Prosim o kontrolu

Zpráva

aswed · #1 Příspěvek od **aswed** » 01 úno 2012 08:39

Dobry den,

Prosim o kontrolu logu, za par dni budu reinstalovat pc. Jedna se mi hlavne o kontrolu viru na disku D kde mam veskera data (jeden disk v ntbk rozdelen na dve casti). Nedavno mi antivir cosi hlasil pri brouzdani internetem, bohuzel dokoncoval jsem diplomou praci a uz nevim na co sem kliknul ani co to psalo (pouzival jsem NOD bohuzel mi vyprsela licence). Prikladam log jak z Hijackthis tak MWAV. Nevim jestli toto je spravny postup na hledani viru mimo systemovy disk.Pripade nejasnosti rad doplnim. Dekuji

Object "AntiMalware Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Spyware.Borzoi Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Spyware.Borzoi Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Spyware.Borzoi Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "NULLBYTE Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Spyware.Borzoi Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Spyware.Borzoi Spyware/Adware" found in File System! Action Taken: No Action Taken.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:42:29, on 1.2.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TotalCmd\TOTALCMD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Install\Antiviry\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/sm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [LenovoAutoScrollUtility] C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7500107828
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 15320 bytes

#2 Příspěvek od **vyosek** » 01 úno 2012 11:14

Zdravim a pekny den preji

Odinstalujte ICQToolBar a facemoods Toolbar a tez facemoods samotne

Dejte log z RSIT http://www.viry.cz/forum/viewtopic.php?f=13&t=105895 - je podrobnejsi nez HJT

aswed · #3 Příspěvek od **aswed** » 01 úno 2012 15:39

odinstaloval jsem jak icq toolbar tak facemoods toolbar nicmene samotny facemood jsem v naistalovanych programech nenasel, ani jednu z sluzbu nevyuzivam a v prohlizeci mam vypnute, koukal jsem ze odintalovani techto "utilit" doporucujete v 90% pripadu, z jakeho duvodu prosim?

Nize prikladam log z rsit, log z mwav je v prvnim postu hned pod mnou psanym textem.

Dekuji za Vas cas

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2012-02-01 15:35:23
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (18%) free of 20 GB
Total RAM: 2046 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:35:28, on 1.2.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TotalCmd\TOTALCMD.EXE
D:\Install\Antiviry\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/sm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LenovoAutoScrollUtility] C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7500107828
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 14870 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Automatic troubleshooting.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\PMTask.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{609918D2-80F4-46CA-AC9D-E9CDAE70068B}.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\tuu4uj8h.default

prefs.js - "browser.startup.homepage" - "http://www.google.cz/"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6, {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, jqs@sun.com:1.0, {800b5000-a755-47e1-992b-48a1c1357f07}:1.2.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://search.babylon.com/?babsrc=SP_ss ... D=17981&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"fe_9.0@nokia.com"=C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69]
"Description"=6.0.12.69
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=1.1.11]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
NPOFFICE.DLL
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprpjplug.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\tuu4uj8h.default\extensions\
ffxtlbr@babylon.com
{20a82645-c095-46ed-80e3-08825760534b}
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\tuu4uj8h.default\searchplugins\
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-15 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28 809040]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2011-01-14 337256]
"PSQLLauncher"=C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [2010-07-21 55120]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-05-06 716800]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor []
"LPManager"=C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe [2009-07-23 185688]
"LPMailChecker"=C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe [2009-07-23 124248]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-05-05 2262312]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-29 61440]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"LenovoAutoScrollUtility"=C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe [2010-04-01 43960]
"TPHOTKEY"=C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [2006-10-02 94208]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2007-01-09 868352]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2009-12-01 256576]
"ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2011-04-14 431464]
"ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2011-04-14 189800]
""= []
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2005-10-17 65536]
"AwaySch"=C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [2006-11-07 91688]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2011-10-24 421888]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-11-28 3744552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Infium"=C:\Program Files\QIP Infium\infium.exe [2010-09-27 5896656]
""= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConMet]
C:\Program Files\ConMet\ConMet.exe [2011-05-06 4042240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.2\ICQ.exe [2010-08-22 133432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess]
C:\Program Files\Nokia\PC Internet Access\NPCIA.exe [2009-05-26 651264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\WINDOWS\system32\oodtray.exe [2008-11-03 2540800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2011-10-24 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-05-05 2262312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Speed Launcher.lnk]
C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2012-01-14 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
C:\PROGRA~1\ThinkPad\BLUETO~1\BTTray.exe [2009-07-08 607584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Phone Remote Control.lnk]
C:\PROGRA~1\PHONER~1\PHONER~1.EXE [2009-06-06 565064]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify]
C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll [2011-04-14 38248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-09-29 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [2010-07-21 100176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\WINDOWS\system32\notifyf2.dll [2005-07-05 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2005-11-30 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\StrongDC\StrongDC.exe"="C:\Program Files\StrongDC\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\QIP Infium\infium.exe"="C:\Program Files\QIP Infium\infium.exe:*:Enabled:QIP Infium"
"C:\Program Files\Graphisoft\ArchiCAD 13\ArchiCAD.exe"="C:\Program Files\Graphisoft\ArchiCAD 13\ArchiCAD.exe:*:Enabled:ArchiCAD 13.0.0 Component"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe"="C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-02-01 15:35:23 ----D---- C:\rsit
2012-02-01 15:35:23 ----D---- C:\Program Files\trend micro
2012-02-01 14:25:45 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Nokia Suite
2012-02-01 14:13:35 ----A---- C:\WINDOWS\system32\drivers\pccsmcfd.sys
2012-02-01 14:13:20 ----D---- C:\Program Files\PC Connectivity Solution
2012-02-01 14:12:39 ----A---- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
2012-02-01 14:12:37 ----A---- C:\WINDOWS\system32\drivers\nmwcdnsu.sys
2012-02-01 14:12:34 ----A---- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2012-02-01 14:12:33 ----A---- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2012-02-01 14:12:30 ----A---- C:\WINDOWS\system32\drivers\ccdcmbo.sys
2012-02-01 14:12:28 ----A---- C:\WINDOWS\system32\drivers\ccdcmb.sys
2012-02-01 02:05:49 ----AD---- C:\WINDOWS\rundll16.exe
2012-02-01 02:05:49 ----AD---- C:\WINDOWS\logo1_.exe
2012-02-01 01:28:07 ----A---- C:\WINDOWS\system32\d3d9caps.dat
2012-02-01 01:03:41 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2012-02-01 01:03:40 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2012-02-01 01:03:35 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2012-02-01 01:03:35 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2012-02-01 01:03:34 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2012-02-01 01:03:32 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2012-02-01 01:03:32 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2012-02-01 01:03:32 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2012-02-01 01:02:28 ----A---- C:\WINDOWS\avastSS.scr
2012-02-01 01:02:24 ----A---- C:\WINDOWS\system32\aswBoot.exe
2012-02-01 01:01:46 ----D---- C:\Program Files\AVAST Software
2012-02-01 01:01:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2012-02-01 00:13:10 ----A---- C:\WINDOWS\system32\msvcp90.dll
2012-02-01 00:13:09 ----A---- C:\WINDOWS\system32\msvcr90.dll
2012-01-05 19:35:29 ----A---- C:\WINDOWS\system32\vchelpex.sys
2012-01-05 17:58:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe Systems
2012-01-05 17:57:52 ----D---- C:\Program Files\Common Files\Adobe Systems Shared

