-27 278016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update]
C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe [2009-01-14 113680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
C:\Program Files\PDF24\pdf24.exe [2011-04-28 220552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\Digital Imaging\bin\hpqtra08.exe [2009-05-21 275768]

C:\Documents and Settings\OEM\Nabídka Start\Programy\Po spuštění
AccuWeather.lnk - C:\Documents and Settings\OEM\Dokumenty\AccuWeather.com Stratus\AccuWeather.com Stratus.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-02-26 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll [2007-03-14 89600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2006-12-14 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GrooveShellExtensions.dll [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe"
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe"="C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe:*:Disabled:Adobe AIR Installer"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\IObit\Advanced SystemCare 4\ASC.exe"="C:\Program Files\IObit\Advanced SystemCare 4\ASC.exe:*:Enabled:Advanced SystemCare 4"
"C:\Program Files\IObit\Advanced SystemCare 4\AutoUpdate.exe"="C:\Program Files\IObit\Advanced SystemCare 4\AutoUpdate.exe:*:Enabled:Advanced SystemCare Updater"
"C:\Documents and Settings\OEM\Dokumenty\AccuWeather.com Stratus\AccuWeather.com Stratus.exe"="C:\Documents and Settings\OEM\Dokumenty\AccuWeather.com Stratus\AccuWeather.com Stratus.exe:*:Enabled:AccuWeather.com Stratus"
"C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:Windows® installer"
"C:\Documents and Settings\All Users\Data aplikací\MFAData\SelfUpd\avgmfapx.exe"="C:\Documents and Settings\All Users\Data aplikací\MFAData\SelfUpd\avgmfapx.exe:*:Enabled:AVG Installer Application"
"C:\Documents and Settings\OEM\Dokumenty\Stažené soubory\RSIT.exe"="C:\Documents and Settings\OEM\Dokumenty\Stažené soubory\RSIT.exe:*:Enabled:RSIT"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\Ask.com\Updater\Updater.exe"="C:\Program Files\Ask.com\Updater\Updater.exe:*:Enabled:Ask Updater"
"C:\Program Files\AVI ReComp\AVIReComp.exe"="C:\Program Files\AVI ReComp\AVIReComp.exe:*:Enabled:The tool for re-encoding AVI clips"
"C:\Documents and Settings\OEM\Dokumenty\Stažené soubory\tdsskiller.exe"="C:\Documents and Settings\OEM\Dokumenty\Stažené soubory\tdsskiller.exe:*:Enabled:TDSS rootkit removing tool"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe"
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"
"D:\setup\hpznui01.exe"="D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll

======List of files/folders created in the last 1 month======

2011-11-24 09:41:32 ----SHD---- C:\RECYCLER
2011-11-24 09:34:56 ----A---- C:\WINDOWS\OEWABLog.txt
2011-11-24 09:34:25 ----D---- C:\WINDOWS\Prefetch
2011-11-24 09:30:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2011-11-24 09:28:38 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2011-11-24 09:26:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2011-11-24 09:25:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2011-11-24 09:23:41 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2011-11-24 09:22:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2011-11-24 09:20:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2011-11-24 09:18:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2011-11-24 09:17:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2011-11-24 09:15:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2011-11-24 09:13:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2011-11-24 09:12:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2011-11-24 09:10:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2011-11-24 09:08:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2011-11-24 09:06:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2011-11-24 09:05:00 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2011-11-24 09:03:09 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2011-11-24 08:59:26 ----A---- C:\WINDOWS\setuplog.txt
2011-11-24 08:58:16 ----N---- C:\WINDOWS\system32\drivers\irbus.sys
2011-11-24 08:58:16 ----N---- C:\WINDOWS\system32\comsdupd.exe
2011-11-24 08:58:15 ----N---- C:\WINDOWS\system32\smtpapi.dll
2011-11-24 08:58:15 ----N---- C:\WINDOWS\system32\rwnh.dll
2011-11-24 08:58:10 ----N---- C:\WINDOWS\system32\ati3duag.dll
2011-11-24 08:58:10 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2011-11-24 08:58:10 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2011-11-24 08:58:10 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2011-11-24 08:58:10 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2011-11-24 08:58:10 ----N---- C:\WINDOWS\system32\aaclient.dll
2011-11-24 08:58:09 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2011-11-24 08:58:09 ----N---- C:\WINDOWS\system32\azroles.dll
2011-11-24 08:58:09 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2011-11-24 08:58:09 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2011-11-24 08:58:08 ----N---- C:\WINDOWS\system32\dot3svc.dll
2011-11-24 08:58:08 ----N---- C:\WINDOWS\system32\dot3msm.dll
2011-11-24 08:58:08 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2011-11-24 08:58:08 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2011-11-24 08:58:08 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2011-11-24 08:58:08 ----N---- C:\WINDOWS\system32\dot3api.dll
2011-11-24 08:58:08 ----N---- C:\WINDOWS\system32\dimsroam.dll
2011-11-24 08:58:08 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2011-11-24 08:58:08 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2011-11-24 08:58:08 ----N---- C:\WINDOWS\system32\credssp.dll
2011-11-24 08:58:07 ----N---- C:\WINDOWS\system32\eapolqec.dll
2011-11-24 08:58:07 ----N---- C:\WINDOWS\system32\dot3ui.dll
2011-11-24 08:58:06 ----N---- C:\WINDOWS\system32\eapsvc.dll
2011-11-24 08:58:06 ----N---- C:\WINDOWS\system32\eapqec.dll
2011-11-24 08:58:06 ----N---- C:\WINDOWS\system32\eappprxy.dll
2011-11-24 08:58:06 ----N---- C:\WINDOWS\system32\eapphost.dll
2011-11-24 08:58:06 ----N---- C:\WINDOWS\system32\eappgnui.dll
2011-11-24 08:58:06 ----N---- C:\WINDOWS\system32\eappcfg.dll
2011-11-24 08:58:06 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2011-11-24 08:58:05 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2011-11-24 08:58:03 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2011-11-24 08:58:03 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2011-11-24 08:58:02 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2011-11-24 08:58:01 ----N---- C:\WINDOWS\system32\kmsvc.dll
2011-11-24 08:58:01 ----N---- C:\WINDOWS\system32\kbdpash.dll
2011-11-24 08:58:00 ----N---- C:\WINDOWS\system32\mmcperf.exe
2011-11-24 08:58:00 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2011-11-24 08:58:00 ----N---- C:\WINDOWS\system32\mmcex.dll
2011-11-24 08:58:00 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2011-11-24 08:58:00 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2011-11-24 08:57:59 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2011-11-24 08:57:59 ----N---- C:\WINDOWS\system32\mssha.dll
2011-11-24 08:57:58 ----N---- C:\WINDOWS\system32\onex.dll
2011-11-24 08:57:58 ----N---- C:\WINDOWS\system32\napstat.exe
2011-11-24 08:57:58 ----N---- C:\WINDOWS\system32\napmontr.dll
2011-11-24 08:57:58 ----N---- C:\WINDOWS\system32\napipsec.dll
2011-11-24 08:57:58 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2011-11-24 08:57:57 ----N---- C:\WINDOWS\system32\s3gnb.dll
2011-11-24 08:57:57 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2011-11-24 08:57:57 ----N---- C:\WINDOWS\system32\rasqec.dll
2011-11-24 08:57:57 ----N---- C:\WINDOWS\system32\qutil.dll
2011-11-24 08:57:57 ----N---- C:\WINDOWS\system32\qcliprov.dll
2011-11-24 08:57:57 ----N---- C:\WINDOWS\system32\qagentrt.dll
2011-11-24 08:57:57 ----N---- C:\WINDOWS\system32\qagent.dll
2011-11-24 08:57:57 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2011-11-24 08:57:56 ----N---- C:\WINDOWS\system32\slserv.exe
2011-11-24 08:57:56 ----N---- C:\WINDOWS\system32\slrundll.exe
2011-11-24 08:57:56 ----N---- C:\WINDOWS\system32\slgen.dll
2011-11-24 08:57:56 ----N---- C:\WINDOWS\system32\slextspk.dll
2011-11-24 08:57:56 ----N---- C:\WINDOWS\system32\slcoinst.dll
2011-11-24 08:57:56 ----N---- C:\WINDOWS\system32\setupn.exe
2011-11-24 08:57:55 ----N---- C:\WINDOWS\system32\tspkg.dll
2011-11-24 08:57:55 ----N---- C:\WINDOWS\system32\tsgqec.dll
2011-11-24 08:57:53 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2011-11-24 08:57:53 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2011-11-24 08:57:52 ----N---- C:\WINDOWS\system32\wmphoto.dll
2011-11-24 08:57:52 ----N---- C:\WINDOWS\system32\wlanapi.dll
2011-11-24 08:57:49 ----N---- C:\WINDOWS\slrundll.exe
2011-11-24 08:57:47 ----D---- C:\WINDOWS\l2schemas
2011-11-24 08:57:46 ----D---- C:\WINDOWS\system32\cs
2011-11-24 08:57:46 ----D---- C:\WINDOWS\system32\bits
2011-11-24 08:53:03 ----D---- C:\WINDOWS\ServicePackFiles
2011-11-24 08:48:32 ----N---- C:\WINDOWS\system32\drivers\adv11nt5.dll
2011-11-24 08:48:32 ----N---- C:\WINDOWS\system32\drivers\adv09nt5.dll
2011-11-24 08:48:32 ----N---- C:\WINDOWS\system32\drivers\adv08nt5.dll
2011-11-24 08:48:32 ----N---- C:\WINDOWS\system32\drivers\adv07nt5.dll
2011-11-24 08:48:32 ----N---- C:\WINDOWS\system32\drivers\adv05nt5.dll
2011-11-24 08:48:32 ----N---- C:\WINDOWS\system32\drivers\adv02nt5.dll
2011-11-24 08:48:32 ----N---- C:\WINDOWS\system32\drivers\adv01nt5.dll
2011-11-24 08:48:32 ----D---- C:\WINDOWS\network diagnostic
2011-11-24 08:48:30 ----N---- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2011-11-24 08:48:30 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2011-11-24 08:48:30 ----N---- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2011-11-24 08:48:30 ----N---- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2011-11-24 08:48:30 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys
2011-11-24 08:48:30 ----N---- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2011-11-24 08:48:30 ----N---- C:\WINDOWS\system32\drivers\ati1raxx.sys
2011-11-24 08:48:30 ----N---- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2011-11-24 08:48:30 ----N---- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2011-11-24 08:48:30 ----N---- C:\WINDOWS\system32\drivers\ati1btxx.sys
2011-11-24 08:48:29 ----N---- C:\WINDOWS\system32\drivers\atinraxx.sys
2011-11-24 08:48:29 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys
2011-11-24 08:48:29 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys
2011-11-24 08:48:29 ----N---- C:\WINDOWS\system32\drivers\atinbtxx.sys
2011-11-24 08:48:29 ----N---- C:\WINDOWS\system32\drivers\ati2mtag.sys
2011-11-24 08:48:29 ----N---- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2011-11-24 08:48:28 ----N---- C:\WINDOWS\system32\drivers\atinxsxx.sys
2011-11-24 08:48:28 ----N---- C:\WINDOWS\system32\drivers\atinxbxx.sys
2011-11-24 08:48:28 ----N---- C:\WINDOWS\system32\drivers\atintuxx.sys
2011-11-24 08:48:28 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys
2011-11-24 08:48:28 ----N---- C:\WINDOWS\system32\drivers\atinsnxx.sys
2011-11-24 08:48:28 ----N---- C:\WINDOWS\system32\drivers\atinrvxx.sys
2011-11-24 08:48:27 ----N---- C:\WINDOWS\system32\drivers\bthmodem.sys
2011-11-24 08:48:27 ----N---- C:\WINDOWS\system32\drivers\atv10nt5.dll
2011-11-24 08:48:27 ----N---- C:\WINDOWS\system32\drivers\atv06nt5.dll
2011-11-24 08:48:27 ----N---- C:\WINDOWS\system32\drivers\atv04nt5.dll
2011-11-24 08:48:27 ----N---- C:\WINDOWS\system32\drivers\atv02nt5.dll
2011-11-24 08:48:27 ----N---- C:\WINDOWS\system32\drivers\atv01nt5.dll
2011-11-24 08:48:26 ----N---- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2011-11-24 08:48:26 ----N---- C:\WINDOWS\system32\drivers\bthprint.sys
2011-11-24 08:48:25 ----N---- C:\WINDOWS\system32\drivers\hidbth.sys
2011-11-24 08:48:25 ----N---- C:\WINDOWS\system32\drivers\gagp30kx.sys
2011-11-24 08:48:23 ----N---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2011-11-24 08:48:23 ----N---- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2011-11-24 08:48:23 ----N---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2011-11-24 08:48:23 ----N---- C:\WINDOWS\system32\drivers\hidir.sys
2011-11-24 08:48:22 ----N---- C:\WINDOWS\system32\drivers\mtxparhm.sys
2011-11-24 08:48:22 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys
2011-11-24 08:48:22 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2011-11-24 08:48:21 ----N---- C:\WINDOWS\system32\drivers\s3gnbm.sys
2011-11-24 08:48:21 ----N---- C:\WINDOWS\system32\drivers\rndismpx.sys
2011-11-24 08:48:21 ----N---- C:\WINDOWS\system32\drivers\recagent.sys
2011-11-24 08:48:21 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2011-11-24 08:48:21 ----N---- C:\WINDOWS\system32\drivers\mutohpen.sys
2011-11-24 08:48:19 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys
2011-11-24 08:48:19 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys
2011-11-24 08:48:19 ----N---- C:\WINDOWS\system32\drivers\siint5.dll
2011-11-24 08:48:18 ----N---- C:\WINDOWS\system32\drivers\uagp35.sys
2011-11-24 08:48:18 ----N---- C:\WINDOWS\system32\drivers\smbali.sys
2011-11-24 08:48:18 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys
2011-11-24 08:48:18 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys
2011-11-24 08:48:17 ----N---- C:\WINDOWS\system32\drivers\vchnt5.dll
2011-11-24 08:48:17 ----N---- C:\WINDOWS\system32\drivers\usbvideo.sys
2011-11-24 08:48:17 ----N---- C:\WINDOWS\system32\drivers\usb8023x.sys
2011-11-24 08:48:16 ----N---- C:\WINDOWS\system32\drivers\watv06nt.sys
2011-11-24 08:48:16 ----N---- C:\WINDOWS\system32\drivers\wadv11nt.sys
2011-11-24 08:48:16 ----N---- C:\WINDOWS\system32\drivers\wadv09nt.sys
2011-11-24 08:48:16 ----N---- C:\WINDOWS\system32\drivers\wadv08nt.sys
2011-11-24 08:48:16 ----N---- C:\WINDOWS\system32\drivers\wadv07nt.sys
2011-11-24 08:48:16 ----N---- C:\WINDOWS\system32\drivers\wacompen.sys
2011-11-24 08:48:14 ----N---- C:\WINDOWS\system32\drivers\watv10nt.sys
2011-11-24 08:45:26 ----A---- C:\WINDOWS\002734_.tmp
2011-11-24 08:39:54 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2011-11-23 22:58:57 ----D---- C:\Documents and Settings\OEM\Data aplikací\Malwarebytes
2011-11-23 22:58:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-11-23 22:58:44 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-11-23 22:58:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-11-23 13:13:38 ----A---- C:\ComboFix.txt
2011-11-23 13:05:29 ----A---- C:\OTL.Txt
2011-11-23 11:26:39 ----A---- C:\MyNICDetails.txt
2011-11-23 06:30:23 ----D---- C:\vzorky
2011-11-21 00:49:57 ----A---- C:\WINDOWS\system32\msiexec.exe
2011-11-21 00:49:32 ----A---- C:\WINDOWS\system32\drivers\afd.sys
2011-11-20 19:38:41 ----A---- C:\WINDOWS\zip.exe
2011-11-20 19:38:41 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-11-20 19:38:41 ----A---- C:\WINDOWS\SWSC.exe
2011-11-20 19:38:41 ----A---- C:\WINDOWS\SWREG.exe
2011-11-20 19:38:41 ----A---- C:\WINDOWS\sed.exe
2011-11-20 19:38:41 ----A---- C:\WINDOWS\PEV.exe
2011-11-20 19:38:41 ----A---- C:\WINDOWS\NIRCMD.exe
2011-11-20 19:38:41 ----A---- C:\WINDOWS\grep.exe
2011-11-20 11:31:31 ----A---- C:\WINDOWS\system32\drivers\BlackBox.sys
2011-11-20 11:21:23 ----D---- C:\WINDOWS\temp
2011-11-19 14:37:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2011-11-18 23:48:42 ----A---- C:\Boot.bak
2011-11-18 23:48:37 ----RASHD---- C:\cmdcons
2011-11-18 23:45:28 ----A---- C:\WINDOWS\MBR.exe
2011-11-18 23:38:47 ----D---- C:\WINDOWS\ERDNT
2011-11-18 22:36:40 ----D---- C:\Qoobox
2011-11-18 20:29:29 ----A---- C:\TDSSKiller.2.6.19.0_18.11.2011_20.29.29_log.txt
2011-11-18 12:22:57 ----A---- C:\WINDOWS\system32\drivers\10418741.sys
2011-11-17 21:38:01 ----A---- C:\WINDOWS\system32\drivers\44042542.sys
2011-11-17 17:38:58 ----D---- C:\Program Files\trend micro
2011-11-17 17:38:57 ----D---- C:\rsit
2011-11-17 15:59:01 ----D---- C:\Documents and Settings\OEM\Data aplikací\AVI ReComp
2011-11-17 15:58:41 ----D---- C:\Program Files\Gabest
2011-11-17 15:58:30 ----D---- C:\Program Files\Xvid
2011-11-17 15:57:49 ----D---- C:\Program Files\AviSynth 2.5
2011-11-17 15:54:44 ----D---- C:\Program Files\AVI ReComp
2011-11-17 12:48:20 ----D---- C:\Program Files\ESET
2011-11-17 10:09:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2011-11-08 09:54:37 ----D---- C:\Program Files\WAS
2011-10-30 19:14:12 ----D---- C:\Documents and Settings\OEM\Data aplikací\Search Settings
2011-10-30 19:13:53 ----D---- C:\Program Files\Application Updater
2011-10-30 19:13:52 ----D---- C:\Program Files\IObit Toolbar