======List of files/folders modified in the last 1 month======

2012-02-01 15:35:23 ----RD---- C:\Program Files
2012-02-01 15:35:08 ----D---- C:\WINDOWS\Temp
2012-02-01 15:35:01 ----A---- C:\WINDOWS\wincmd.ini
2012-02-01 15:29:55 ----SD---- C:\WINDOWS\Tasks
2012-02-01 15:29:52 ----D---- C:\WINDOWS\Prefetch
2012-02-01 15:27:51 ----A---- C:\WINDOWS\system32\PROCDB.INI
2012-02-01 15:27:42 ----D---- C:\WINDOWS
2012-02-01 15:26:58 ----D---- C:\WINDOWS\system32
2012-02-01 15:26:58 ----A---- C:\WINDOWS\system32\IPSCtrl.INI
2012-02-01 15:25:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-02-01 15:25:19 ----D---- C:\WINDOWS\system32\CatRoot2
2012-02-01 15:23:27 ----D---- C:\Documents and Settings\Administrator\Data aplikací\AIMP
2012-02-01 14:57:27 ----D---- C:\WINDOWS\system32\CatRoot
2012-02-01 14:56:47 ----HD---- C:\WINDOWS\inf
2012-02-01 14:55:42 ----D---- C:\WINDOWS\system32\drivers
2012-02-01 14:29:22 ----A---- C:\WINDOWS\NeroDigital.ini
2012-02-01 14:19:27 ----SHD---- C:\WINDOWS\Installer
2012-02-01 14:16:53 ----D---- C:\Program Files\Common Files\Nokia
2012-02-01 14:16:48 ----D---- C:\Program Files\Nokia
2012-02-01 14:16:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nokia
2012-02-01 14:16:22 ----D---- C:\WINDOWS\WinSxS
2012-02-01 14:13:35 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-02-01 01:49:52 ----A---- C:\WINDOWS\win.ini
2012-02-01 00:27:34 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Skype
2012-02-01 00:21:08 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Media Player Classic
2012-02-01 00:11:57 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Download Manager
2012-02-01 00:01:58 ----D---- C:\Program Files\Common Files\Lenovo
2012-02-01 00:01:54 ----D---- C:\Program Files\Lenovo
2012-01-27 14:33:17 ----D---- C:\Program Files\StrongDC
2012-01-26 20:03:12 ----D---- C:\Documents and Settings\Administrator\Data aplikací\AnkamaCertificates
2012-01-26 00:18:27 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Dofus 2
2012-01-21 12:25:24 ----D---- C:\Program Files\Common Files\Svoboda Software
2012-01-21 09:59:58 ----D---- C:\WINDOWS\system32\oodag
2012-01-20 12:12:37 ----D---- C:\WINDOWS\Minidump
2012-01-20 12:12:37 ----D---- C:\WINDOWS\Debug
2012-01-13 23:29:45 ----D---- C:\Program Files\Common Files\Adobe
2012-01-13 23:26:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2012-01-10 20:31:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-01-10 13:07:52 ----D---- C:\Documents and Settings\Administrator\Data aplikací\vlc
2012-01-05 18:03:40 ----D---- C:\Documents and Settings\Administrator\Data aplikací\AdobeUM
2012-01-05 17:57:52 ----D---- C:\Program Files\Common Files
2012-01-05 17:54:10 ----RSD---- C:\WINDOWS\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DozeHDD;DozeHDD; C:\WINDOWS\System32\DRIVERS\DozeHDD.sys [2011-05-10 25968]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 Shockprf;Shockprf; C:\WINDOWS\System32\DRIVERS\Apsx86.sys [2011-01-13 122992]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-10-19 664064]
R0 TPDIGIMN;TPDIGIMN; C:\WINDOWS\System32\DRIVERS\ApsHM86.sys [2011-01-13 20592]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-11-28 30808]
R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2011-04-08 11520]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-11-28 34392]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-11-28 435032]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-11-28 314456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-11-28 52952]
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 lenovo.smi;Lenovo System Interface Driver; C:\WINDOWS\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2006-10-02 14848]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006-10-02 9343]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2005-07-05 17699]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2011-05-10 12144]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2007-03-09 7168]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-11-28 20568]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-11-28 111320]
R2 cpuz135;cpuz135; \??\C:\WINDOWS\system32\drivers\cpuz135_x32.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2010-06-02 19384]
R2 PROCDD;IPS Helper Driver; C:\WINDOWS\system32\DRIVERS\PROCDD.SYS [2006-11-06 12080]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2008-08-13 11904]
R2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys []
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys [2006-11-22 72704]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-06-20 178688]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-09-29 3565056]
R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-17 15872]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-05-02 161792]
R3 btaudio;Zvukové zařízení Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2009-06-21 533024]
R3 BTDriver;Ovladač virtuálních komunikací Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160]
R3 BTKRNL;Enumenátor sběrnice Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2009-07-09 991264]
R3 BTWDNDIS;Server pro přístup k síti LAN Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-07-24 156816]
R3 btwmodem;Modem Bluetooth; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2008-02-04 37032]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2009-06-21 45984]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2010-06-02 993464]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2010-06-02 217016]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2011-02-01 31984]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-11-01 18176]
R3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-11-01 23168]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-14 28672]
R3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-02-19 21376]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2011-05-05 1344560]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2009-12-08 52112]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-11-01 8192]
R3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
R3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-11-01 8192]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2008-01-07 2216064]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2010-06-02 738360]
R3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2008-02-08 57408]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2011-11-01 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2011-11-01 8576]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2011-04-14 103784]
R2 acs;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2009-09-24 475220]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2011-04-14 243048]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-09-29 602112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-11-28 44768]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2009-07-08 349528]
R2 DozeSvc;Lenovo Doze Mode Service; C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE [2011-05-10 292200]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-02-27 870672]
R2 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2011-02-01 38760]
R2 IPSSVC;IPS Core Service; C:\WINDOWS\system32\IPSSVC.EXE [2007-01-30 108080]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2008-11-03 1332480]
R2 PwmEWSvc;Cisco EnergyWise Enabler; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [2011-05-10 148840]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-02-27 473360]
R2 S24EventMonitor;Intel(R) PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2009-02-27 909312]
R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2011-07-25 28672]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408]
R2 TPHKLOAD;Lenovo Hotkey Client Loader; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 99328]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2006-06-29 32768]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-11-17 1021256]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\WINDOWS\system32\regedt32.exe [2008-04-14 3584]
S2 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-05-10 69632]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2012-01-05 69632]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-10-19 651720]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-01-04 718888]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2011-01-13 40048]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-10-19 435016]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#4 Příspěvek od **vyosek** » 01 úno 2012 15:50

Odinstalovani doporucujem, resp. to mazem z duvodu, ze je to havet typu adware - zadny uzitek jen otravuje reklamou a zpomaluje PC

Na NOD jste tam mel koukam pekny crack

Tak doufam ze zustanem u toho free reseni Avastem

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

Provedte aktualizaci
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

aswed · #5 Příspěvek od **aswed** » 01 úno 2012 18:05

ano priznavam pouzival jsem cracknuty nod, snad je polehcujici okolnosti prechod na freeware antivir, neutece vam nic.

prikladam log z MBAM

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.60.1.1000
www.malwarebytes.org

Verze databáze: v2012.02.01.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: GOCA [administrátor]

Ochrana: Povolena

1.2.2012 16:37:43
mbam-log-2012-02-01 (18-00-30).txt

Typ: Úplná kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 269278
Uplynulý čas: 1 hodin, 20 minut, 4 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

Mohu timto svuj pocitac povazovat za cisty?

#6 Příspěvek od **vyosek** » 01 úno 2012 18:06

No neutece - v tom je know-how umeni cteni logu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

aswed · #7 Příspěvek od **aswed** » 01 úno 2012 18:12

Neuveritelna rychlost.. +1! jdu na to

#8 Příspěvek od **vyosek** » 01 úno 2012 18:21

OK, pockam na log

aswed · #9 Příspěvek od **aswed** » 01 úno 2012 18:48

zde je log z combofixu, nynu muzu zase vsechny bezpecnostni programy zapnout?