======List of files/folders modified in the last 1 month======

2011-11-24 10:24:23 ----A---- C:\TPHKLOCK.TXT
2011-11-24 10:22:50 ----D---- C:\WINDOWS
2011-11-24 10:19:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-11-24 10:19:10 ----AD---- C:\WINDOWS\system32
2011-11-24 10:19:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-11-24 09:37:28 ----HD---- C:\WINDOWS\inf
2011-11-24 09:37:05 ----D---- C:\WINDOWS\Debug
2011-11-24 09:36:37 ----D---- C:\WINDOWS\system32\CatRoot2
2011-11-24 09:33:49 ----D---- C:\WINDOWS\system32\Setup
2011-11-24 09:33:48 ----D---- C:\WINDOWS\system32\wbem
2011-11-24 09:33:48 ----D---- C:\WINDOWS\AppPatch
2011-11-24 09:33:46 ----RSD---- C:\WINDOWS\Fonts
2011-11-24 09:33:39 ----D---- C:\WINDOWS\system32\drivers
2011-11-24 09:30:54 ----D---- C:\WINDOWS\system32\CatRoot
2011-11-24 09:30:53 ----ASHD---- C:\WINDOWS\system32\dllcache
2011-11-24 09:05:39 ----D---- C:\Program Files\Messenger
2011-11-24 09:02:05 ----D---- C:\WINDOWS\security
2011-11-24 08:58:34 ----D---- C:\WINDOWS\WinSxS
2011-11-24 08:58:18 ----D---- C:\WINDOWS\ehome
2011-11-24 08:58:15 ----D---- C:\WINDOWS\system32\inetsrv
2011-11-24 08:58:14 ----D---- C:\WINDOWS\Help
2011-11-24 08:58:13 ----D---- C:\WINDOWS\ime
2011-11-24 08:57:49 ----D---- C:\WINDOWS\system32\usmt
2011-11-24 08:57:49 ----D---- C:\WINDOWS\system32\cs-cz
2011-11-24 08:57:46 ----SHD---- C:\WINDOWS\Installer
2011-11-24 08:57:45 ----D---- C:\WINDOWS\PeerNet
2011-11-24 08:57:45 ----D---- C:\Program Files\Movie Maker
2011-11-24 08:52:33 ----D---- C:\WINDOWS\system32\Restore
2011-11-24 08:52:33 ----D---- C:\WINDOWS\system32\npp
2011-11-24 08:52:31 ----D---- C:\WINDOWS\msagent
2011-11-24 08:52:28 ----D---- C:\WINDOWS\srchasst
2011-11-24 08:52:27 ----D---- C:\Program Files\NetMeeting
2011-11-24 08:52:25 ----D---- C:\WINDOWS\system32\Com
2011-11-24 08:52:19 ----D---- C:\Program Files\Windows Media Player
2011-11-24 08:52:18 ----D---- C:\Program Files\Windows NT
2011-11-24 08:52:18 ----D---- C:\Program Files\Outlook Express
2011-11-24 08:52:11 ----AD---- C:\Program Files\Common Files\System
2011-11-24 08:51:44 ----AD---- C:\WINDOWS\system32\oobe
2011-11-24 08:51:40 ----D---- C:\WINDOWS\system
2011-11-24 08:22:17 ----D---- C:\WINDOWS\SHELLNEW
2011-11-23 22:58:43 ----AD---- C:\Program Files
2011-11-23 13:10:52 ----A---- C:\WINDOWS\system.ini
2011-11-23 13:08:42 ----AD---- C:\Program Files\Common Files
2011-11-23 08:49:16 ----AC---- C:\WINDOWS\NeroDigital.ini
2011-11-20 21:07:19 ----D---- C:\WINDOWS\system32\drivers\etc
2011-11-20 21:05:26 ----D---- C:\WINDOWS\system32\config
2011-11-20 17:18:56 ----D---- C:\SWSHARE
2011-11-20 13:55:03 ----AC---- C:\WINDOWS\wincmd.ini
2011-11-20 07:34:22 ----AD---- C:\Documents and Settings\OEM\Data aplikací\Media Player Classic
2011-11-19 16:22:37 ----D---- C:\Program Files\DAEMON Tools Toolbar
2011-11-19 16:01:30 ----AC---- C:\WINDOWS\wcx_ftp.ini
2011-11-19 14:38:18 ----D---- C:\Config.Msi
2011-11-19 00:10:35 ----SD---- C:\WINDOWS\Tasks
2011-11-19 00:00:01 ----DC---- C:\WINDOWS\$NtUninstallKB28038$
2011-11-18 23:48:42 ----RASH---- C:\boot.ini
2011-11-17 23:15:49 ----SHD---- C:\System Volume Information
2011-11-17 07:42:18 ----A---- C:\WINDOWS\system32\PROCDB.INI
2011-11-17 07:41:37 ----A---- C:\WINDOWS\system32\IPSCtrl.INI
2011-11-17 07:03:02 ----A---- C:\WINDOWS\system32\bscs.ini
2011-11-17 07:02:52 ----A---- C:\WINDOWS\system32\LOCALSERVICE.INI
2011-11-17 07:02:49 ----A---- C:\WINDOWS\system32\LOCALDEVICE.INI
2011-11-16 19:59:35 ----AD---- C:\Program Files\Common Files\Lenovo
2011-11-11 23:09:20 ----AD---- C:\Program Files\Mozilla Firefox
2011-10-30 19:13:52 ----D---- C:\Program Files\Common Files\Spigot
2011-10-26 07:03:09 ----A---- C:\WINDOWS\system32\REMOTEDEVICE.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 10418741;10418741; C:\WINDOWS\system32\DRIVERS\10418741.sys [2011-11-17 133208]
R0 44042542;44042542; C:\WINDOWS\system32\DRIVERS\44042542.sys [2011-11-17 133208]
R0 BtHidBus;Bluetooth HID Bus Service; C:\WINDOWS\System32\Drivers\BtHidBus.sys [2009-01-07 20744]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2007-02-12 277784]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-11-20 36624]
R0 risdptsk;risdptsk; C:\WINDOWS\system32\DRIVERS\risdptsk.sys [2005-07-14 27904]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 Shockprf;Shockprf; C:\WINDOWS\System32\DRIVERS\Apsx86.sys [2007-03-02 100656]
R0 TPDIGIMN;TPDIGIMN; C:\WINDOWS\System32\DRIVERS\ApsHM86.sys [2007-03-02 19760]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2006-10-23 17778]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2007-04-12 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2007-04-09 12848]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-11-20 21425]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2011-08-09 154136]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 PROCDD;IPS Helper Driver; C:\WINDOWS\system32\DRIVERS\PROCDD.SYS [2006-11-06 12080]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-11-15 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2006-11-15 37376]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-02-21 12416]
R2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys []
R2 tvtfilter;tvtfilter; C:\WINDOWS\system32\DRIVERS\tvtfilter.sys [2007-11-20 33536]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2007-03-04 146432]
R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-17 15872]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-03-09 152064]
R3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2009-01-03 39304]
R3 btnetBUs;Bluetooth PAN Bus Service; C:\WINDOWS\System32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAudN.sys [2007-04-27 666112]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-03-25 988032]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-03-25 210688]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-02-26 5700096]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2007-02-27 21040]
R3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-07-02 26248]
R3 NETw4x32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-03-28 2204672]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2006-09-13 28224]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2007-03-14 40848]
R3 TVTI2C;Lenovo SM bus driver; C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264]
R3 TVTPktFilter;TVT Packet Filter Service; C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys [2007-02-08 17664]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2009-01-08 31880]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-03-25 731136]
S1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2011-08-04 103112]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2008-12-07 14088]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\OEM\LOCALS~1\Temp\catchme.sys []
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-10-24 117760]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-10-28 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-10-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-10-28 21568]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2004-06-28 42752]
S3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2008-01-21 14856]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-09-08 974944]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 AdvancedSystemCareService;Advanced SystemCare Service; C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe []
S2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe []
S2 BlueSoleilCS;BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe []
S2 BsMobileCS;BsMobileCS; C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe []
S2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe []
S2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe []
S2 IPSSVC;IPS Core Service; C:\WINDOWS\system32\IPSSVC.EXE []
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf []
S2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe []
S2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe []
S2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe []
S2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe []
S2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe []
S2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe []
S2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe []
S2 TVT Scheduler;TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe []
S2 tvtnetwk;tvtnetwk; C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 BsHelpCS;BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2009-02-27 98407]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 HCYDLAH;HCYDLAH; C:\DOCUME~1\OEM\LOCALS~1\Temp\HCYDLAH.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMConnectCDS;Služba Windows Media Connect; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]
S4 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------
Nahoru
chris.h
Návštěvník
Návštěvník
Příspěvky: 121
Registrován: 17 lis 2011 12:20