ComboFix 12-02-01.01 - Administrator 01.02.2012 18:24:44.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1178 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\regedit.com
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\SET9878.tmp
c:\windows\system32\SET9879.tmp
c:\windows\system32\SET9882.tmp
c:\windows\system32\SET9885.tmp
c:\windows\system32\SET9886.tmp
c:\windows\system32\SET988B.tmp
c:\windows\system32\taskmgr.com
.
----- Souboroví replikátoři -----
.
c:\program files\Lenovo\System Update\session\kb896613ar\multirc_run.exe
c:\program files\Lenovo\System Update\session\kb896613ar\trueoslang.exe
c:\program files\Lenovo\System Update\session\kb896613br\multirc_run.exe
c:\program files\Lenovo\System Update\session\kb896613br\trueoslang.exe
c:\program files\Lenovo\System Update\session\kb896613cz\multirc_run.exe
c:\program files\Lenovo\System Update\session\kb896613cz\trueoslang.exe
c:\program files\Lenovo\System Update\session\kb896613dk\multirc_run.exe
c:\program files\Lenovo\System Update\session\kb896613dk\trueoslang.exe
c:\program files\Lenovo\System Update\session\kb896613en\multirc_run.exe
c:\program files\Lenovo\System Update\session\kb896613en\trueoslang.exe
c:\program files\Lenovo\System Update\session\kb896613fi\multirc_run.exe
c:\program files\Lenovo\System Update\session\kb896613fi\trueoslang.exe
c:\program files\Lenovo\System Update\session\kb896613fr\multirc_run.exe
c:\program files\Lenovo\System Update\session\kb896613fr\trueoslang.exe
c:\program files\Lenovo\System Update\session\kb896613gk\multirc_run.exe
c:\program files\Lenovo\System Update\session\kb896613gk\trueoslang.exe
c:\program files\Lenovo\System Update\session\kb896613gr\multirc_run.exe
c:\program files\Lenovo\System Update\session\kb896613gr\trueoslang.exe
c:\program files\Lenovo\System Update\session\kb896613hb\multirc_run.exe
c:\program files\Lenovo\System Update\session\kb896613hb\trueoslang.exe
c:\program files\Lenovo\System Update\session\kb896613hu\multirc_run.exe
c:\program files\Lenovo\System Update\session\kb896613hu\trueoslang.exe
c:\program files\Lenovo\System Update\session\kb896613it\multirc_run.exe
c:\program files\Lenovo\System Update\session\kb896613it\trueoslang.exe
c:\program files\Lenovo\System Update\session\kb896613jp\multirc_run.exe
c:\program files\Lenovo\System Update\session\kb896613jp\trueoslang.exe
c:\program files\Lenovo\System Update\session\kb896613kr\multirc_run.exe
c:\program files\Lenovo\System Update\session\kb896613kr\trueoslang.exe
c:\program files\Lenovo\System Update\session\kb896613nl\multirc_run.exe
c:\program files\Lenovo\System Update\session\kb896613nl\trueoslang.exe
c:\program files\Lenovo\System Update\session\kb896613no\multirc_run.exe
c:\program files\Lenovo\System Update\session\kb896613no\trueoslang.exe
c:\program files\Lenovo\System Update\session\kb896613pl\multirc_run.exe
c:\program files\Lenovo\System Update\session\kb896613pl\trueoslang.exe
c:\program files\Lenovo\System Update\session\kb896613po\multirc_run.exe
c:\program files\Lenovo\System Update\session\kb896613po\trueoslang.exe
c:\program files\Lenovo\System Update\session\kb896613ru\multirc_run.exe
c:\program files\Lenovo\System Update\session\kb896613ru\trueoslang.exe
c:\program files\Lenovo\System Update\session\kb896613sc\multirc_run.exe
c:\program files\Lenovo\System Update\session\kb896613sc\trueoslang.exe
c:\program files\Lenovo\System Update\session\kb896613sp\multirc_run.exe
c:\program files\Lenovo\System Update\session\kb896613sp\trueoslang.exe
c:\program files\Lenovo\System Update\session\kb896613sv\multirc_run.exe
c:\program files\Lenovo\System Update\session\kb896613sv\trueoslang.exe
c:\program files\Lenovo\System Update\session\kb896613tc\multirc_run.exe
c:\program files\Lenovo\System Update\session\kb896613tc\trueoslang.exe
c:\program files\Lenovo\System Update\session\kb896613tr\multirc_run.exe
c:\program files\Lenovo\System Update\session\kb896613tr\trueoslang.exe
c:\program files\Lenovo\System Update\session\osdc01jp\multirc_run.exe
c:\program files\Lenovo\System Update\session\osdc01us\multirc_run.exe
c:\program files\Lenovo\System Update\session\osx516jp\multirc_run.exe
c:\program files\Lenovo\System Update\session\osx516us\multirc_run.exe
c:\program files\Lenovo\System Update\session\tvsutemp\7vuy02ew\multirc_run.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613ar\multirc_run.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613ar\trueoslang.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613br\multirc_run.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613br\trueoslang.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613cz\multirc_run.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613cz\trueoslang.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613dk\multirc_run.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613dk\trueoslang.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613en\multirc_run.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613en\trueoslang.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613fi\multirc_run.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613fi\trueoslang.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613fr\multirc_run.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613fr\trueoslang.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613gk\multirc_run.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613gk\trueoslang.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613gr\multirc_run.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613gr\trueoslang.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613hb\multirc_run.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613hb\trueoslang.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613hu\multirc_run.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613hu\trueoslang.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613it\multirc_run.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613it\trueoslang.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613kr\multirc_run.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613kr\trueoslang.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613nl\multirc_run.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613nl\trueoslang.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613no\multirc_run.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613no\trueoslang.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613pl\multirc_run.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613pl\trueoslang.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613po\multirc_run.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613po\trueoslang.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613ru\multirc_run.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613ru\trueoslang.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613sc\multirc_run.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613sc\trueoslang.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613sp\multirc_run.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613sp\trueoslang.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613sv\multirc_run.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613sv\trueoslang.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613tc\multirc_run.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613tc\trueoslang.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613tr\multirc_run.exe
c:\program files\Lenovo\System Update\session\tvsutemp\kb896613tr\trueoslang.exe
c:\program files\Lenovo\System Update\session\tvsutemp\osdc01us\multirc_run.exe
c:\program files\Lenovo\System Update\session\tvsutemp\osx516us\multirc_run.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-01 do 2012-02-01 )))))))))))))))))))))))))))))))
.
.
2012-02-01 15:35 . 2012-02-01 15:35 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2012-02-01 15:34 . 2012-02-01 15:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-02-01 15:34 . 2012-02-01 15:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-01 15:34 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-01 14:35 . 2012-02-01 14:35 -------- d-----w- C:\rsit
2012-02-01 14:35 . 2012-02-01 14:35 -------- d-----w- c:\program files\trend micro
2012-02-01 13:25 . 2012-02-01 13:25 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Nokia Suite
2012-02-01 13:13 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-02-01 13:13 . 2012-02-01 13:13 -------- d-----w- c:\program files\PC Connectivity Solution
2012-02-01 13:12 . 2011-11-01 09:07 8576 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2012-02-01 13:12 . 2011-11-01 09:07 137600 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2012-02-01 13:12 . 2011-11-01 09:07 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2012-02-01 13:12 . 2011-11-01 09:07 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2012-02-01 13:12 . 2011-11-01 09:07 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2012-02-01 13:12 . 2011-11-01 09:07 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2012-02-01 01:05 . 2012-02-01 01:05 -------- d---a-w- c:\windows\rundll16.exe
2012-02-01 01:05 . 2012-02-01 01:05 -------- d---a-w- c:\windows\logo1_.exe
2012-02-01 00:03 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-01 00:03 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-01 00:03 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-01 00:03 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-01 00:03 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-01 00:03 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-02-01 00:03 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-02-01 00:03 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-02-01 00:02 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-02-01 00:02 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-01 00:01 . 2012-02-01 00:01 -------- d-----w- c:\program files\AVAST Software
2012-02-01 00:01 . 2012-02-01 00:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2012-01-31 23:13 . 2012-01-31 23:13 572928 ----a-w- c:\windows\system32\msvcp90.dll
2012-01-31 23:13 . 2012-01-31 23:13 655872 ----a-w- c:\windows\system32\msvcr90.dll
2012-01-31 14:04 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{C086ABBE-844C-4BC5-8E6F-83F22CDDB066}\mpengine.dll
2012-01-05 18:35 . 2012-01-05 18:35 8 ----a-w- c:\windows\system32\vchelpex.sys
2012-01-05 16:58 . 2012-01-05 16:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Adobe Systems
2012-01-05 16:57 . 2012-01-05 16:57 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2012-01-03 07:22 . 2012-01-03 07:22 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 07:22 . 2012-01-03 07:22 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 23:55 . 2012-01-31 23:55 8243804 ----a-w- c:\windows\REGBK00.ZIP
2012-01-06 04:19 . 2010-10-19 18:46 6557240 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-12-07 09:08 . 2010-10-19 18:46 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-19 10:51 . 2011-05-20 05:36 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-30 12:02 . 2011-05-01 14:59 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Infium"="c:\program files\QIP Infium\infium.exe" [2010-09-27 5896656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2011-01-14 337256]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2010-07-21 55120]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2011-05-09 759144]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-05-05 2262312]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"LenovoAutoScrollUtility"="c:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2010-04-01 43960]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 94208]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2011-04-14 431464]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2011-04-14 189800]
"TP4EX"="tp4ex.exe" [2005-10-16 65536]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2012-1-5 25214]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2010-07-21 15:28 100176 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 21:45 28672 ----a-w- c:\windows\system32\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 18:16 24576 ----a-w- c:\windows\system32\tphklock.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Phone Remote Control.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Phone Remote Control.lnk
backup=c:\windows\pss\Phone Remote Control.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 01:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConMet]
2011-05-06 17:23 4042240 ----a-w- c:\program files\ConMet\ConMet.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-08-22 11:02 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess]
2009-05-26 11:21 651264 ----a-w- c:\program files\Nokia\PC Internet Access\NPCIA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2008-11-03 09:45 2540800 ----a-w- c:\windows\system32\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 12:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2011-05-05 18:31 2262312 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\StrongDC\\StrongDC.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\Graphisoft\\ArchiCAD 13\\ArchiCAD.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [19.10.2010 18:46 25968]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.10.2010 20:01 664064]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [13.1.2011 13:02 20592]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1.2.2012 1:03 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1.2.2012 1:03 314456]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [28.6.2011 7:56 13680]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.2.2012 1:03 20568]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [22.3.2011 7:50 22504]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [19.10.2010 18:46 292200]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1.2.2012 16:34 652360]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.exe [28.6.2011 8:01 148840]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [13.3.2009 13:47 12560]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\Lenovo\HOTKEY\tphkload.exe [28.6.2011 7:56 99328]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [28.6.2011 7:56 64440]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17.11.2009 9:34 1021256]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1.2.2012 16:34 20464]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 6:24 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [28.6.2011 7:56 45496]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [14.4.2008 13:00 3584]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [19.10.2010 18:46 69632]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [1.2.2012 14:12 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [1.2.2012 14:12 8576]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-02-01 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-11-17 08:40]