Re: Prosím o pomoc, vir Rootkit.Agent.NUS Trojský kůň

#78 Příspěvek od chris.h »

Taky přeji dobré dopoledne :)

snad to bude všechno...

http://www.uloz.to/11262872/nova-slozka-rar

CF odinstalován, v tom AVG mi tam najede nějaká jiná strana... http://www.avg.com/cz-cs/avg-pctuneup

T-cleaner vše úspěšně smazal...

v cmd jsem zadala, ale jen tam bliklo nějaké černé okno... nevím co tam bylo napsáno...
Nahoru
chris.h
Návštěvník
Návštěvník
Příspěvky: 121
Registrován: 17 lis 2011 12:20

Re: Prosím o pomoc, vir Rootkit.Agent.NUS Trojský kůň

#79 Příspěvek od chris.h »

plocha.rar
(157.89 KiB) Staženo 34 x
Nahoru
chris.h
Návštěvník
Návštěvník
Příspěvky: 121
Registrován: 17 lis 2011 12:20

Re: Prosím o pomoc, vir Rootkit.Agent.NUS Trojský kůň

#80 Příspěvek od chris.h »

nn, není tam...
Nahoru
chris.h
Návštěvník
Návštěvník
Příspěvky: 121
Registrován: 17 lis 2011 12:20

Re: Prosím o pomoc, vir Rootkit.Agent.NUS Trojský kůň

#81 Příspěvek od chris.h »

SystemLook 30.07.11 by jpshortstuff
Log created at 12:13 on 24/11/2011 by OEM
Administrator - Elevation successful

========== filefind ==========

Searching for "IPSSVC.exe"
C:\SWTOOLS\APPS\AWAYTASK\AwayTask\IPSSVC.exe ------- 108080 bytes [12:15 02/03/2007] [03:05 30/01/2007] 00D8E9DAEBE72A5DF3986FD418A995EB

Searching for "IPSSVC.*"
C:\SWTOOLS\APPS\AWAYTASK\AwayTask\IPSSVC.exe ------- 108080 bytes [12:15 02/03/2007] [03:05 30/01/2007] 00D8E9DAEBE72A5DF3986FD418A995EB

-= EOF =-
Nahoru
chris.h
Návštěvník
Návštěvník
Příspěvky: 121
Registrován: 17 lis 2011 12:20

Re: Prosím o pomoc, vir Rootkit.Agent.NUS Trojský kůň

#82 Příspěvek od chris.h »

Snad to vše zvládnu správně :?:

do večera tu výsledek určitě bude... :)

Tak zatím :)
Nahoru
Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15712
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Prosím o pomoc, vir Rootkit.Agent.NUS Trojský kůň

#83 Příspěvek od JaRon »

mam len doplnujucu otazku:
bol restartovany router :???: staci vypnut na 2 min a potom zapnut
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Nahoru
chris.h
Návštěvník
Návštěvník
Příspěvky: 121
Registrován: 17 lis 2011 12:20

Re: Prosím o pomoc, vir Rootkit.Agent.NUS Trojský kůň

#84 Příspěvek od chris.h »

Tak tady je ten report:

SystemLook 30.07.11 by jpshortstuff
Log created at 13:14 on 24/11/2011 by OEM
Administrator - Elevation successful

========== filefind ==========

Searching for "pmemnt.sys"
C:\WINDOWS\system32\drivers\pmemnt.sys ------- 7012 bytes [21:22 20/11/2007] [21:22 20/11/2007] DEDEF40E1D05842639491365CB2C069E

Searching for "smihlp.sys"
C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys ------- 11152 bytes [21:10 14/03/2007] [21:10 14/03/2007] 350483C5A139F8A39ED3191AFF39BED0

Searching for "NSDriver.sys"
No files found.

Searching for "BTNetFilter.sys"
C:\Program Files\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys --a---- 22416 bytes [12:41 22/11/2006] [12:41 22/11/2006] 4F26303BECBB7CC5CA8FF39593124CF2
C:\WINDOWS\system32\drivers\BTNetFilter.sys --a---- 22416 bytes [12:41 22/11/2006] [12:41 22/11/2006] 4F26303BECBB7CC5CA8FF39593124CF2

Searching for "btwusb.sys"
C:\SWTOOLS\DRIVERS\TPBTooth\Win32\drivers\btwusb.sys ------- 67960 bytes [21:05 20/11/2007] [09:27 24/01/2007] 57E91E9925976BBC98984EEBAAF1D84C
C:\SWTOOLS\DRIVERS\TPBTooth\Win32\drivers9x\btwusb.sys ------- 67960 bytes [21:05 20/11/2007] [09:27 24/01/2007] 57E91E9925976BBC98984EEBAAF1D84C
C:\SWTOOLS\DRIVERS\TPBTooth\Win64\drivers\btwusb.sys ------- 64128 bytes [21:05 20/11/2007] [09:31 24/01/2007] 1334ABDA77927D2CD78D83C588FC3C18

Searching for "catchme.sys"
No files found.

Searching for "dtscsi.sys"
No files found.

Searching for "mbamswissarmy.sys"
No files found.

Searching for "sptd.sys"
No files found.

Searching for "ASCService.exe"
No files found.

Searching for "ApplicationUpdater.exe "
No files found.

Searching for "BlueSoleilCS.exe"
No files found.

Searching for "BsMobileCS.exe"
No files found.

Searching for "EvtEng.exe"
No files found.

Searching for "ibmpmsvc.exe "
C:\drivers\other\x64\ibmpmsvc.exe ------- 43568 bytes [04:50 21/11/2007] [10:09 27/02/2007] 49C31080D9140678DF42ACAAC318CDF9
C:\drivers\other\x86\ibmpmsvc.exe ------- 36400 bytes [04:50 21/11/2007] [10:09 27/02/2007] C5764B846D2AE8EA9327F910EC7648F3
C:\SWTOOLS\DRIVERS\IBMPM\x64\ibmpmsvc.exe ------- 43568 bytes [08:34 12/03/2007] [10:09 27/02/2007] 49C31080D9140678DF42ACAAC318CDF9
C:\SWTOOLS\DRIVERS\IBMPM\x86\ibmpmsvc.exe ------- 36400 bytes [08:34 12/03/2007] [10:09 27/02/2007] C5764B846D2AE8EA9327F910EC7648F3

Searching for "IPSSVC.EXE "
C:\SWTOOLS\APPS\AWAYTASK\AwayTask\IPSSVC.exe ------- 108080 bytes [12:15 02/03/2007] [03:05 30/01/2007] 00D8E9DAEBE72A5DF3986FD418A995EB

Searching for "jqs.conf "
C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf --a---- 41208 bytes [18:45 17/03/2011] [18:45 17/03/2011] 22BFEC4CDA101FEDCC4E6292ACB9A8EF

Searching for "RegSrvc.exe "
No files found.

Searching for "S24EvMon.exe "
No files found.

Searching for "suservice.exe "
No files found.

Searching for "tvt_reg_monitor_svc.exe "
No files found.

Searching for "TPHDEXLG.exe "
No files found.

Searching for "rrpservice.exe "
No files found.

Searching for "rrservice.exe "
No files found.

Searching for "tvtsched.exe"
No files found.

Searching for "IUService.exe "
No files found.

Searching for "GoogleUpdaterService.exe "
No files found.

Searching for "HCYDLAH.exe "
No files found.

Searching for "NMIndexingService.exe "
No files found.

Searching for "/////"
No files found.

Searching for "5566"
No files found.

Searching for "dalsi"
No files found.

Searching for "konec"
No files found.

-= EOF =-

bat
bat.rar
(178.01 KiB) Staženo 21 x
a zrovna ty dva nenašel...
Nahoru
chris.h
Návštěvník
Návštěvník
Příspěvky: 121
Registrován: 17 lis 2011 12:20

Re: Prosím o pomoc, vir Rootkit.Agent.NUS Trojský kůň

#85 Příspěvek od chris.h »

Restartovala jsem, ale nepomohlo to...
Nahoru
chris.h
Návštěvník
Návštěvník
Příspěvky: 121
Registrován: 17 lis 2011 12:20

Re: Prosím o pomoc, vir Rootkit.Agent.NUS Trojský kůň

#86 Příspěvek od chris.h »

Tak ten IObit nejde odinstalovat... mi přijde, že tam nejde odinstalovat nic... zase to háže hlášku, že instalační služba není přístupná...
Nahoru
chris.h
Návštěvník
Návštěvník
Příspěvky: 121
Registrován: 17 lis 2011 12:20

Re: Prosím o pomoc, vir Rootkit.Agent.NUS Trojský kůň

#87 Příspěvek od chris.h »

Ještě před tím jsem spustila CF a pak i ten s tím CFScript. Zasílám oba...

První


ComboFix 11-11-24.01 - OEM 24.11.2011 23:02:14.8.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.415 [GMT 1:00]
Spuštěný z: c:\documents and settings\OEM\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-24 do 2011-11-24 )))))))))))))))))))))))))))))))
.
.
2011-11-24 07:57 . 2008-04-14 07:51 155136 ------w- c:\windows\system32\mssha.dll
2011-11-24 07:53 . 2011-11-24 07:58 -------- d-----w- c:\windows\ServicePackFiles
2011-11-24 07:45 . 2006-12-28 23:31 19569 ----a-w- c:\windows\002734_.tmp
2011-11-23 21:58 . 2011-11-23 21:58 -------- d-----w- c:\documents and settings\OEM\Data aplikací\Malwarebytes
2011-11-23 21:58 . 2011-11-23 21:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-11-23 21:58 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 21:58 . 2011-11-23 22:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-20 23:49 . 2008-05-19 06:57 95744 ----a-w- c:\windows\system32\msiexec.exe
2011-11-20 23:49 . 2008-06-20 11:40 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-11-20 10:31 . 2011-11-20 10:31 35712 ----a-w- c:\windows\system32\drivers\BlackBox.sys
2011-11-19 13:37 . 2011-11-19 13:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-11-18 11:22 . 2011-11-17 22:57 133208 ----a-w- c:\windows\system32\drivers\10418741.sys
2011-11-17 20:38 . 2011-11-17 22:57 133208 ----a-w- c:\windows\system32\drivers\44042542.sys
2011-11-17 16:38 . 2011-11-24 09:28 -------- d-----w- c:\program files\trend micro
2011-11-17 14:59 . 2011-11-18 08:19 -------- d-----w- c:\documents and settings\OEM\Data aplikací\AVI ReComp
2011-11-17 14:58 . 2011-11-17 14:58 -------- d-----w- c:\program files\Gabest
2011-11-17 14:58 . 2011-11-17 14:58 -------- d-----w- c:\program files\Xvid
2011-11-17 14:57 . 2011-11-17 14:57 -------- d-----w- c:\program files\AviSynth 2.5
2011-11-17 14:54 . 2011-11-17 14:58 -------- d-----w- c:\program files\AVI ReComp
2011-11-17 14:45 . 2011-11-17 14:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\ESET
2011-11-17 11:55 . 2011-11-17 11:55 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2011-11-17 11:48 . 2011-11-17 11:48 -------- d-----w- c:\program files\ESET
2011-11-17 09:09 . 2011-11-17 11:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-11-16 18:37 . 2011-11-17 12:35 -------- d-sh--w- c:\documents and settings\OEM\Local Settings\Data aplikací\632ff156
2011-11-08 08:54 . 2011-11-08 09:58 -------- d-----w- c:\program files\WAS
2011-10-30 18:14 . 2011-10-30 18:14 -------- d-----w- c:\documents and settings\OEM\Data aplikací\Search Settings
2011-10-30 18:13 . 2011-11-17 12:47 -------- d-----w- c:\program files\Application Updater
2011-10-30 18:13 . 2011-10-30 18:13 -------- d-----w- c:\program files\IObit Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 18:31 . 2011-10-24 18:31 89680 ----a-w- c:\documents and settings\OEM\MSSSerif120.fon
2011-10-24 18:31 . 2011-10-24 18:31 64544 ----a-w- c:\documents and settings\OEM\MSSSerif96.fon
2011-11-11 22:07 . 2011-04-30 04:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 19:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-04-12 196608]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-04-12 208896]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 58416]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-05 172032]
"TpShocks"="TpShocks.exe" [2007-03-29 181808]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 131072]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 536576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"ISUSPM Startup"="c:\program files\Common Files\Installshield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-03-22 120368]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-23 887976]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-08 3076144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstall ... er=9.0.894" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\OEM\Nabídka Start\Programy\Po spuštění\
AccuWeather.lnk - c:\documents and settings\OEM\Dokumenty\AccuWeather.com Stratus\AccuWeather.com Stratus.exe [2011-8-18 142848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-14 21:17 89600 ------w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
2009-02-27 16:04 278016 ----a-w- c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update]
2009-01-14 13:49 113680 ----a-w- c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2011-04-28 07:59 220552 ----a-w- c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Common Files\\Adobe AIR\\Versions\\1.0\\Resources\\Adobe AIR Updater.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\IObit\\Advanced SystemCare 4\\ASC.exe"=
"c:\\Program Files\\IObit\\Advanced SystemCare 4\\AutoUpdate.exe"=
"c:\\Documents and Settings\\OEM\\Dokumenty\\AccuWeather.com Stratus\\AccuWeather.com Stratus.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\MFAData\\SelfUpd\\avgmfapx.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Ask.com\\Updater\\Updater.exe"=
"c:\\Program Files\\AVI ReComp\\AVIReComp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 23:39 20744]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2.3.2007 17:47 19760]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [8.9.2011 7:34 974944]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [14.3.2007 22:10 11152]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 12:44 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 14:58 26248]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [13.9.2006 12:42 35264]
S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe --> c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [?]
S2 Application Updater;Application Updater;"c:\program files\Application Updater\ApplicationUpdater.exe" --> c:\program files\Application Updater\ApplicationUpdater.exe [?]
S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe --> c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [?]
S2 TVT Backup Protection Service;TVT Backup Protection Service;"c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe" --> c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [?]
S3 HCYDLAH;HCYDLAH;c:\docume~1\OEM\LOCALS~1\Temp\HCYDLAH.exe --> c:\docume~1\OEM\LOCALS~1\Temp\HCYDLAH.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-24 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-08-10 14:40]
.
2011-11-24 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-11-20 16:15]
.
2007-11-20 c:\windows\Tasks\Připomenutí registrace 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-11-20 07:52]
.
2007-11-20 c:\windows\Tasks\Připomenutí registrace 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-11-20 07:52]
.
2011-11-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-08-23 19:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.09\AMVConverter\grab.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.09\MediaManager\grab.html
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: DhcpNameServer = 212.80.66.7
FF - ProfilePath - c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\6jts2rqn.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=en_EU&apn_uid=0e4ab43d-827c-4778-b5c5-ceeb7f5719f5&apn_ptnrs=^AAA&apn_sauid=A361D9EB-CC1A-4B61-B407-66CFE0F66674&apn_dtid=^YYYYYY^YY^CZ&&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-24 23:07
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
.
- - - - - - - > 'lsass.exe'(1068)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
.
Celkový čas: 2011-11-24 23:09:18
ComboFix-quarantined-files.txt 2011-11-24 22:09
.
Před spuštěním: Volných bajtů: 24 299 503 616
Po spuštění: Volných bajtů: 24 671 944 704
.
- - End Of File - - 6AE8F24EA8C10C642076D41318D339D1
Nahoru
chris.h
Návštěvník
Návštěvník
Příspěvky: 121
Registrován: 17 lis 2011 12:20