.
2012-02-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
2012-02-01 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-10-19 23:39]
.
2012-02-01 c:\windows\Tasks\User_Feed_Synchronization-{609918D2-80F4-46CA-AC9D-E9CDAE70068B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/sm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 147.229.190.143 147.229.191.143
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\tuu4uj8h.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=5420fd820000000000000013cea4ea07&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17981&q=
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-ACNotify - ACNotify.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-DAEMON Tools - c:\program files\DAEMON Tools\daemon.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-01 18:41
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-602162358-963894560-1547161642-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,79,34,8e,cf,20,f3,4a,83,e6,36,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,79,34,8e,cf,20,f3,4a,83,e6,36,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,79,34,8e,cf,20,f3,4a,83,e6,36,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="3489CDC89109688876E3E0199945FE81754C0468A53C275E163BEA2F1A667BA4B837FBD8C788917E9FBB81BE10C2AF99D006E26517838D5315967A1A833532B50120EACED7D0D3C111AC96524CAD568DD0A31957C730C9B1191DD442DEC00484D8FA96546890C9A5EEDD3F1D1FB7805D95E683BED29AF646DCC3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555BA7FD869164D6794A6A0AC4980AC7933D37D0EED2FC1DE3BB564D99479967436B139B3D8A27BE3563CC45CAD2A5B2AE0C563A1F59B9248A37CD08D6551163B8119352B3E50F30C56BA105CDB2C9E61265EE5B302FA8B329DD0CB7090E0197A61C7B6F973A2D20D32F9A176EF4E7A6456D103EB3BF0E393E22991F2E35B23C14617D3760AFD09302BD18E8EE4C76B55281CECD52123498A3EBF8E6905F930C530235A61694A7CE198601E6986D066FAE5F9866083BCDA569015E70C68F5AADF334BC7D9CFF408B66586CC3375A851C070EEECDF09EB2CD9CEEC71775910F40DF93650E44BED79638E69CC78270F8735BABF6A8AAB64C59C00CCB72C758C63EE41C85C6EC02B93C127F000AD654B580CCBF7827D385C24CCC101788FB2333FC85BB006C1E6A38A4FD44C82A8CAA5079ABF64E9B5528DB6B84297A568D44E4604ABDE9D1149D50AAED26C1DA2496ECA5EC3988A18ED3862D5C7E4E6E2F8AEA8AE2D86267148402F256E05D23BA473CC739DE902EC551D7E39A90096910C270B776C9FD75C98698B1D0A905774F70D2E1EA272215D278456A0D44342E6511008358A671E2FBFD927A49BCA14342D9481C53F90EDFAD438AAEB494EAD3CDEC52BE03DDC982B9B1DF9EC2FB623C507E6CC74F1E5A238A287301F9A044ECDA1267596CCC39A765BC4F3CB619858D699660C58CED9AB6BACC40E61F10C4F3B56165D9698A62B9982E474BCE479B5FA4D78AE467C16AAD15F46DF7F0B508F0A11FBCA4710CE0683689654DB00A5F4A6DF861634B787F48A7C66376837022022B7459AB0B8CD9B833AF55C6C8DAF023561FD9ABCCD6195181A051731D912C95085DF9E00AC788ECF7624C9527BECFC66B651861EA199C862A104F6106A39844488C09B06986636827146CF99CAF43C5A19F59A3D2DEA01B4D14AC4E277F20192A5DE4AB73DF21F18D28393EF93A6C69915E4089F79D2623EBB42DD281FFCA0341136572EF13E08F2168AB0267FA2D88D8B9CF571A7934792C45B1905965BFA8456C6E4A59D2D64D70C89B3B2CC4DE403301E7F00E8333D29A7873C40A5545846559307FE3EE85CEFD6371F2FCDCF8D2F0D6FB43E847C065EF03C05C5A974B99A3FA4C740E55B4B48EF4BE75A6818AB277E1B97C3587D16EF04F522269109D08B9C84A212B836BFD322037A"
"OODEFRAG11.00.00.01WORKSTATION"="0E80A70C8A31355BA5D39EA10F3AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555BA7FD869164D6794A6A0AC4980AC7933918B80664CF9AD0ACE5D1789AEEC766A08938EA56292CA9FE7AED13543638A0DBFD4B28E7122962287C2019D98F6EF81F01CB06F4FDBE274887F8F137E664AAE6AF010BF5D515B6582131AD6F95D823060AAF4AB558558BF9A7FBCA68FFC96E23EFCE72A9DFD2F5954AD62D319EF667773062D06955181A0E2F91A498F7D0703C9E58F73E4B68B32F647DE26DE11118BAD46AF9C4F9777E68E0CEF4638D3751D046F5CB4059CAADF476698D55A37C2D574D6D503ECC299192C28875E6A828075422FAAF9F8658E7D07671BDABDEA7AF11479FC4076D288F0AF9231C32A1C0D01C312DAC4DDD97BE15BFA78A3DC4DFDAFB74387CE1DD9ABDA70673FA0A0CA426A28D4D08B7256F7924FA3C313340E5694F39BDA1EB281ACF8A812079017480A91F20BF2359D4E514B4D39967EDE74D159BEC15F912E82F9A179D563A1006694870C1CAD1F68C417FCA8680DAFA15A00E973448300A92D465D6548345AED88D4134242701B7ED41E4A9730C8E5DFAF37E6CE88B933E5E406E95452DBB2182801AE440B2F6E31A9FD0A31E46ED1A5748FA574C7776BC420F33811334114DBD0940AA6DBE05175071349F4AD2599204167ADE90F355CCCEB90EECA7BCCE039A2CF06E16982716440FD4642861BD8A03E5EBB9ABEF1ABA9E51AE61611706CD2D2353B533F926FBABFA17460BF009B9D2B5B41540A2E75AA421AAEE9AE9C7FEFA88BF1B93C1560D882A6FC787C09642F5807E148FB7048C0C7D8852160C7D4FE01DE2A3A1212CCC499FAB917B46EA9162F4D750F70C2A60452E463FA0AED1D8E4B7D155E4914B2A62BCBBAADB4ECD53427DF8AA298B108AFCF90711CDF8D7B538CF91B103B2C824C6E1043929B45460DCF35DE60F84ED723C4F10B0A6CA80AA35DADD4A1976C2125B2FDCBFDDCBC4DCB4B846A0BE930745F496344B20D46D2FB69B112C7E0EDE8C7D8917E0EC09B30BD504D52499870B00D0603E1E274F1D77C71665599EC4C25EA558CBC44E42E2AD5A7CEF52586ABD4F5BC325CCFA6370AE9C86DD493682617EDB2729885B545E82AB10EE38E86051B8ABF1862907FAC54AAD8307A17D01FF4508C0BD91BF7358D725F55E0D543A1325CF51E551F2B6692CB1D57E4E7F8E0E63695E27B3345D72F8FB6B166B1B92ABE21DAF2CADC2C8092FBA654E7AE08140A6A93C92EDF87085801D273A03D38CC54B6FD890C8CD6181A90195809F7F8EAEFD85DD35514FEA784ED61B06FF7E5BB829A031616D45851E1002CDB043319171C92625987ABBF1CA8A0A5C1E8C1BAACC46F21141C42AAD193E72E1AC5B50E"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1224)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
c:\windows\system32\tphklock.dll
.
- - - - - - - > 'lsass.exe'(1352)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'explorer.exe'(5476)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\acs.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\oodag.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TpKmpSVC.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\TpShocks.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\rundll32.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\UltraNav Wizard\UNavTray.EXE
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
.
**************************************************************************
.
Celkový čas: 2012-02-01 18:46:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-01 17:46
.
Před spuštěním: 3 584 012 288
Po spuštění: 3 659 739 136
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0D37483AE9DB30ECA8BD8AF5E77E07D5

#10 Příspěvek od **vyosek** » 01 úno 2012 19:50

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Infium"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"Adobe ARM"=-
"Malwarebytes' Anti-Malware"=-
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Speed Launcher.lnk]
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Phone Remote Control.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

Driver::
NOD32FiXTemDono
NMIndexingService

Folder::
C:\Program Files\facemoods.com

File::
C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\tuu4uj8h.default\searchplugins\icqplugin-1.xml
C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\tuu4uj8h.default\searchplugins\icqplugin-2.xml
C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\tuu4uj8h.default\searchplugins\icqplugin-3.xml
C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\tuu4uj8h.default\searchplugins\icqplugin-4.xml
C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\tuu4uj8h.default\searchplugins\icqplugin-5.xml
C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\tuu4uj8h.default\searchplugins\icqplugin-6.xml
C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\tuu4uj8h.default\searchplugins\icqplugin-7.xml
C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\tuu4uj8h.default\searchplugins\icqplugin.xml
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Automatic troubleshooting.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{609918D2-80F4-46CA-AC9D-E9CDAE70068B}.job

DDS::
uStart Page = hxxp://start.icq.com/sm

Firefox::
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\tuu4uj8h.default\
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss ... D=17981&q=

RegLock::
[HKEY_USERS\S-1-5-21-602162358-963894560-1547161642-500\Software\Microsoft\Internet Explorer\User Preferences]

RegNull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

Replicator::

AtJob::

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

aswed · #11 Příspěvek od **aswed** » 01 úno 2012 20:39

snad jsem to udelal spravne:)