Re: Prosím o pomoc, vir Rootkit.Agent.NUS Trojský kůň

#88 Příspěvek od chris.h »

Ještě před tím jsem spustila CF a pak i ten s tím CFScript. Zasílám oba...

První


ComboFix 11-11-24.01 - OEM 24.11.2011 23:02:14.8.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.415 [GMT 1:00]
Spuštěný z: c:\documents and settings\OEM\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-24 do 2011-11-24 )))))))))))))))))))))))))))))))
.
.
2011-11-24 07:57 . 2008-04-14 07:51 155136 ------w- c:\windows\system32\mssha.dll
2011-11-24 07:53 . 2011-11-24 07:58 -------- d-----w- c:\windows\ServicePackFiles
2011-11-24 07:45 . 2006-12-28 23:31 19569 ----a-w- c:\windows\002734_.tmp
2011-11-23 21:58 . 2011-11-23 21:58 -------- d-----w- c:\documents and settings\OEM\Data aplikací\Malwarebytes
2011-11-23 21:58 . 2011-11-23 21:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-11-23 21:58 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 21:58 . 2011-11-23 22:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-20 23:49 . 2008-05-19 06:57 95744 ----a-w- c:\windows\system32\msiexec.exe
2011-11-20 23:49 . 2008-06-20 11:40 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-11-20 10:31 . 2011-11-20 10:31 35712 ----a-w- c:\windows\system32\drivers\BlackBox.sys
2011-11-19 13:37 . 2011-11-19 13:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-11-18 11:22 . 2011-11-17 22:57 133208 ----a-w- c:\windows\system32\drivers\10418741.sys
2011-11-17 20:38 . 2011-11-17 22:57 133208 ----a-w- c:\windows\system32\drivers\44042542.sys
2011-11-17 16:38 . 2011-11-24 09:28 -------- d-----w- c:\program files\trend micro
2011-11-17 14:59 . 2011-11-18 08:19 -------- d-----w- c:\documents and settings\OEM\Data aplikací\AVI ReComp
2011-11-17 14:58 . 2011-11-17 14:58 -------- d-----w- c:\program files\Gabest
2011-11-17 14:58 . 2011-11-17 14:58 -------- d-----w- c:\program files\Xvid
2011-11-17 14:57 . 2011-11-17 14:57 -------- d-----w- c:\program files\AviSynth 2.5
2011-11-17 14:54 . 2011-11-17 14:58 -------- d-----w- c:\program files\AVI ReComp
2011-11-17 14:45 . 2011-11-17 14:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\ESET
2011-11-17 11:55 . 2011-11-17 11:55 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2011-11-17 11:48 . 2011-11-17 11:48 -------- d-----w- c:\program files\ESET
2011-11-17 09:09 . 2011-11-17 11:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-11-16 18:37 . 2011-11-17 12:35 -------- d-sh--w- c:\documents and settings\OEM\Local Settings\Data aplikací\632ff156
2011-11-08 08:54 . 2011-11-08 09:58 -------- d-----w- c:\program files\WAS
2011-10-30 18:14 . 2011-10-30 18:14 -------- d-----w- c:\documents and settings\OEM\Data aplikací\Search Settings
2011-10-30 18:13 . 2011-11-17 12:47 -------- d-----w- c:\program files\Application Updater
2011-10-30 18:13 . 2011-10-30 18:13 -------- d-----w- c:\program files\IObit Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 18:31 . 2011-10-24 18:31 89680 ----a-w- c:\documents and settings\OEM\MSSSerif120.fon
2011-10-24 18:31 . 2011-10-24 18:31 64544 ----a-w- c:\documents and settings\OEM\MSSSerif96.fon
2011-11-11 22:07 . 2011-04-30 04:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 19:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-04-12 196608]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-04-12 208896]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 58416]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-05 172032]
"TpShocks"="TpShocks.exe" [2007-03-29 181808]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 131072]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 536576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"ISUSPM Startup"="c:\program files\Common Files\Installshield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-03-22 120368]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-23 887976]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-08 3076144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstall ... er=9.0.894" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\OEM\Nabídka Start\Programy\Po spuštění\
AccuWeather.lnk - c:\documents and settings\OEM\Dokumenty\AccuWeather.com Stratus\AccuWeather.com Stratus.exe [2011-8-18 142848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-14 21:17 89600 ------w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
2009-02-27 16:04 278016 ----a-w- c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update]
2009-01-14 13:49 113680 ----a-w- c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2011-04-28 07:59 220552 ----a-w- c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Common Files\\Adobe AIR\\Versions\\1.0\\Resources\\Adobe AIR Updater.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\IObit\\Advanced SystemCare 4\\ASC.exe"=
"c:\\Program Files\\IObit\\Advanced SystemCare 4\\AutoUpdate.exe"=
"c:\\Documents and Settings\\OEM\\Dokumenty\\AccuWeather.com Stratus\\AccuWeather.com Stratus.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\MFAData\\SelfUpd\\avgmfapx.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Ask.com\\Updater\\Updater.exe"=
"c:\\Program Files\\AVI ReComp\\AVIReComp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 23:39 20744]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2.3.2007 17:47 19760]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [8.9.2011 7:34 974944]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [14.3.2007 22:10 11152]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 12:44 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 14:58 26248]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [13.9.2006 12:42 35264]
S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe --> c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [?]
S2 Application Updater;Application Updater;"c:\program files\Application Updater\ApplicationUpdater.exe" --> c:\program files\Application Updater\ApplicationUpdater.exe [?]
S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe --> c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [?]
S2 TVT Backup Protection Service;TVT Backup Protection Service;"c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe" --> c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [?]
S3 HCYDLAH;HCYDLAH;c:\docume~1\OEM\LOCALS~1\Temp\HCYDLAH.exe --> c:\docume~1\OEM\LOCALS~1\Temp\HCYDLAH.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-24 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-08-10 14:40]
.
2011-11-24 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-11-20 16:15]
.
2007-11-20 c:\windows\Tasks\Připomenutí registrace 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-11-20 07:52]
.
2007-11-20 c:\windows\Tasks\Připomenutí registrace 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-11-20 07:52]
.
2011-11-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-08-23 19:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.09\AMVConverter\grab.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.09\MediaManager\grab.html
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: DhcpNameServer = 212.80.66.7
FF - ProfilePath - c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\6jts2rqn.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=en_EU&apn_uid=0e4ab43d-827c-4778-b5c5-ceeb7f5719f5&apn_ptnrs=^AAA&apn_sauid=A361D9EB-CC1A-4B61-B407-66CFE0F66674&apn_dtid=^YYYYYY^YY^CZ&&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-24 23:07
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
.
- - - - - - - > 'lsass.exe'(1068)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
.
Celkový čas: 2011-11-24 23:09:18
ComboFix-quarantined-files.txt 2011-11-24 22:09
.
Před spuštěním: Volných bajtů: 24 299 503 616
Po spuštění: Volných bajtů: 24 671 944 704
.
- - End Of File - - 6AE8F24EA8C10C642076D41318D339D1
Nahoru
chris.h
Návštěvník
Návštěvník
Příspěvky: 121
Registrován: 17 lis 2011 12:20

Re: Prosím o pomoc, vir Rootkit.Agent.NUS Trojský kůň

#89 Příspěvek od chris.h »

Druhý:


ComboFix 11-11-24.01 - OEM 24.11.2011 23:14:06.9.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.366 [GMT 1:00]
Spuštěný z: c:\documents and settings\OEM\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\OEM\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe . . . je infikován!!
.
c:\program files\Intel\Wireless\Bin\RegSrvc.exe . . . je infikován!!
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe . . . je infikován!!
.
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe . . . je infikován!!
.
c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe . . . je infikován!!
.
Nakažená kopie c:\windows\system32\msiexec.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\msiexec.exe
.
.
--------------- FCopy ---------------
.
c:\swtools\DRIVERS\TPBTooth\Win32\drivers\btwusb.sys --> c:\windows\System32\Drivers\btwusb.sys
c:\drivers\other\x86\ibmpmsvc.exe --> c:\windows\system32\ibmpmsvc.exe
c:\swtools\APPS\AWAYTASK\AwayTask\IPSSVC.exe --> c:\windows\system32\IPSSVC.EXE
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-24 do 2011-11-24 )))))))))))))))))))))))))))))))
.
.
2011-11-24 22:13 . 2007-02-27 10:09 36400 ----a-w- c:\windows\system32\ibmpmsvc.exe
2011-11-24 22:13 . 2007-01-24 09:27 67960 ----a-w- c:\windows\system32\drivers\btwusb.sys
2011-11-24 12:19 . 2007-01-30 03:05 108080 ----a-w- c:\windows\system32\IPSSVC.EXE
2011-11-24 07:57 . 2008-04-14 07:51 155136 ------w- c:\windows\system32\mssha.dll
2011-11-24 07:53 . 2011-11-24 07:58 -------- d-----w- c:\windows\ServicePackFiles
2011-11-24 07:45 . 2006-12-28 23:31 19569 ----a-w- c:\windows\002734_.tmp
2011-11-23 21:58 . 2011-11-23 21:58 -------- d-----w- c:\documents and settings\OEM\Data aplikací\Malwarebytes
2011-11-23 21:58 . 2011-11-23 21:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-11-23 21:58 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 21:58 . 2011-11-23 22:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-20 23:49 . 2008-04-14 07:52 78848 ----a-w- c:\windows\system32\msiexec.exe
2011-11-20 23:49 . 2008-06-20 11:40 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-11-20 10:31 . 2011-11-20 10:31 35712 ----a-w- c:\windows\system32\drivers\BlackBox.sys
2011-11-19 13:37 . 2011-11-19 13:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-11-18 11:22 . 2011-11-17 22:57 133208 ----a-w- c:\windows\system32\drivers\10418741.sys
2011-11-17 20:38 . 2011-11-17 22:57 133208 ----a-w- c:\windows\system32\drivers\44042542.sys
2011-11-17 16:38 . 2011-11-24 09:28 -------- d-----w- c:\program files\trend micro
2011-11-17 14:59 . 2011-11-18 08:19 -------- d-----w- c:\documents and settings\OEM\Data aplikací\AVI ReComp
2011-11-17 14:58 . 2011-11-17 14:58 -------- d-----w- c:\program files\Gabest
2011-11-17 14:58 . 2011-11-17 14:58 -------- d-----w- c:\program files\Xvid
2011-11-17 14:57 . 2011-11-17 14:57 -------- d-----w- c:\program files\AviSynth 2.5
2011-11-17 14:54 . 2011-11-17 14:58 -------- d-----w- c:\program files\AVI ReComp
2011-11-17 14:45 . 2011-11-17 14:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\ESET
2011-11-17 11:55 . 2011-11-17 11:55 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2011-11-17 11:48 . 2011-11-17 11:48 -------- d-----w- c:\program files\ESET
2011-11-17 09:09 . 2011-11-17 11:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-11-16 18:37 . 2011-11-17 12:35 -------- d-sh--w- c:\documents and settings\OEM\Local Settings\Data aplikací\632ff156
2011-11-08 08:54 . 2011-11-08 09:58 -------- d-----w- c:\program files\WAS
2011-10-30 18:14 . 2011-10-30 18:14 -------- d-----w- c:\documents and settings\OEM\Data aplikací\Search Settings
2011-10-30 18:13 . 2011-11-17 12:47 -------- d-----w- c:\program files\Application Updater
2011-10-30 18:13 . 2011-10-30 18:13 -------- d-----w- c:\program files\IObit Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 18:31 . 2011-10-24 18:31 89680 ----a-w- c:\documents and settings\OEM\MSSSerif120.fon
2011-10-24 18:31 . 2011-10-24 18:31 64544 ----a-w- c:\documents and settings\OEM\MSSSerif96.fon
2011-11-11 22:07 . 2011-04-30 04:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 19:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-04-12 196608]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-04-12 208896]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 58416]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-05 172032]
"TpShocks"="TpShocks.exe" [2007-03-29 181808]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 131072]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 536576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"ISUSPM Startup"="c:\program files\Common Files\Installshield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-03-22 120368]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-23 887976]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-08 3076144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstall ... er=9.0.894" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\OEM\Nabídka Start\Programy\Po spuštění\
AccuWeather.lnk - c:\documents and settings\OEM\Dokumenty\AccuWeather.com Stratus\AccuWeather.com Stratus.exe [2011-8-18 142848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-14 21:17 89600 ------w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
2009-02-27 16:04 278016 ----a-w- c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update]
2009-01-14 13:49 113680 ----a-w- c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2011-04-28 07:59 220552 ----a-w- c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Common Files\\Adobe AIR\\Versions\\1.0\\Resources\\Adobe AIR Updater.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\IObit\\Advanced SystemCare 4\\ASC.exe"=
"c:\\Program Files\\IObit\\Advanced SystemCare 4\\AutoUpdate.exe"=
"c:\\Documents and Settings\\OEM\\Dokumenty\\AccuWeather.com Stratus\\AccuWeather.com Stratus.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\MFAData\\SelfUpd\\avgmfapx.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Ask.com\\Updater\\Updater.exe"=
"c:\\Program Files\\AVI ReComp\\AVIReComp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 23:39 20744]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2.3.2007 17:47 19760]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [8.9.2011 7:34 974944]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [14.3.2007 22:10 11152]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 12:44 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 14:58 26248]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [13.9.2006 12:42 35264]
S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe --> c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [?]
S2 Application Updater;Application Updater;"c:\program files\Application Updater\ApplicationUpdater.exe" --> c:\program files\Application Updater\ApplicationUpdater.exe [?]
S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe --> c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [?]
S2 TVT Backup Protection Service;TVT Backup Protection Service;"c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe" --> c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [?]
S3 HCYDLAH;HCYDLAH;c:\docume~1\OEM\LOCALS~1\Temp\HCYDLAH.exe --> c:\docume~1\OEM\LOCALS~1\Temp\HCYDLAH.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-24 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-08-10 14:40]
.
2011-11-24 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-11-20 16:15]
.
2007-11-20 c:\windows\Tasks\Připomenutí registrace 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-11-20 07:52]
.
2007-11-20 c:\windows\Tasks\Připomenutí registrace 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-11-20 07:52]
.
2011-11-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-08-23 19:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.09\AMVConverter\grab.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.09\MediaManager\grab.html
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: DhcpNameServer = 212.80.66.7
FF - ProfilePath - c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\6jts2rqn.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=en_EU&apn_uid=0e4ab43d-827c-4778-b5c5-ceeb7f5719f5&apn_ptnrs=^AAA&apn_sauid=A361D9EB-CC1A-4B61-B407-66CFE0F66674&apn_dtid=^YYYYYY^YY^CZ&&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-24 23:23
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1016)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
.
- - - - - - - > 'lsass.exe'(1072)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\system32\IPSSVC.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-11-24 23:28:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-24 22:28
ComboFix2.txt 2011-11-24 22:09
.
Před spuštěním: Volných bajtů: 24 692 531 200
Po spuštění: Volných bajtů: 24 647 598 080
.
- - End Of File - - 5DD2D973D128A31CFEACEB2CBA9DB4E6
Nahoru
chris.h
Návštěvník
Návštěvník
Příspěvky: 121
Registrován: 17 lis 2011 12:20

Re: Prosím o pomoc, vir Rootkit.Agent.NUS Trojský kůň

#90 Příspěvek od chris.h »

Druhý:


ComboFix 11-11-24.01 - OEM 24.11.2011 23:14:06.9.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.366 [GMT 1:00]
Spuštěný z: c:\documents and settings\OEM\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\OEM\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe . . . je infikován!!
.
c:\program files\Intel\Wireless\Bin\RegSrvc.exe . . . je infikován!!
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe . . . je infikován!!
.
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe . . . je infikován!!
.
c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe . . . je infikován!!
.
Nakažená kopie c:\windows\system32\msiexec.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\msiexec.exe
.
.
--------------- FCopy ---------------
.
c:\swtools\DRIVERS\TPBTooth\Win32\drivers\btwusb.sys --> c:\windows\System32\Drivers\btwusb.sys
c:\drivers\other\x86\ibmpmsvc.exe --> c:\windows\system32\ibmpmsvc.exe
c:\swtools\APPS\AWAYTASK\AwayTask\IPSSVC.exe --> c:\windows\system32\IPSSVC.EXE
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-24 do 2011-11-24 )))))))))))))))))))))))))))))))
.
.
2011-11-24 22:13 . 2007-02-27 10:09 36400 ----a-w- c:\windows\system32\ibmpmsvc.exe
2011-11-24 22:13 . 2007-01-24 09:27 67960 ----a-w- c:\windows\system32\drivers\btwusb.sys
2011-11-24 12:19 . 2007-01-30 03:05 108080 ----a-w- c:\windows\system32\IPSSVC.EXE
2011-11-24 07:57 . 2008-04-14 07:51 155136 ------w- c:\windows\system32\mssha.dll
2011-11-24 07:53 . 2011-11-24 07:58 -------- d-----w- c:\windows\ServicePackFiles
2011-11-24 07:45 . 2006-12-28 23:31 19569 ----a-w- c:\windows\002734_.tmp
2011-11-23 21:58 . 2011-11-23 21:58 -------- d-----w- c:\documents and settings\OEM\Data aplikací\Malwarebytes
2011-11-23 21:58 . 2011-11-23 21:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-11-23 21:58 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 21:58 . 2011-11-23 22:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-20 23:49 . 2008-04-14 07:52 78848 ----a-w- c:\windows\system32\msiexec.exe
2011-11-20 23:49 . 2008-06-20 11:40 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-11-20 10:31 . 2011-11-20 10:31 35712 ----a-w- c:\windows\system32\drivers\BlackBox.sys
2011-11-19 13:37 . 2011-11-19 13:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2011-11-18 11:22 . 2011-11-17 22:57 133208 ----a-w- c:\windows\system32\drivers\10418741.sys
2011-11-17 20:38 . 2011-11-17 22:57 133208 ----a-w- c:\windows\system32\drivers\44042542.sys
2011-11-17 16:38 . 2011-11-24 09:28 -------- d-----w- c:\program files\trend micro
2011-11-17 14:59 . 2011-11-18 08:19 -------- d-----w- c:\documents and settings\OEM\Data aplikací\AVI ReComp
2011-11-17 14:58 . 2011-11-17 14:58 -------- d-----w- c:\program files\Gabest
2011-11-17 14:58 . 2011-11-17 14:58 -------- d-----w- c:\program files\Xvid
2011-11-17 14:57 . 2011-11-17 14:57 -------- d-----w- c:\program files\AviSynth 2.5
2011-11-17 14:54 . 2011-11-17 14:58 -------- d-----w- c:\program files\AVI ReComp
2011-11-17 14:45 . 2011-11-17 14:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\ESET
2011-11-17 11:55 . 2011-11-17 11:55 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2011-11-17 11:48 . 2011-11-17 11:48 -------- d-----w- c:\program files\ESET
2011-11-17 09:09 . 2011-11-17 11:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-11-16 18:37 . 2011-11-17 12:35 -------- d-sh--w- c:\documents and settings\OEM\Local Settings\Data aplikací\632ff156
2011-11-08 08:54 . 2011-11-08 09:58 -------- d-----w- c:\program files\WAS
2011-10-30 18:14 . 2011-10-30 18:14 -------- d-----w- c:\documents and settings\OEM\Data aplikací\Search Settings
2011-10-30 18:13 . 2011-11-17 12:47 -------- d-----w- c:\program files\Application Updater
2011-10-30 18:13 . 2011-10-30 18:13 -------- d-----w- c:\program files\IObit Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 18:31 . 2011-10-24 18:31 89680 ----a-w- c:\documents and settings\OEM\MSSSerif120.fon
2011-10-24 18:31 . 2011-10-24 18:31 64544 ----a-w- c:\documents and settings\OEM\MSSSerif96.fon
2011-11-11 22:07 . 2011-04-30 04:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 19:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-04-12 196608]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-04-12 208896]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 58416]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-05 172032]
"TpShocks"="TpShocks.exe" [2007-03-29 181808]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 131072]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 536576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"ISUSPM Startup"="c:\program files\Common Files\Installshield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-03-22 120368]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-23 887976]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-08 3076144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstall ... er=9.0.894" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\OEM\Nabídka Start\Programy\Po spuštění\
AccuWeather.lnk - c:\documents and settings\OEM\Dokumenty\AccuWeather.com Stratus\AccuWeather.com Stratus.exe [2011-8-18 142848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-14 21:17 89600 ------w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
2009-02-27 16:04 278016 ----a-w- c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update]
2009-01-14 13:49 113680 ----a-w- c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2011-04-28 07:59 220552 ----a-w- c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Common Files\\Adobe AIR\\Versions\\1.0\\Resources\\Adobe AIR Updater.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\IObit\\Advanced SystemCare 4\\ASC.exe"=
"c:\\Program Files\\IObit\\Advanced SystemCare 4\\AutoUpdate.exe"=
"c:\\Documents and Settings\\OEM\\Dokumenty\\AccuWeather.com Stratus\\AccuWeather.com Stratus.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\MFAData\\SelfUpd\\avgmfapx.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Ask.com\\Updater\\Updater.exe"=
"c:\\Program Files\\AVI ReComp\\AVIReComp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7.1.2009 23:39 20744]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2.3.2007 17:47 19760]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [8.9.2011 7:34 974944]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [14.3.2007 22:10 11152]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 12:44 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 14:58 26248]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [13.9.2006 12:42 35264]
S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe --> c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [?]
S2 Application Updater;Application Updater;"c:\program files\Application Updater\ApplicationUpdater.exe" --> c:\program files\Application Updater\ApplicationUpdater.exe [?]
S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe --> c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [?]
S2 TVT Backup Protection Service;TVT Backup Protection Service;"c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe" --> c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [?]
S3 HCYDLAH;HCYDLAH;c:\docume~1\OEM\LOCALS~1\Temp\HCYDLAH.exe --> c:\docume~1\OEM\LOCALS~1\Temp\HCYDLAH.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-24 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-08-10 14:40]
.
2011-11-24 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-11-20 16:15]
.
2007-11-20 c:\windows\Tasks\Připomenutí registrace 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-11-20 07:52]
.
2007-11-20 c:\windows\Tasks\Připomenutí registrace 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-11-20 07:52]
.
2011-11-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-08-23 19:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.09\AMVConverter\grab.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.09\MediaManager\grab.html
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: DhcpNameServer = 212.80.66.7
FF - ProfilePath - c:\documents and settings\OEM\Data aplikací\Mozilla\Firefox\Profiles\6jts2rqn.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=en_EU&apn_uid=0e4ab43d-827c-4778-b5c5-ceeb7f5719f5&apn_ptnrs=^AAA&apn_sauid=A361D9EB-CC1A-4B61-B407-66CFE0F66674&apn_dtid=^YYYYYY^YY^CZ&&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-24 23:23
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1016)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
.
- - - - - - - > 'lsass.exe'(1072)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\system32\IPSSVC.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-11-24 23:28:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-24 22:28
ComboFix2.txt 2011-11-24 22:09
.
Před spuštěním: Volných bajtů: 24 692 531 200
Po spuštění: Volných bajtů: 24 647 598 080
.
- - End Of File - - 5DD2D973D128A31CFEACEB2CBA9DB4E6
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“