ComboFix 12-02-01.01 - Administrator 01.02.2012 20:18:36.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1380 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\tuu4uj8h.default\searchplugins\icqplugin-1.xml"
"c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\tuu4uj8h.default\searchplugins\icqplugin-2.xml"
"c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\tuu4uj8h.default\searchplugins\icqplugin-3.xml"
"c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\tuu4uj8h.default\searchplugins\icqplugin-4.xml"
"c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\tuu4uj8h.default\searchplugins\icqplugin-5.xml"
"c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\tuu4uj8h.default\searchplugins\icqplugin-6.xml"
"c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\tuu4uj8h.default\searchplugins\icqplugin-7.xml"
"c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\tuu4uj8h.default\searchplugins\icqplugin.xml"
"c:\windows\tasks\AppleSoftwareUpdate.job"
"c:\windows\tasks\Automatic troubleshooting.job"
"c:\windows\tasks\User_Feed_Synchronization-{609918D2-80F4-46CA-AC9D-E9CDAE70068B}.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NMINDEXINGSERVICE
-------\Service_NMIndexingService
-------\Service_NOD32FiXTemDono
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-01 do 2012-02-01 )))))))))))))))))))))))))))))))
.
.
2012-02-01 15:35 . 2012-02-01 15:35 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2012-02-01 15:34 . 2012-02-01 15:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-02-01 15:34 . 2012-02-01 15:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-01 15:34 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-01 14:35 . 2012-02-01 14:35 -------- d-----w- C:\rsit
2012-02-01 14:35 . 2012-02-01 14:35 -------- d-----w- c:\program files\trend micro
2012-02-01 13:25 . 2012-02-01 13:25 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Nokia Suite
2012-02-01 13:13 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-02-01 13:13 . 2012-02-01 13:13 -------- d-----w- c:\program files\PC Connectivity Solution
2012-02-01 13:12 . 2011-11-01 09:07 8576 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2012-02-01 13:12 . 2011-11-01 09:07 137600 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2012-02-01 13:12 . 2011-11-01 09:07 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2012-02-01 13:12 . 2011-11-01 09:07 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2012-02-01 13:12 . 2011-11-01 09:07 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2012-02-01 13:12 . 2011-11-01 09:07 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2012-02-01 01:05 . 2012-02-01 01:05 -------- d---a-w- c:\windows\rundll16.exe
2012-02-01 01:05 . 2012-02-01 01:05 -------- d---a-w- c:\windows\logo1_.exe
2012-02-01 00:03 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-01 00:03 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-01 00:03 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-01 00:03 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-01 00:03 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-01 00:03 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-02-01 00:03 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-02-01 00:03 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-02-01 00:02 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-02-01 00:02 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-01 00:01 . 2012-02-01 00:01 -------- d-----w- c:\program files\AVAST Software
2012-02-01 00:01 . 2012-02-01 00:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2012-01-31 23:13 . 2012-01-31 23:13 572928 ----a-w- c:\windows\system32\msvcp90.dll
2012-01-31 23:13 . 2012-01-31 23:13 655872 ----a-w- c:\windows\system32\msvcr90.dll
2012-01-31 14:04 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{C086ABBE-844C-4BC5-8E6F-83F22CDDB066}\mpengine.dll
2012-01-05 18:35 . 2012-01-05 18:35 8 ----a-w- c:\windows\system32\vchelpex.sys
2012-01-05 16:58 . 2012-01-05 16:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Adobe Systems
2012-01-05 16:57 . 2012-01-05 16:57 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2012-01-03 07:22 . 2012-01-03 07:22 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 07:22 . 2012-01-03 07:22 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 23:55 . 2012-01-31 23:55 8243804 ----a-w- c:\windows\REGBK00.ZIP
2012-01-06 04:19 . 2010-10-19 18:46 6557240 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-12-07 09:08 . 2010-10-19 18:46 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-19 10:51 . 2011-05-20 05:36 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-30 12:02 . 2011-05-01 14:59 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-01_17.40.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-01 19:32 . 2012-02-01 19:32 16384 c:\windows\Temp\Perflib_Perfdata_758.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2011-01-14 337256]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2010-07-21 55120]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2011-05-09 759144]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-05-05 2262312]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"LenovoAutoScrollUtility"="c:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2010-04-01 43960]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 94208]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2011-04-14 431464]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2011-04-14 189800]
"TP4EX"="tp4ex.exe" [2005-10-16 65536]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2012-1-5 25214]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2010-07-21 15:28 100176 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 21:45 28672 ----a-w- c:\windows\system32\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 18:16 24576 ----a-w- c:\windows\system32\tphklock.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConMet]
2011-05-06 17:23 4042240 ----a-w- c:\program files\ConMet\ConMet.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess]
2009-05-26 11:21 651264 ----a-w- c:\program files\Nokia\PC Internet Access\NPCIA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2011-05-05 18:31 2262312 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\StrongDC\\StrongDC.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\Graphisoft\\ArchiCAD 13\\ArchiCAD.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [19.10.2010 18:46 25968]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.10.2010 20:01 664064]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [13.1.2011 13:02 20592]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1.2.2012 1:03 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1.2.2012 1:03 314456]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [28.6.2011 7:56 13680]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.2.2012 1:03 20568]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [22.3.2011 7:50 22504]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [19.10.2010 18:46 292200]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1.2.2012 16:34 652360]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.exe [28.6.2011 8:01 148840]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [13.3.2009 13:47 12560]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\Lenovo\HOTKEY\tphkload.exe [28.6.2011 7:56 99328]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [28.6.2011 7:56 64440]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17.11.2009 9:34 1021256]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1.2.2012 16:34 20464]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 6:24 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [28.6.2011 7:56 45496]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [19.10.2010 18:46 69632]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [1.2.2012 14:12 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [1.2.2012 14:12 8576]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-02-01 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-11-17 08:40]
.
2012-02-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
2012-02-01 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-10-19 23:39]
.
2012-02-01 c:\windows\Tasks\User_Feed_Synchronization-{609918D2-80F4-46CA-AC9D-E9CDAE70068B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 147.229.190.143 147.229.191.143
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\tuu4uj8h.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-01 20:34
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1684)
c:\windows\system32\Ati2evxx.dll
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
c:\windows\system32\tphklock.dll
.
- - - - - - - > 'lsass.exe'(1816)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'explorer.exe'(5852)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\acs.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\oodag.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TpKmpSVC.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\ThinkPad\UltraNav Wizard\UNavTray.EXE
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
.
**************************************************************************
.
Celkový čas: 2012-02-01 20:38:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-01 19:38
ComboFix2.txt 2012-02-01 17:46
.
Před spuštěním: 3 654 881 280
Po spuštění: 3 634 782 208
.
- - End Of File - - 5312222BD1DC436EE7AB71372B54D27F

#12 Příspěvek od **vyosek** » 01 úno 2012 20:43

Ano, udelal...jak se chova PC

aswed · #13 Příspěvek od **aswed** » 01 úno 2012 21:02

zkusil jsem jeste jednou restart, pri spousteni pc akorat "pribyla" obrazovka s vyberem jaky system chci spustit ale ta se behem par sekund sama potvrdi a system startuje dal. tuneup utilities mi po obou skenech mbam mi hlasi 2 doporuceni viz ss. Pokud se mela zvysit rychlost systemu tak jsem zmenu nezaznamenal.

Rad bych se zeptal jestli vami napsana oprava odstranovala skodlivou nebo upravovala nastaveni win a programu jako takovych, jak jsem psal na zacatku slo mi hlavne o cistotu disku D ze nehoz chci data pri reinstalu zachovat. Windowsy jsou nekolika mesicnim uzivanim ve stresu znacne zanesena alespon podle klesajici tendence vykonu se tak zda. ptam se proto jestli mam posilat log jeste po reinstalu win pro nasledne vyladeni, co jsem posledne takto dukladne cistil pc vim ze tam dochazelo ke kolizi nejakch programu ci casti win a cosi jsem s tim na zaklade vasich rad delal.

Dekuji za vas cas a ochotu

: Bez názvu.JPG (53.97 KiB) Zobrazeno 888 x

#14 Příspěvek od **vyosek** » 02 úno 2012 09:38

Co se tyce doporucenich TU, muzete prijmout

nejaka drobna havet tam byla ale disk s daty se mi zda cisty

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

VIRY.CZ

Prosim o kontrolu

Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu