Asi se jedná o virus Nimnul, prosím o radu. Sám s tím nejsem schopnej hnout.
Děkuji.
Logfile of random's system information tool 1.08 (written by random/random)
Run by IBM ThinkPad X31 at 2011-03-27 15:31:06
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (6%) free of 76 GB
Total RAM: 1023 MB (55% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:31:27, on 27.3.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\IBM ThinkPad X31\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\IBM ThinkPad X31.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25517
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\iabstplb\qgsfesrr.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PXCIEaddin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: setup_9.0.0.722_23.03.2011_20-11[1].lnk = C:\Documents and Settings\IBM ThinkPad X31\Plocha\Virus Removal Tool\setup_9.0.0.722_23.03.2011_20-11[1]\startup.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download using ASUS Download - C:\Program Files\ASUS\WL-500gP Wireless Router Utilities\ASDownload.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0977998469
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: Služba Windows Media Player Network Sharing (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
--
End of file - 9479 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42DFA04F-0F16-418e-B80C-AB97A5AFAD39}]
PDFXChange 4.0 - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll [2010-02-02 422168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2010-04-12 149968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-17 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - PDFXChange 4.0 - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll [2010-02-02 422168]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"=C:\Program Files\Lenovo\TrackPoint\tp4serv.exe [2009-06-26 92960]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 647649]
"TPHOTKEY"=C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [2006-10-02 254391]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1548780]
"ATIModeChange"=C:\WINDOWS\SYSTEM32\Ati2mdxx.exe [2001-09-04 28672]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /runcleanupscript []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [2009-10-28 257440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2003-06-27 88363]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
c:\Program Files\Microsoft Security Essentials\msseces.exe -hide -runkey []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe [2011-03-27 753664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2011-03-27 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\\Phone\Skype.exe [2010-09-02 13351304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDDMStatus.lnk]
C:\PROGRA~1\WESTER~1\WDSMAR~1\WDDRIV~1\WDDMST~1.EXE [2010-01-21 2057536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDSmartWare.lnk]
C:\PROGRA~1\WESTER~1\WDSMAR~1\FRONTP~1\WDSMAR~1.EXE [2010-01-21 9136960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2011-03-27 123904]
C:\Documents and Settings\IBM ThinkPad X31\Nabídka Start\Programy\Po spuštění
setup_9.0.0.722_23.03.2011_20-11[1].lnk - C:\Documents and Settings\IBM ThinkPad X31\Plocha\Virus Removal Tool\setup_9.0.0.722_23.03.2011_20-11[1]\startup.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\SYSTEM32\Ati2evxx.dll [2004-05-13 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\WINDOWS\SYSTEM32\notifyf2.dll [2005-07-06 28672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\SYSTEM32\tphklock.dll [2005-11-30 24576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\SYSTEM32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2011-03-27 304128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Program Files\ASUS\WL-500gP Wireless Router Utilities\Download.exe"="C:\Program Files\ASUS\WL-500gP Wireless Router Utilities\Download.exe:*:Enabled:ASUS Download Master Utility"
"C:\Program Files\ASUS\WL-500gP Wireless Router Utilities\Discovery.exe"="C:\Program Files\ASUS\WL-500gP Wireless Router Utilities\Discovery.exe:*:Enabled:ASUS Device Discovery Application"
"C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe"="C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2011-03-27 14:18:28 ----ASH---- C:\hiberfil.sys
2011-03-27 10:37:09 ----SHD---- C:\RECYCLER
2011-03-27 08:56:58 ----N---- C:\cureit-201103270235.exe
2011-03-27 08:56:53 ----A---- C:\drweb-600-win-space-pro-x86(4).exe
2011-03-26 21:29:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Backup
2011-03-26 21:23:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Panda Security
2011-03-26 20:33:20 ----D---- C:\Program Files\trend micro
2011-03-26 20:33:18 ----D---- C:\rsit
2011-03-26 20:12:49 ----SHD---- C:\WINDOWS\CSC
2011-03-26 20:12:38 ----A---- C:\WINDOWS\ntbtlog.txt
2011-03-26 19:43:49 ----A---- C:\ComboFix.txt
2011-03-24 08:37:55 ----ASH---- C:\pagefile.sys
2011-03-23 22:52:45 ----A---- C:\WINDOWS\system32\drivers\42445021.sys
2011-03-23 22:52:45 ----A---- C:\WINDOWS\system32\drivers\4244502.sys
2011-03-23 20:26:21 ----A---- C:\Boot.bak
2011-03-23 20:26:01 ----RASHD---- C:\cmdcons
2011-03-23 20:20:15 ----A---- C:\WINDOWS\zip.exe
2011-03-23 20:20:15 ----A---- C:\WINDOWS\SWSC.exe
2011-03-23 20:20:15 ----A---- C:\WINDOWS\SWREG.exe
2011-03-23 20:20:15 ----A---- C:\WINDOWS\sed.exe
2011-03-23 20:20:15 ----A---- C:\WINDOWS\PEV.exe
2011-03-23 20:20:15 ----A---- C:\WINDOWS\NIRCMD.exe
2011-03-23 20:20:15 ----A---- C:\WINDOWS\MBR.exe
2011-03-23 20:20:15 ----A---- C:\WINDOWS\grep.exe
2011-03-23 20:20:14 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-03-23 20:19:35 ----D---- C:\WINDOWS\ERDNT
2011-03-23 20:03:13 ----D---- C:\Qoobox
2011-03-22 23:30:19 ----D---- C:\Program Files\iabstplb
2011-03-13 20:11:18 ----D---- C:\20110313_Rokytnice
2011-03-12 01:50:39 ----D---- C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\Windows Search
2011-03-09 19:50:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2011-03-09 19:42:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2011-03-08 23:18:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
======List of files/folders modified in the last 1 months======
2011-03-27 15:18:58 ----D---- C:\Program Files\Mozilla Firefox
2011-03-27 15:18:18 ----D---- C:\WINDOWS\Temp
2011-03-27 15:12:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-03-27 15:11:36 ----SHD---- C:\WINDOWS\Installer
2011-03-27 15:11:35 ----D---- C:\Config.Msi
2011-03-27 15:11:34 ----RD---- C:\Program Files
2011-03-27 15:10:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2011-03-27 15:09:47 ----D---- C:\WINDOWS\system32
2011-03-27 15:04:43 ----HD---- C:\Program Files\InstallShield Installation Information
2011-03-27 15:04:43 ----D---- C:\WINDOWS\system32\drivers\etc
2011-03-27 15:04:43 ----D---- C:\WINDOWS\system32\drivers
2011-03-27 15:04:43 ----D---- C:\WINDOWS
2011-03-27 15:04:42 ----D---- C:\Program Files\Common Files
2011-03-27 15:03:31 ----D---- C:\WINDOWS\system32\CatRoot2
2011-03-27 14:57:50 ----SD---- C:\WINDOWS\Tasks
2011-03-27 14:57:22 ----HD---- C:\WINDOWS\inf
2011-03-27 14:32:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-03-27 10:51:09 ----D---- C:\WOLF3D
2011-03-27 07:50:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-03-27 07:50:33 ----D---- C:\Program Files\Windows Media Player
2011-03-27 07:47:22 ----D---- C:\Program Files\Outlook Express
2011-03-27 07:45:40 ----D---- C:\Program Files\Movie Maker
2011-03-27 07:37:06 ----D---- C:\Program Files\Internet Explorer
2011-03-27 00:09:00 ----A---- C:\WINDOWS\win.ini
2011-03-26 20:51:28 ----D---- C:\WINDOWS\Prefetch
2011-03-26 19:23:34 ----A---- C:\WINDOWS\system.ini
2011-03-26 19:18:32 ----D---- C:\WINDOWS\system32\config
2011-03-26 19:13:20 ----D---- C:\WINDOWS\AppPatch
2011-03-26 14:20:03 ----D---- C:\Program Files\ReaConverter 6.0 Standard
2011-03-26 13:41:53 ----D---- C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\RCP 6
2011-03-26 12:59:46 ----D---- C:\Program Files\BitTorrent
2011-03-26 12:58:00 ----D---- C:\WINDOWS\Help
2011-03-26 09:57:42 ----D---- C:\WINDOWS\Network Diagnostic
2011-03-26 08:53:54 ----D---- C:\Program Files\Windows Desktop Search
2011-03-26 05:57:30 ----D---- C:\Program Files\QuickTime
2011-03-25 21:19:26 ----D---- C:\Program Files\PC Connectivity Solution
2011-03-25 21:11:37 ----D---- C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\Skype
2011-03-25 21:10:32 ----D---- C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\skypePM
2011-03-25 20:40:17 ----D---- C:\Program Files\AIMP2
2011-03-25 20:29:54 ----D---- C:\Program Files\Mozilla Firefox 3.6 Beta 5
2011-03-25 20:27:31 ----D---- C:\Program Files\The KMPlayer
2011-03-25 11:22:22 ----D---- C:\Program Files\Lenovo
2011-03-25 11:22:20 ----D---- C:\Program Files\ltmoh
2011-03-25 11:22:18 ----D---- C:\Program Files\Messenger
2011-03-25 11:21:08 ----D---- C:\Program Files\NetMeeting
2011-03-25 11:11:11 ----D---- C:\Program Files\totalcmd
2011-03-25 07:35:41 ----D---- C:\Program Files\BenchMarX
2011-03-25 07:35:40 ----D---- C:\Program Files\Cleaner 5 EZ
2011-03-25 07:35:29 ----D---- C:\Program Files\Codec Pack - All In 1
2011-03-25 07:35:20 ----D---- C:\Program Files\Common Files\ACD Systems
2011-03-25 07:34:17 ----D---- C:\Program Files\Common Files\Lenovo
2011-03-24 23:59:26 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2011-03-24 14:20:55 ----D---- C:\WINDOWS\system32\Restore
2011-03-24 08:10:08 ----D---- C:\WINDOWS\Debug
2011-03-23 22:57:15 ----SHD---- C:\System Volume Information
2011-03-23 20:26:21 ----RASH---- C:\boot.ini
2011-03-23 19:23:29 ----D---- C:\WINDOWS\system32\CatRoot
2011-03-23 14:13:20 ----D---- C:\Program Files\Windows Media Connect 2
2011-03-19 13:33:51 ----D---- C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\AIMP
2011-03-09 19:44:54 ----A---- C:\WINDOWS\system32\MRT.exe
2011-03-09 19:44:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-03-09 19:21:24 ----HD---- C:\WINDOWS\$hf_mig$
2011-03-07 18:47:05 ----D---- C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\Miranda
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-09-08 64288]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 42445021;42445021; C:\WINDOWS\system32\DRIVERS\42445021.sys [2009-09-25 128016]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 setup_9.0.0.722_23.03.2011_20-11[1]drv;setup_9.0.0.722_23.03.2011_20-11[1]drv; C:\WINDOWS\system32\DRIVERS\4244502.sys [2009-10-09 315408]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2005-07-05 17699]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-03-04 127872]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2003-06-27 1196352]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-05-13 672256]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2009-08-24 24872]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-14 28672]
R3 PCX504;Cisco Systems Wireless LAN Adapter Driver; C:\WINDOWS\system32\DRIVERS\PCX504.sys [2004-05-04 119296]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-02-19 21376]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992]
R3 Tp4Track;PS/2 TrackPoint Driver; C:\WINDOWS\system32\DRIVERS\tp4track.sys [2009-06-26 23080]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S0 42445022;42445022 Boot Guard Driver; C:\WINDOWS\system32\DRIVERS\42445022.sys []
S1 agnqjdhj;agnqjdhj; \??\C:\WINDOWS\system32\drivers\agnqjdhj.sys []
S1 bslphnyu;bslphnyu; \??\C:\WINDOWS\system32\drivers\bslphnyu.sys []
S1 isazgogh;isazgogh; \??\C:\WINDOWS\system32\drivers\isazgogh.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 MpKsl13018c9d;MpKsl13018c9d; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl13018c9d.sys []
S1 MpKsl16ae708c;MpKsl16ae708c; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl16ae708c.sys []
S1 MpKsl43d728c9;MpKsl43d728c9; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl43d728c9.sys []
S1 MpKsl4d59e322;MpKsl4d59e322; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl4d59e322.sys []
S1 MpKsl6276b5bd;MpKsl6276b5bd; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl6276b5bd.sys []
S1 MpKsl65c64585;MpKsl65c64585; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{B2E987ED-857A-4F4F-9E3C-004BF5DD2041}\MpKsl65c64585.sys []
S1 MpKslfaf5127b;MpKslfaf5127b; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKslfaf5127b.sys []
S1 MpKslff7a89cf;MpKslff7a89cf; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{F108BB5A-F909-4E51-B5D4-9287BFB34627}\MpKslff7a89cf.sys []
S1 qtptyxsa;qtptyxsa; \??\C:\WINDOWS\system32\drivers\qtptyxsa.sys []
S1 rdbkdepf;rdbkdepf; \??\C:\WINDOWS\system32\drivers\rdbkdepf.sys []
S1 uidlypzj;uidlypzj; \??\C:\WINDOWS\system32\drivers\uidlypzj.sys []
S1 vmhyfnic;vmhyfnic; \??\C:\WINDOWS\system32\drivers\vmhyfnic.sys []
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-09-17 145408]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 RkPavproc1;RkPavproc1; \??\C:\WINDOWS\system32\drivers\RkPavproc1.sys []
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2009-03-04 709248]
S3 TwoTrack;IBM PS/2 TrackPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\TwoTrack.sys [2001-08-17 11520]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-05-13 397312]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2009-08-24 38176]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 205243]
R2 SUService;System Update; C:\Program Files\Lenovo\System Update\SUService.exe [2009-06-12 28672]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1282489]
R2 WDDMService;WD SmartWare Drive Manager; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 270753]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-10 136176]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-03-27 657408]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe []
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosím o analýzu logu - nimnul?
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: prosím o analýzu logu - nimnul?
Ještě log z ComboFixu...
ComboFix 11-03-26.01 - IBM ThinkPad X31 27.03.2011 15:44:33.8.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.575 [GMT 2:00]
Spuštěný z: c:\documents and settings\IBM ThinkPad X31\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Parameters
-------\Service_Security
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-27 do 2011-03-27 )))))))))))))))))))))))))))))))
.
.
2011-03-27 13:19 . 2011-03-18 17:55 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-27 13:18 . 2011-03-18 17:55 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-27 13:18 . 2011-03-18 17:55 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-27 13:18 . 2011-03-18 17:55 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-03-27 13:18 . 2011-03-18 17:55 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-27 13:18 . 2011-03-18 17:55 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-27 13:18 . 2011-03-18 17:55 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-03-27 13:18 . 2011-03-18 17:55 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-27 13:18 . 2011-03-18 17:55 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-27 13:18 . 2011-03-18 17:55 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-27 06:58 . 2011-03-27 06:58 -------- d-----w- c:\documents and settings\IBM ThinkPad X31\DoctorWeb
2011-03-27 06:56 . 2011-03-26 18:58 58750752 ------w- C:\cureit-201103270235.exe
2011-03-27 06:56 . 2011-03-26 23:57 106743912 ----a-w- C:\drweb-600-win-space-pro-x86(4).exe
2011-03-27 01:33 . 2011-03-27 01:33 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-03-26 22:08 . 2011-03-26 22:08 -------- d-----w- c:\documents and settings\NetworkService\Plocha
2011-03-26 19:29 . 2011-03-26 19:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Backup
2011-03-26 19:23 . 2011-03-27 13:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Panda Security
2011-03-26 18:51 . 2011-03-27 02:25 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-03-26 18:51 . 2011-03-27 02:25 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-03-26 18:51 . 2011-03-27 02:25 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-03-26 18:51 . 2005-04-03 22:02 69714 ------w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-03-26 18:51 . 2005-04-03 21:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-03-26 18:51 . 2011-03-26 18:51 331908 ------w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-03-26 18:51 . 2011-03-26 18:51 200836 ------w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-03-26 18:33 . 2011-03-27 13:31 -------- d-----w- c:\program files\trend micro
2011-03-26 18:33 . 2011-03-26 18:34 -------- d-----w- C:\rsit
2011-03-23 20:52 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\4244502.sys
2011-03-23 20:52 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\42445021.sys
2011-03-22 21:30 . 2011-03-27 13:52 -------- d-----w- c:\program files\iabstplb
2011-03-13 18:11 . 2011-03-13 18:13 -------- d-----w- C:\20110313_Rokytnice
2011-03-11 23:50 . 2011-03-11 23:50 -------- d-----w- c:\documents and settings\IBM ThinkPad X31\Data aplikací\Windows Search
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-26 13:10 . 2010-06-06 18:23 209382 ----a-w- c:\documents and settings\IBM ThinkPad X31\Data aplikací\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2011-03-26 13:10 . 2010-06-06 18:22 217430 ----a-w- c:\documents and settings\IBM ThinkPad X31\Data aplikací\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2011-02-09 13:53 . 2008-04-14 06:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 06:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-12-16 13:46 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-12-16 13:46 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2008-04-14 06:51 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-04-14 06:37 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-14 05:45 1854976 ----a-w- c:\windows\system32\win32k.sys
2011-03-18 17:55 . 2011-03-27 13:19 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2009-06-26 92960]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 647649]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1548780]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\IBM ThinkPad X31\Nabˇdka Start\Programy\Po spuçtŘnˇ\
setup_9.0.0.722_23.03.2011_20-11[1].lnk - c:\documents and settings\IBM ThinkPad X31\Plocha\Virus Removal Tool\setup_9.0.0.722_23.03.2011_20-11[1]\startup.exe [2011-3-23 72208]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2011-03-27 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\iabstplb\qgsfesrr.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 22:45 28672 ----a-w- c:\windows\system32\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 19:16 24576 ----a-w- c:\windows\system32\tphklock.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDDMStatus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDSmartWare.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ------w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2003-06-27 07:53 88363 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ------w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2011-03-27 02:51 753664 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-03-27 02:55 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 13:15 13351304 ------w- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ------w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\ASUS\\WL-500gP Wireless Router Utilities\\Download.exe"=
"c:\\Program Files\\ASUS\\WL-500gP Wireless Router Utilities\\Discovery.exe"=
"c:\\Program Files\\Mozilla Firefox 3.6 Beta 5\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [31.10.2010 8:52 64288]
R1 42445021;42445021;c:\windows\system32\drivers\42445021.sys [23.3.2011 22:52 128016]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [21.1.2010 17:24 270753]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 9:58 20480]
R3 PCX504;Cisco Systems Wireless LAN Adapter Driver;c:\windows\system32\drivers\PCX504.sys [4.5.2004 13:35 119296]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [26.6.2009 12:40 23080]
S0 42445022;42445022 Boot Guard Driver;c:\windows\system32\DRIVERS\42445022.sys --> c:\windows\system32\DRIVERS\42445022.sys [?]
S1 agnqjdhj;agnqjdhj;\??\c:\windows\system32\drivers\agnqjdhj.sys --> c:\windows\system32\drivers\agnqjdhj.sys [?]
S1 bslphnyu;bslphnyu;\??\c:\windows\system32\drivers\bslphnyu.sys --> c:\windows\system32\drivers\bslphnyu.sys [?]
S1 isazgogh;isazgogh;\??\c:\windows\system32\drivers\isazgogh.sys --> c:\windows\system32\drivers\isazgogh.sys [?]
S1 MpKsl13018c9d;MpKsl13018c9d;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl13018c9d.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl13018c9d.sys [?]
S1 MpKsl16ae708c;MpKsl16ae708c;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl16ae708c.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl16ae708c.sys [?]
S1 MpKsl43d728c9;MpKsl43d728c9;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl43d728c9.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl43d728c9.sys [?]
S1 MpKsl4d59e322;MpKsl4d59e322;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl4d59e322.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl4d59e322.sys [?]
S1 MpKsl6276b5bd;MpKsl6276b5bd;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl6276b5bd.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl6276b5bd.sys [?]
S1 MpKsl65c64585;MpKsl65c64585;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{B2E987ED-857A-4F4F-9E3C-004BF5DD2041}\MpKsl65c64585.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{B2E987ED-857A-4F4F-9E3C-004BF5DD2041}\MpKsl65c64585.sys [?]
S1 MpKslfaf5127b;MpKslfaf5127b;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKslfaf5127b.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKslfaf5127b.sys [?]
S1 MpKslff7a89cf;MpKslff7a89cf;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{F108BB5A-F909-4E51-B5D4-9287BFB34627}\MpKslff7a89cf.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{F108BB5A-F909-4E51-B5D4-9287BFB34627}\MpKslff7a89cf.sys [?]
S1 qtptyxsa;qtptyxsa;\??\c:\windows\system32\drivers\qtptyxsa.sys --> c:\windows\system32\drivers\qtptyxsa.sys [?]
S1 rdbkdepf;rdbkdepf;\??\c:\windows\system32\drivers\rdbkdepf.sys --> c:\windows\system32\drivers\rdbkdepf.sys [?]
S1 uidlypzj;uidlypzj;\??\c:\windows\system32\drivers\uidlypzj.sys --> c:\windows\system32\drivers\uidlypzj.sys [?]
S1 vmhyfnic;vmhyfnic;\??\c:\windows\system32\drivers\vmhyfnic.sys --> c:\windows\system32\drivers\vmhyfnic.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10.5.2010 18:15 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [25.12.2010 19:40 11520]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 16:15]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 16:15]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyServer = http=127.0.0.1:25517
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download using ASUS Download - c:\program files\ASUS\WL-500gP Wireless Router Utilities\ASDownload.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\IBM ThinkPad X31\Data aplikací\Mozilla\Firefox\Profiles\a7umdv0u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - prefs.js: network.proxy.type - 4
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-TPHOTKEY - c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
MSConfigStartUp-MSSE - c:\program files\Microsoft Security Essentials\msseces.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-27 15:56
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwQueryDirectoryFile
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\documents and settings\IBM ThinkPad X31\Nabídka Start\Programy\Po spuštění\qgsfesrr.exe 156038 bytes executable
C:\qgsfesrr.exe 156038 bytes executable
c:\documents and settings\IBM ThinkPad X31\Data aplikací\Microsoft\Office\Naposledy otevřené\PavelČerný_životopis.LNK 700 bytes
c:\documents and settings\IBM ThinkPad X31\Data aplikací\Microsoft\Office\Naposledy otevřené\PavelČerný_životopis_200809.LNK 735 bytes
.
sken byl úspešně dokončen
skryté soubory: 4
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\tphklock.dll
.
- - - - - - - > 'explorer.exe'(796)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\windows\system32\asfsipc.dll
c:\program files\Microsoft Silverlight\xapauthenticodesip.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\rundll32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\documents and settings\IBM ThinkPad X31\Plocha\Virus Removal Tool\setup_9.0.0.722_23.03.2011_20-11[1]\setup_9.0.0.722_23.03.2011_20-11[1].exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
c:\program files\totalcmd\TOTALCMD.EXE
.
**************************************************************************
.
Celkový čas: 2011-03-27 16:13:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-27 14:12
ComboFix2.txt 2011-03-26 17:43
ComboFix3.txt 2011-03-26 12:46
ComboFix4.txt 2011-03-26 07:51
ComboFix5.txt 2011-03-27 13:40
.
Před spuštěním: 4 367 958 016
Po spuštění: 4 481 187 840
.
- - End Of File - - CF2C3EED648358904F986CC4E38CE140
ComboFix 11-03-26.01 - IBM ThinkPad X31 27.03.2011 15:44:33.8.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.575 [GMT 2:00]
Spuštěný z: c:\documents and settings\IBM ThinkPad X31\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Parameters
-------\Service_Security
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-27 do 2011-03-27 )))))))))))))))))))))))))))))))
.
.
2011-03-27 13:19 . 2011-03-18 17:55 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-27 13:18 . 2011-03-18 17:55 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-27 13:18 . 2011-03-18 17:55 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-27 13:18 . 2011-03-18 17:55 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-03-27 13:18 . 2011-03-18 17:55 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-27 13:18 . 2011-03-18 17:55 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-27 13:18 . 2011-03-18 17:55 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-03-27 13:18 . 2011-03-18 17:55 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-27 13:18 . 2011-03-18 17:55 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-27 13:18 . 2011-03-18 17:55 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-27 06:58 . 2011-03-27 06:58 -------- d-----w- c:\documents and settings\IBM ThinkPad X31\DoctorWeb
2011-03-27 06:56 . 2011-03-26 18:58 58750752 ------w- C:\cureit-201103270235.exe
2011-03-27 06:56 . 2011-03-26 23:57 106743912 ----a-w- C:\drweb-600-win-space-pro-x86(4).exe
2011-03-27 01:33 . 2011-03-27 01:33 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-03-26 22:08 . 2011-03-26 22:08 -------- d-----w- c:\documents and settings\NetworkService\Plocha
2011-03-26 19:29 . 2011-03-26 19:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Backup
2011-03-26 19:23 . 2011-03-27 13:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Panda Security
2011-03-26 18:51 . 2011-03-27 02:25 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-03-26 18:51 . 2011-03-27 02:25 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-03-26 18:51 . 2011-03-27 02:25 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-03-26 18:51 . 2005-04-03 22:02 69714 ------w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-03-26 18:51 . 2005-04-03 21:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-03-26 18:51 . 2011-03-26 18:51 331908 ------w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-03-26 18:51 . 2011-03-26 18:51 200836 ------w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-03-26 18:33 . 2011-03-27 13:31 -------- d-----w- c:\program files\trend micro
2011-03-26 18:33 . 2011-03-26 18:34 -------- d-----w- C:\rsit
2011-03-23 20:52 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\4244502.sys
2011-03-23 20:52 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\42445021.sys
2011-03-22 21:30 . 2011-03-27 13:52 -------- d-----w- c:\program files\iabstplb
2011-03-13 18:11 . 2011-03-13 18:13 -------- d-----w- C:\20110313_Rokytnice
2011-03-11 23:50 . 2011-03-11 23:50 -------- d-----w- c:\documents and settings\IBM ThinkPad X31\Data aplikací\Windows Search
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-26 13:10 . 2010-06-06 18:23 209382 ----a-w- c:\documents and settings\IBM ThinkPad X31\Data aplikací\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2011-03-26 13:10 . 2010-06-06 18:22 217430 ----a-w- c:\documents and settings\IBM ThinkPad X31\Data aplikací\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2011-02-09 13:53 . 2008-04-14 06:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 06:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-12-16 13:46 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-12-16 13:46 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2008-04-14 06:51 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-04-14 06:37 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-14 05:45 1854976 ----a-w- c:\windows\system32\win32k.sys
2011-03-18 17:55 . 2011-03-27 13:19 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2009-06-26 92960]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 647649]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1548780]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\IBM ThinkPad X31\Nabˇdka Start\Programy\Po spuçtŘnˇ\
setup_9.0.0.722_23.03.2011_20-11[1].lnk - c:\documents and settings\IBM ThinkPad X31\Plocha\Virus Removal Tool\setup_9.0.0.722_23.03.2011_20-11[1]\startup.exe [2011-3-23 72208]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2011-03-27 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\iabstplb\qgsfesrr.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 22:45 28672 ----a-w- c:\windows\system32\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 19:16 24576 ----a-w- c:\windows\system32\tphklock.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDDMStatus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDSmartWare.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ------w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2003-06-27 07:53 88363 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ------w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2011-03-27 02:51 753664 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-03-27 02:55 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 13:15 13351304 ------w- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ------w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\ASUS\\WL-500gP Wireless Router Utilities\\Download.exe"=
"c:\\Program Files\\ASUS\\WL-500gP Wireless Router Utilities\\Discovery.exe"=
"c:\\Program Files\\Mozilla Firefox 3.6 Beta 5\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [31.10.2010 8:52 64288]
R1 42445021;42445021;c:\windows\system32\drivers\42445021.sys [23.3.2011 22:52 128016]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [21.1.2010 17:24 270753]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 9:58 20480]
R3 PCX504;Cisco Systems Wireless LAN Adapter Driver;c:\windows\system32\drivers\PCX504.sys [4.5.2004 13:35 119296]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [26.6.2009 12:40 23080]
S0 42445022;42445022 Boot Guard Driver;c:\windows\system32\DRIVERS\42445022.sys --> c:\windows\system32\DRIVERS\42445022.sys [?]
S1 agnqjdhj;agnqjdhj;\??\c:\windows\system32\drivers\agnqjdhj.sys --> c:\windows\system32\drivers\agnqjdhj.sys [?]
S1 bslphnyu;bslphnyu;\??\c:\windows\system32\drivers\bslphnyu.sys --> c:\windows\system32\drivers\bslphnyu.sys [?]
S1 isazgogh;isazgogh;\??\c:\windows\system32\drivers\isazgogh.sys --> c:\windows\system32\drivers\isazgogh.sys [?]
S1 MpKsl13018c9d;MpKsl13018c9d;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl13018c9d.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl13018c9d.sys [?]
S1 MpKsl16ae708c;MpKsl16ae708c;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl16ae708c.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl16ae708c.sys [?]
S1 MpKsl43d728c9;MpKsl43d728c9;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl43d728c9.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl43d728c9.sys [?]
S1 MpKsl4d59e322;MpKsl4d59e322;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl4d59e322.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl4d59e322.sys [?]
S1 MpKsl6276b5bd;MpKsl6276b5bd;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl6276b5bd.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl6276b5bd.sys [?]
S1 MpKsl65c64585;MpKsl65c64585;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{B2E987ED-857A-4F4F-9E3C-004BF5DD2041}\MpKsl65c64585.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{B2E987ED-857A-4F4F-9E3C-004BF5DD2041}\MpKsl65c64585.sys [?]
S1 MpKslfaf5127b;MpKslfaf5127b;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKslfaf5127b.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKslfaf5127b.sys [?]
S1 MpKslff7a89cf;MpKslff7a89cf;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{F108BB5A-F909-4E51-B5D4-9287BFB34627}\MpKslff7a89cf.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{F108BB5A-F909-4E51-B5D4-9287BFB34627}\MpKslff7a89cf.sys [?]
S1 qtptyxsa;qtptyxsa;\??\c:\windows\system32\drivers\qtptyxsa.sys --> c:\windows\system32\drivers\qtptyxsa.sys [?]
S1 rdbkdepf;rdbkdepf;\??\c:\windows\system32\drivers\rdbkdepf.sys --> c:\windows\system32\drivers\rdbkdepf.sys [?]
S1 uidlypzj;uidlypzj;\??\c:\windows\system32\drivers\uidlypzj.sys --> c:\windows\system32\drivers\uidlypzj.sys [?]
S1 vmhyfnic;vmhyfnic;\??\c:\windows\system32\drivers\vmhyfnic.sys --> c:\windows\system32\drivers\vmhyfnic.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10.5.2010 18:15 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [25.12.2010 19:40 11520]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 16:15]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 16:15]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyServer = http=127.0.0.1:25517
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download using ASUS Download - c:\program files\ASUS\WL-500gP Wireless Router Utilities\ASDownload.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\IBM ThinkPad X31\Data aplikací\Mozilla\Firefox\Profiles\a7umdv0u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - prefs.js: network.proxy.type - 4
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-TPHOTKEY - c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
MSConfigStartUp-MSSE - c:\program files\Microsoft Security Essentials\msseces.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-27 15:56
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwQueryDirectoryFile
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\documents and settings\IBM ThinkPad X31\Nabídka Start\Programy\Po spuštění\qgsfesrr.exe 156038 bytes executable
C:\qgsfesrr.exe 156038 bytes executable
c:\documents and settings\IBM ThinkPad X31\Data aplikací\Microsoft\Office\Naposledy otevřené\PavelČerný_životopis.LNK 700 bytes
c:\documents and settings\IBM ThinkPad X31\Data aplikací\Microsoft\Office\Naposledy otevřené\PavelČerný_životopis_200809.LNK 735 bytes
.
sken byl úspešně dokončen
skryté soubory: 4
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\tphklock.dll
.
- - - - - - - > 'explorer.exe'(796)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\windows\system32\asfsipc.dll
c:\program files\Microsoft Silverlight\xapauthenticodesip.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\rundll32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\documents and settings\IBM ThinkPad X31\Plocha\Virus Removal Tool\setup_9.0.0.722_23.03.2011_20-11[1]\setup_9.0.0.722_23.03.2011_20-11[1].exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
c:\program files\totalcmd\TOTALCMD.EXE
.
**************************************************************************
.
Celkový čas: 2011-03-27 16:13:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-27 14:12
ComboFix2.txt 2011-03-26 17:43
ComboFix3.txt 2011-03-26 12:46
ComboFix4.txt 2011-03-26 07:51
ComboFix5.txt 2011-03-27 13:40
.
Před spuštěním: 4 367 958 016
Po spuštění: 4 481 187 840
.
- - End Of File - - CF2C3EED648358904F986CC4E38CE140
Re: prosím o analýzu logu - nimnul?
Zdravím, tohle fixni v HJT :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\iabstplb\qgsfesrr.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: setup_9.0.0.722_23.03.2011_20-11[1].lnk = C:\Documents and Settings\IBM ThinkPad X31\Plocha\Virus Removal Tool\setup_9.0.0.722_23.03.2011_20-11[1]\startup.exe
HJT najdeš zde :
C:\Program Files\trend micro\IBM ThinkPad X31.exe
Fix znamená že spustíš HJT
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Pokud jsi tak ještě neučinil, přesuň Combofix na plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
P.S. koukám čím vším si PC prohnal, vše by více méně šlo až na ComboFix, který není dětská hračka a projel nejednou že ?
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\iabstplb\qgsfesrr.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: setup_9.0.0.722_23.03.2011_20-11[1].lnk = C:\Documents and Settings\IBM ThinkPad X31\Plocha\Virus Removal Tool\setup_9.0.0.722_23.03.2011_20-11[1]\startup.exe
HJT najdeš zde :
C:\Program Files\trend micro\IBM ThinkPad X31.exe
Fix znamená že spustíš HJT
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Pokud jsi tak ještě neučinil, přesuň Combofix na plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
Kód: Vybrat vše
File::
c:\windows\system32\drivers\agnqjdhj.sys
c:\windows\system32\drivers\isazgogh.sys
c:\windows\system32\drivers\qtptyxsa.sys
c:\windows\system32\drivers\rdbkdepf.sys
c:\windows\system32\drivers\uidlypzj.sys
c:\windows\system32\drivers\vmhyfnic.sys
c:\documents and settings\IBM ThinkPad X31\Nabídka Start\Programy\Po spuštění\qgsfesrr.exe
C:\qgsfesrr.exe
Folder::
c:\program files\iabstplb
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"=-
Driver::
agnqjdhj
isazgogh
qtptyxsa
rdbkdepf
uidlypzj
vmhyfnic
FireFox::
FF - ProfilePath - c:\documents and settings\IBM ThinkPad X31\Data aplikací\Mozilla\Firefox\Profiles\a7umdv0u.default\
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
P.S. koukám čím vším si PC prohnal, vše by více méně šlo až na ComboFix, který není dětská hračka a projel nejednou že ?
Re: prosím o analýzu logu - nimnul?
Tak jsem postupoval dle návodu a zde je další log.
Díky.
ComboFix 11-03-26.02 - IBM ThinkPad X31 27.03.2011 19:37:21.9.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.618 [GMT 2:00]
Spuštěný z: c:\documents and settings\IBM ThinkPad X31\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\IBM ThinkPad X31\Plocha\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
FILE ::
"c:\documents and settings\IBM ThinkPad X31\Nabídka Start\Programy\Po spuštění\qgsfesrr.exe"
"C:\qgsfesrr.exe"
"c:\windows\system32\drivers\agnqjdhj.sys"
"c:\windows\system32\drivers\isazgogh.sys"
"c:\windows\system32\drivers\qtptyxsa.sys"
"c:\windows\system32\drivers\rdbkdepf.sys"
"c:\windows\system32\drivers\uidlypzj.sys"
"c:\windows\system32\drivers\vmhyfnic.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\iabstplb
C:\qgsfesrr.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_agnqjdhj
-------\Service_isazgogh
-------\Service_Parameters
-------\Service_qtptyxsa
-------\Service_rdbkdepf
-------\Service_Security
-------\Service_uidlypzj
-------\Service_vmhyfnic
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-27 do 2011-03-27 )))))))))))))))))))))))))))))))
.
.
2011-03-27 17:46 . 2011-03-27 17:46 -------- d-----w- c:\program files\iabstplb
2011-03-27 13:19 . 2011-03-18 17:55 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-27 13:18 . 2011-03-18 17:55 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-27 13:18 . 2011-03-18 17:55 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-27 13:18 . 2011-03-18 17:55 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-03-27 13:18 . 2011-03-18 17:55 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-27 13:18 . 2011-03-18 17:55 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-27 13:18 . 2011-03-18 17:55 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-03-27 13:18 . 2011-03-18 17:55 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-27 13:18 . 2011-03-18 17:55 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-27 13:18 . 2011-03-18 17:55 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-27 06:58 . 2011-03-27 06:58 -------- d-----w- c:\documents and settings\IBM ThinkPad X31\DoctorWeb
2011-03-27 06:56 . 2011-03-26 18:58 58750752 ------w- C:\cureit-201103270235.exe
2011-03-27 06:56 . 2011-03-26 23:57 106743912 ----a-w- C:\drweb-600-win-space-pro-x86(4).exe
2011-03-27 01:33 . 2011-03-27 01:33 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-03-26 22:08 . 2011-03-26 22:08 -------- d-----w- c:\documents and settings\NetworkService\Plocha
2011-03-26 19:29 . 2011-03-26 19:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Backup
2011-03-26 19:23 . 2011-03-27 13:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Panda Security
2011-03-26 18:51 . 2011-03-27 02:25 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-03-26 18:51 . 2011-03-27 02:25 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-03-26 18:51 . 2011-03-27 02:25 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-03-26 18:51 . 2005-04-03 22:02 69714 ------w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-03-26 18:51 . 2005-04-03 21:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-03-26 18:51 . 2011-03-26 18:51 331908 ------w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-03-26 18:51 . 2011-03-26 18:51 200836 ------w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-03-26 18:33 . 2011-03-27 17:24 -------- d-----w- c:\program files\trend micro
2011-03-26 18:33 . 2011-03-26 18:34 -------- d-----w- C:\rsit
2011-03-23 20:52 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\4244502.sys
2011-03-23 20:52 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\42445021.sys
2011-03-13 18:11 . 2011-03-13 18:13 -------- d-----w- C:\20110313_Rokytnice
2011-03-11 23:50 . 2011-03-11 23:50 -------- d-----w- c:\documents and settings\IBM ThinkPad X31\Data aplikací\Windows Search
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-27 14:30 . 2010-06-06 18:23 209267 ----a-w- c:\documents and settings\IBM ThinkPad X31\Data aplikací\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2011-03-27 14:30 . 2010-06-06 18:22 217453 ----a-w- c:\documents and settings\IBM ThinkPad X31\Data aplikací\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2011-02-09 13:53 . 2008-04-14 06:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 06:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-12-16 13:46 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-12-16 13:46 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2008-04-14 06:51 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-04-14 06:37 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-14 05:45 1854976 ----a-w- c:\windows\system32\win32k.sys
2011-03-18 17:55 . 2011-03-27 13:19 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2009-06-26 92960]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2011-03-27 487424]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2011-03-27 1388544]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
.
c:\documents and settings\IBM ThinkPad X31\Nabˇdka Start\Programy\Po spuçtŘnˇ\
setup_9.0.0.722_23.03.2011_20-11[1].lnk - c:\documents and settings\IBM ThinkPad X31\Plocha\Virus Removal Tool\setup_9.0.0.722_23.03.2011_20-11[1]\startup.exe [2011-3-23 72208]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2011-03-27 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\iabstplb\qgsfesrr.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 22:45 28672 ----a-w- c:\windows\system32\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 19:16 24576 ----a-w- c:\windows\system32\tphklock.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDDMStatus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDSmartWare.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ------w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2003-06-27 07:53 88363 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ------w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2011-03-27 02:51 753664 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-03-27 02:55 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 13:15 13351304 ------w- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ------w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\ASUS\\WL-500gP Wireless Router Utilities\\Download.exe"=
"c:\\Program Files\\ASUS\\WL-500gP Wireless Router Utilities\\Discovery.exe"=
"c:\\Program Files\\Mozilla Firefox 3.6 Beta 5\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [31.10.2010 8:52 64288]
R1 42445021;42445021;c:\windows\system32\drivers\42445021.sys [23.3.2011 22:52 128016]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 9:58 20480]
R3 PCX504;Cisco Systems Wireless LAN Adapter Driver;c:\windows\system32\drivers\PCX504.sys [4.5.2004 13:35 119296]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [26.6.2009 12:40 23080]
S0 42445022;42445022 Boot Guard Driver;c:\windows\system32\DRIVERS\42445022.sys --> c:\windows\system32\DRIVERS\42445022.sys [?]
S1 bslphnyu;bslphnyu;\??\c:\windows\system32\drivers\bslphnyu.sys --> c:\windows\system32\drivers\bslphnyu.sys [?]
S1 MpKsl13018c9d;MpKsl13018c9d;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl13018c9d.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl13018c9d.sys [?]
S1 MpKsl16ae708c;MpKsl16ae708c;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl16ae708c.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl16ae708c.sys [?]
S1 MpKsl43d728c9;MpKsl43d728c9;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl43d728c9.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl43d728c9.sys [?]
S1 MpKsl4d59e322;MpKsl4d59e322;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl4d59e322.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl4d59e322.sys [?]
S1 MpKsl6276b5bd;MpKsl6276b5bd;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl6276b5bd.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl6276b5bd.sys [?]
S1 MpKsl65c64585;MpKsl65c64585;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{B2E987ED-857A-4F4F-9E3C-004BF5DD2041}\MpKsl65c64585.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{B2E987ED-857A-4F4F-9E3C-004BF5DD2041}\MpKsl65c64585.sys [?]
S1 MpKslfaf5127b;MpKslfaf5127b;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKslfaf5127b.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKslfaf5127b.sys [?]
S1 MpKslff7a89cf;MpKslff7a89cf;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{F108BB5A-F909-4E51-B5D4-9287BFB34627}\MpKslff7a89cf.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{F108BB5A-F909-4E51-B5D4-9287BFB34627}\MpKslff7a89cf.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10.5.2010 18:15 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [25.12.2010 19:40 11520]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 16:15]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 16:15]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:25517
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download using ASUS Download - c:\program files\ASUS\WL-500gP Wireless Router Utilities\ASDownload.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\IBM ThinkPad X31\Data aplikací\Mozilla\Firefox\Profiles\a7umdv0u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-27 19:48
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwQueryDirectoryFile
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\documents and settings\IBM ThinkPad X31\Nabídka Start\Programy\Po spuštění\qgsfesrr.exe 156038 bytes executable
C:\qgsfesrr.exe 156038 bytes executable
.
sken byl úspešně dokončen
skryté soubory: 2
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\tphklock.dll
.
- - - - - - - > 'explorer.exe'(3620)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\documents and settings\IBM ThinkPad X31\Plocha\Virus Removal Tool\setup_9.0.0.722_23.03.2011_20-11[1]\setup_9.0.0.722_23.03.2011_20-11[1].exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Celkový čas: 2011-03-27 20:03:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-27 18:03
ComboFix2.txt 2011-03-27 14:13
ComboFix3.txt 2011-03-26 17:43
ComboFix4.txt 2011-03-26 12:46
ComboFix5.txt 2011-03-27 17:33
.
Před spuštěním: 4 500 721 664
Po spuštění: 4 445 511 680
.
- - End Of File - - 06E53475DCB7E92C52C45367795EB6F3
Díky.
ComboFix 11-03-26.02 - IBM ThinkPad X31 27.03.2011 19:37:21.9.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.618 [GMT 2:00]
Spuštěný z: c:\documents and settings\IBM ThinkPad X31\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\IBM ThinkPad X31\Plocha\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
FILE ::
"c:\documents and settings\IBM ThinkPad X31\Nabídka Start\Programy\Po spuštění\qgsfesrr.exe"
"C:\qgsfesrr.exe"
"c:\windows\system32\drivers\agnqjdhj.sys"
"c:\windows\system32\drivers\isazgogh.sys"
"c:\windows\system32\drivers\qtptyxsa.sys"
"c:\windows\system32\drivers\rdbkdepf.sys"
"c:\windows\system32\drivers\uidlypzj.sys"
"c:\windows\system32\drivers\vmhyfnic.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\iabstplb
C:\qgsfesrr.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_agnqjdhj
-------\Service_isazgogh
-------\Service_Parameters
-------\Service_qtptyxsa
-------\Service_rdbkdepf
-------\Service_Security
-------\Service_uidlypzj
-------\Service_vmhyfnic
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-27 do 2011-03-27 )))))))))))))))))))))))))))))))
.
.
2011-03-27 17:46 . 2011-03-27 17:46 -------- d-----w- c:\program files\iabstplb
2011-03-27 13:19 . 2011-03-18 17:55 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-27 13:18 . 2011-03-18 17:55 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-27 13:18 . 2011-03-18 17:55 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-27 13:18 . 2011-03-18 17:55 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-03-27 13:18 . 2011-03-18 17:55 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-27 13:18 . 2011-03-18 17:55 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-27 13:18 . 2011-03-18 17:55 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-03-27 13:18 . 2011-03-18 17:55 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-27 13:18 . 2011-03-18 17:55 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-27 13:18 . 2011-03-18 17:55 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-27 06:58 . 2011-03-27 06:58 -------- d-----w- c:\documents and settings\IBM ThinkPad X31\DoctorWeb
2011-03-27 06:56 . 2011-03-26 18:58 58750752 ------w- C:\cureit-201103270235.exe
2011-03-27 06:56 . 2011-03-26 23:57 106743912 ----a-w- C:\drweb-600-win-space-pro-x86(4).exe
2011-03-27 01:33 . 2011-03-27 01:33 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-03-26 22:08 . 2011-03-26 22:08 -------- d-----w- c:\documents and settings\NetworkService\Plocha
2011-03-26 19:29 . 2011-03-26 19:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Backup
2011-03-26 19:23 . 2011-03-27 13:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Panda Security
2011-03-26 18:51 . 2011-03-27 02:25 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-03-26 18:51 . 2011-03-27 02:25 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-03-26 18:51 . 2011-03-27 02:25 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-03-26 18:51 . 2005-04-03 22:02 69714 ------w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-03-26 18:51 . 2005-04-03 21:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-03-26 18:51 . 2011-03-26 18:51 331908 ------w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-03-26 18:51 . 2011-03-26 18:51 200836 ------w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-03-26 18:33 . 2011-03-27 17:24 -------- d-----w- c:\program files\trend micro
2011-03-26 18:33 . 2011-03-26 18:34 -------- d-----w- C:\rsit
2011-03-23 20:52 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\4244502.sys
2011-03-23 20:52 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\42445021.sys
2011-03-13 18:11 . 2011-03-13 18:13 -------- d-----w- C:\20110313_Rokytnice
2011-03-11 23:50 . 2011-03-11 23:50 -------- d-----w- c:\documents and settings\IBM ThinkPad X31\Data aplikací\Windows Search
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-27 14:30 . 2010-06-06 18:23 209267 ----a-w- c:\documents and settings\IBM ThinkPad X31\Data aplikací\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2011-03-27 14:30 . 2010-06-06 18:22 217453 ----a-w- c:\documents and settings\IBM ThinkPad X31\Data aplikací\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2011-02-09 13:53 . 2008-04-14 06:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 06:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-12-16 13:46 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-12-16 13:46 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2008-04-14 06:51 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-04-14 06:37 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-14 05:45 1854976 ----a-w- c:\windows\system32\win32k.sys
2011-03-18 17:55 . 2011-03-27 13:19 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2009-06-26 92960]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2011-03-27 487424]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2011-03-27 1388544]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
.
c:\documents and settings\IBM ThinkPad X31\Nabˇdka Start\Programy\Po spuçtŘnˇ\
setup_9.0.0.722_23.03.2011_20-11[1].lnk - c:\documents and settings\IBM ThinkPad X31\Plocha\Virus Removal Tool\setup_9.0.0.722_23.03.2011_20-11[1]\startup.exe [2011-3-23 72208]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2011-03-27 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\iabstplb\qgsfesrr.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 22:45 28672 ----a-w- c:\windows\system32\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 19:16 24576 ----a-w- c:\windows\system32\tphklock.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDDMStatus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDSmartWare.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ------w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2003-06-27 07:53 88363 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ------w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2011-03-27 02:51 753664 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-03-27 02:55 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 13:15 13351304 ------w- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ------w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\ASUS\\WL-500gP Wireless Router Utilities\\Download.exe"=
"c:\\Program Files\\ASUS\\WL-500gP Wireless Router Utilities\\Discovery.exe"=
"c:\\Program Files\\Mozilla Firefox 3.6 Beta 5\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [31.10.2010 8:52 64288]
R1 42445021;42445021;c:\windows\system32\drivers\42445021.sys [23.3.2011 22:52 128016]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 9:58 20480]
R3 PCX504;Cisco Systems Wireless LAN Adapter Driver;c:\windows\system32\drivers\PCX504.sys [4.5.2004 13:35 119296]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [26.6.2009 12:40 23080]
S0 42445022;42445022 Boot Guard Driver;c:\windows\system32\DRIVERS\42445022.sys --> c:\windows\system32\DRIVERS\42445022.sys [?]
S1 bslphnyu;bslphnyu;\??\c:\windows\system32\drivers\bslphnyu.sys --> c:\windows\system32\drivers\bslphnyu.sys [?]
S1 MpKsl13018c9d;MpKsl13018c9d;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl13018c9d.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl13018c9d.sys [?]
S1 MpKsl16ae708c;MpKsl16ae708c;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl16ae708c.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl16ae708c.sys [?]
S1 MpKsl43d728c9;MpKsl43d728c9;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl43d728c9.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl43d728c9.sys [?]
S1 MpKsl4d59e322;MpKsl4d59e322;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl4d59e322.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl4d59e322.sys [?]
S1 MpKsl6276b5bd;MpKsl6276b5bd;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl6276b5bd.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl6276b5bd.sys [?]
S1 MpKsl65c64585;MpKsl65c64585;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{B2E987ED-857A-4F4F-9E3C-004BF5DD2041}\MpKsl65c64585.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{B2E987ED-857A-4F4F-9E3C-004BF5DD2041}\MpKsl65c64585.sys [?]
S1 MpKslfaf5127b;MpKslfaf5127b;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKslfaf5127b.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKslfaf5127b.sys [?]
S1 MpKslff7a89cf;MpKslff7a89cf;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{F108BB5A-F909-4E51-B5D4-9287BFB34627}\MpKslff7a89cf.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{F108BB5A-F909-4E51-B5D4-9287BFB34627}\MpKslff7a89cf.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10.5.2010 18:15 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [25.12.2010 19:40 11520]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 16:15]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 16:15]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:25517
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download using ASUS Download - c:\program files\ASUS\WL-500gP Wireless Router Utilities\ASDownload.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\IBM ThinkPad X31\Data aplikací\Mozilla\Firefox\Profiles\a7umdv0u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-27 19:48
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwQueryDirectoryFile
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\documents and settings\IBM ThinkPad X31\Nabídka Start\Programy\Po spuštění\qgsfesrr.exe 156038 bytes executable
C:\qgsfesrr.exe 156038 bytes executable
.
sken byl úspešně dokončen
skryté soubory: 2
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\tphklock.dll
.
- - - - - - - > 'explorer.exe'(3620)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\documents and settings\IBM ThinkPad X31\Plocha\Virus Removal Tool\setup_9.0.0.722_23.03.2011_20-11[1]\setup_9.0.0.722_23.03.2011_20-11[1].exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Celkový čas: 2011-03-27 20:03:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-27 18:03
ComboFix2.txt 2011-03-27 14:13
ComboFix3.txt 2011-03-26 17:43
ComboFix4.txt 2011-03-26 12:46
ComboFix5.txt 2011-03-27 17:33
.
Před spuštěním: 4 500 721 664
Po spuštění: 4 445 511 680
.
- - End Of File - - 06E53475DCB7E92C52C45367795EB6F3
Re: prosím o analýzu logu - nimnul?
Pro velký úspěch si ještě jednou otevři Poznámkový blok
do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
P.S. tentokrát, ale proveď tuhle akci v Nouzovém režimu.
do něj zkopíruj skript z následujícího okna:
Kód: Vybrat vše
File::
c:\windows\system32\userinit.exe
c:\windows\system32\drivers\bslphnyu.sys
c:\documents and settings\IBM ThinkPad X31\Nabídka Start\Programy\Po spuštění\qgsfesrr.exe
c:\qgsfesrr.exe
FCopy::
c:\WINDOWS\ServicePackFiles\i386\userinit.exe | c:\windows\system32\userinit.exe
Folder::
c:\program files\iabstplb
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"=-
Driver::
bslphnyu
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
P.S. tentokrát, ale proveď tuhle akci v Nouzovém režimu.
Re: prosím o analýzu logu - nimnul?
Provedeno v nouzovém režimu...
ComboFix 11-03-26.02 - IBM ThinkPad X31 27.03.2011 21:37:58.10.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.814 [GMT 2:00]
Spuštěný z: c:\documents and settings\IBM ThinkPad X31\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\IBM ThinkPad X31\Plocha\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
FILE ::
"c:\documents and settings\IBM ThinkPad X31\Nabídka Start\Programy\Po spuštění\qgsfesrr.exe"
"c:\qgsfesrr.exe"
"c:\windows\system32\drivers\bslphnyu.sys"
"c:\windows\system32\userinit.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\iabstplb
c:\qgsfesrr.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_bslphnyu
-------\Service_Parameters
-------\Service_Security
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-27 do 2011-03-27 )))))))))))))))))))))))))))))))
.
.
2011-03-27 13:19 . 2011-03-18 17:55 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-27 13:18 . 2011-03-18 17:55 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-27 13:18 . 2011-03-18 17:55 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-27 13:18 . 2011-03-18 17:55 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-03-27 13:18 . 2011-03-18 17:55 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-27 13:18 . 2011-03-18 17:55 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-27 13:18 . 2011-03-18 17:55 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-03-27 13:18 . 2011-03-18 17:55 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-27 13:18 . 2011-03-18 17:55 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-27 13:18 . 2011-03-18 17:55 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-27 06:58 . 2011-03-27 06:58 -------- d-----w- c:\documents and settings\IBM ThinkPad X31\DoctorWeb
2011-03-27 06:56 . 2011-03-26 18:58 58750752 ------w- C:\cureit-201103270235.exe
2011-03-27 06:56 . 2011-03-26 23:57 106743912 ------w- C:\drweb-600-win-space-pro-x86(4).exe
2011-03-27 01:33 . 2011-03-27 01:33 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-03-26 22:08 . 2011-03-26 22:08 -------- d-----w- c:\documents and settings\NetworkService\Plocha
2011-03-26 19:29 . 2011-03-26 19:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Backup
2011-03-26 19:23 . 2011-03-27 13:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Panda Security
2011-03-26 18:51 . 2011-03-27 02:25 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-03-26 18:51 . 2011-03-27 02:25 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-03-26 18:51 . 2011-03-27 02:25 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-03-26 18:51 . 2005-04-03 22:02 69714 ------w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-03-26 18:51 . 2005-04-03 21:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-03-26 18:51 . 2011-03-26 18:51 331908 ------w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-03-26 18:51 . 2011-03-26 18:51 200836 ------w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-03-26 18:33 . 2011-03-27 18:10 -------- d-----w- c:\program files\trend micro
2011-03-26 18:33 . 2011-03-26 18:34 -------- d-----w- C:\rsit
2011-03-23 20:52 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\4244502.sys
2011-03-23 20:52 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\42445021.sys
2011-03-13 18:11 . 2011-03-13 18:13 -------- d-----w- C:\20110313_Rokytnice
2011-03-11 23:50 . 2011-03-11 23:50 -------- d-----w- c:\documents and settings\IBM ThinkPad X31\Data aplikací\Windows Search
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-27 14:30 . 2010-06-06 18:23 209267 ----a-w- c:\documents and settings\IBM ThinkPad X31\Data aplikací\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2011-03-27 14:30 . 2010-06-06 18:22 217453 ----a-w- c:\documents and settings\IBM ThinkPad X31\Data aplikací\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2011-02-09 13:53 . 2008-04-14 06:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 06:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-12-16 13:46 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-12-16 13:46 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2008-04-14 06:51 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-04-14 06:37 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-14 05:45 1854976 ----a-w- c:\windows\system32\win32k.sys
2011-03-18 17:55 . 2011-03-27 13:19 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2009-06-26 92960]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2011-03-27 487424]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2011-03-27 1388544]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
.
c:\documents and settings\IBM ThinkPad X31\Nabˇdka Start\Programy\Po spuçtŘnˇ\
qgsfesrr.exe [2011-3-27 156038]
setup_9.0.0.722_23.03.2011_20-11[1].lnk - c:\documents and settings\IBM ThinkPad X31\Plocha\Virus Removal Tool\setup_9.0.0.722_23.03.2011_20-11[1]\startup.exe [2011-3-23 72208]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2011-03-27 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 22:45 28672 ----a-w- c:\windows\system32\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 19:16 24576 ----a-w- c:\windows\system32\tphklock.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDDMStatus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDSmartWare.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ------w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2003-06-27 07:53 88363 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ------w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2011-03-27 02:51 753664 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-03-27 02:55 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 13:15 13351304 ------w- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ------w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\ASUS\\WL-500gP Wireless Router Utilities\\Download.exe"=
"c:\\Program Files\\ASUS\\WL-500gP Wireless Router Utilities\\Discovery.exe"=
"c:\\Program Files\\Mozilla Firefox 3.6 Beta 5\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [31.10.2010 8:52 64288]
S0 42445022;42445022 Boot Guard Driver;c:\windows\system32\DRIVERS\42445022.sys --> c:\windows\system32\DRIVERS\42445022.sys [?]
S1 42445021;42445021;c:\windows\system32\drivers\42445021.sys [23.3.2011 22:52 128016]
S1 MpKsl13018c9d;MpKsl13018c9d;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl13018c9d.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl13018c9d.sys [?]
S1 MpKsl16ae708c;MpKsl16ae708c;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl16ae708c.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl16ae708c.sys [?]
S1 MpKsl43d728c9;MpKsl43d728c9;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl43d728c9.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl43d728c9.sys [?]
S1 MpKsl4d59e322;MpKsl4d59e322;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl4d59e322.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl4d59e322.sys [?]
S1 MpKsl6276b5bd;MpKsl6276b5bd;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl6276b5bd.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl6276b5bd.sys [?]
S1 MpKsl65c64585;MpKsl65c64585;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{B2E987ED-857A-4F4F-9E3C-004BF5DD2041}\MpKsl65c64585.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{B2E987ED-857A-4F4F-9E3C-004BF5DD2041}\MpKsl65c64585.sys [?]
S1 MpKslfaf5127b;MpKslfaf5127b;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKslfaf5127b.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKslfaf5127b.sys [?]
S1 MpKslff7a89cf;MpKslff7a89cf;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{F108BB5A-F909-4E51-B5D4-9287BFB34627}\MpKslff7a89cf.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{F108BB5A-F909-4E51-B5D4-9287BFB34627}\MpKslff7a89cf.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10.5.2010 18:15 136176]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 9:58 20480]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 PCX504;Cisco Systems Wireless LAN Adapter Driver;c:\windows\system32\drivers\PCX504.sys [4.5.2004 13:35 119296]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [26.6.2009 12:40 23080]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [25.12.2010 19:40 11520]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 16:15]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 16:15]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:25517
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download using ASUS Download - c:\program files\ASUS\WL-500gP Wireless Router Utilities\ASDownload.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\IBM ThinkPad X31\Data aplikací\Mozilla\Firefox\Profiles\a7umdv0u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-27 21:50
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(228)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\tphklock.dll
.
Celkový čas: 2011-03-27 21:57:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-27 19:57
ComboFix2.txt 2011-03-27 18:03
ComboFix3.txt 2011-03-27 14:13
ComboFix4.txt 2011-03-26 17:43
ComboFix5.txt 2011-03-27 19:33
.
Před spuštěním: 6 273 642 496
Po spuštění: 6 268 358 656
.
- - End Of File - - 651CB619A3746581FE77D30CE768B58E
ComboFix 11-03-26.02 - IBM ThinkPad X31 27.03.2011 21:37:58.10.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.814 [GMT 2:00]
Spuštěný z: c:\documents and settings\IBM ThinkPad X31\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\IBM ThinkPad X31\Plocha\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
FILE ::
"c:\documents and settings\IBM ThinkPad X31\Nabídka Start\Programy\Po spuštění\qgsfesrr.exe"
"c:\qgsfesrr.exe"
"c:\windows\system32\drivers\bslphnyu.sys"
"c:\windows\system32\userinit.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\iabstplb
c:\qgsfesrr.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_bslphnyu
-------\Service_Parameters
-------\Service_Security
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-27 do 2011-03-27 )))))))))))))))))))))))))))))))
.
.
2011-03-27 13:19 . 2011-03-18 17:55 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-27 13:18 . 2011-03-18 17:55 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-27 13:18 . 2011-03-18 17:55 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-27 13:18 . 2011-03-18 17:55 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-03-27 13:18 . 2011-03-18 17:55 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-27 13:18 . 2011-03-18 17:55 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-27 13:18 . 2011-03-18 17:55 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-03-27 13:18 . 2011-03-18 17:55 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-27 13:18 . 2011-03-18 17:55 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-27 13:18 . 2011-03-18 17:55 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-27 06:58 . 2011-03-27 06:58 -------- d-----w- c:\documents and settings\IBM ThinkPad X31\DoctorWeb
2011-03-27 06:56 . 2011-03-26 18:58 58750752 ------w- C:\cureit-201103270235.exe
2011-03-27 06:56 . 2011-03-26 23:57 106743912 ------w- C:\drweb-600-win-space-pro-x86(4).exe
2011-03-27 01:33 . 2011-03-27 01:33 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-03-26 22:08 . 2011-03-26 22:08 -------- d-----w- c:\documents and settings\NetworkService\Plocha
2011-03-26 19:29 . 2011-03-26 19:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Backup
2011-03-26 19:23 . 2011-03-27 13:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Panda Security
2011-03-26 18:51 . 2011-03-27 02:25 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-03-26 18:51 . 2011-03-27 02:25 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-03-26 18:51 . 2011-03-27 02:25 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-03-26 18:51 . 2005-04-03 22:02 69714 ------w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-03-26 18:51 . 2005-04-03 21:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-03-26 18:51 . 2011-03-26 18:51 331908 ------w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-03-26 18:51 . 2011-03-26 18:51 200836 ------w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-03-26 18:33 . 2011-03-27 18:10 -------- d-----w- c:\program files\trend micro
2011-03-26 18:33 . 2011-03-26 18:34 -------- d-----w- C:\rsit
2011-03-23 20:52 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\4244502.sys
2011-03-23 20:52 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\42445021.sys
2011-03-13 18:11 . 2011-03-13 18:13 -------- d-----w- C:\20110313_Rokytnice
2011-03-11 23:50 . 2011-03-11 23:50 -------- d-----w- c:\documents and settings\IBM ThinkPad X31\Data aplikací\Windows Search
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-27 14:30 . 2010-06-06 18:23 209267 ----a-w- c:\documents and settings\IBM ThinkPad X31\Data aplikací\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2011-03-27 14:30 . 2010-06-06 18:22 217453 ----a-w- c:\documents and settings\IBM ThinkPad X31\Data aplikací\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2011-02-09 13:53 . 2008-04-14 06:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 06:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-12-16 13:46 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-12-16 13:46 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2008-04-14 06:51 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-04-14 06:37 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-14 05:45 1854976 ----a-w- c:\windows\system32\win32k.sys
2011-03-18 17:55 . 2011-03-27 13:19 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2009-06-26 92960]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2011-03-27 487424]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2011-03-27 1388544]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
.
c:\documents and settings\IBM ThinkPad X31\Nabˇdka Start\Programy\Po spuçtŘnˇ\
qgsfesrr.exe [2011-3-27 156038]
setup_9.0.0.722_23.03.2011_20-11[1].lnk - c:\documents and settings\IBM ThinkPad X31\Plocha\Virus Removal Tool\setup_9.0.0.722_23.03.2011_20-11[1]\startup.exe [2011-3-23 72208]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2011-03-27 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 22:45 28672 ----a-w- c:\windows\system32\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 19:16 24576 ----a-w- c:\windows\system32\tphklock.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDDMStatus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDSmartWare.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ------w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2003-06-27 07:53 88363 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ------w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2011-03-27 02:51 753664 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-03-27 02:55 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 13:15 13351304 ------w- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ------w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\ASUS\\WL-500gP Wireless Router Utilities\\Download.exe"=
"c:\\Program Files\\ASUS\\WL-500gP Wireless Router Utilities\\Discovery.exe"=
"c:\\Program Files\\Mozilla Firefox 3.6 Beta 5\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [31.10.2010 8:52 64288]
S0 42445022;42445022 Boot Guard Driver;c:\windows\system32\DRIVERS\42445022.sys --> c:\windows\system32\DRIVERS\42445022.sys [?]
S1 42445021;42445021;c:\windows\system32\drivers\42445021.sys [23.3.2011 22:52 128016]
S1 MpKsl13018c9d;MpKsl13018c9d;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl13018c9d.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl13018c9d.sys [?]
S1 MpKsl16ae708c;MpKsl16ae708c;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl16ae708c.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl16ae708c.sys [?]
S1 MpKsl43d728c9;MpKsl43d728c9;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl43d728c9.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl43d728c9.sys [?]
S1 MpKsl4d59e322;MpKsl4d59e322;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl4d59e322.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl4d59e322.sys [?]
S1 MpKsl6276b5bd;MpKsl6276b5bd;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl6276b5bd.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl6276b5bd.sys [?]
S1 MpKsl65c64585;MpKsl65c64585;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{B2E987ED-857A-4F4F-9E3C-004BF5DD2041}\MpKsl65c64585.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{B2E987ED-857A-4F4F-9E3C-004BF5DD2041}\MpKsl65c64585.sys [?]
S1 MpKslfaf5127b;MpKslfaf5127b;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKslfaf5127b.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKslfaf5127b.sys [?]
S1 MpKslff7a89cf;MpKslff7a89cf;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{F108BB5A-F909-4E51-B5D4-9287BFB34627}\MpKslff7a89cf.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{F108BB5A-F909-4E51-B5D4-9287BFB34627}\MpKslff7a89cf.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10.5.2010 18:15 136176]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 9:58 20480]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 PCX504;Cisco Systems Wireless LAN Adapter Driver;c:\windows\system32\drivers\PCX504.sys [4.5.2004 13:35 119296]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [26.6.2009 12:40 23080]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [25.12.2010 19:40 11520]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 16:15]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 16:15]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:25517
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download using ASUS Download - c:\program files\ASUS\WL-500gP Wireless Router Utilities\ASDownload.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\IBM ThinkPad X31\Data aplikací\Mozilla\Firefox\Profiles\a7umdv0u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-27 21:50
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(228)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\tphklock.dll
.
Celkový čas: 2011-03-27 21:57:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-27 19:57
ComboFix2.txt 2011-03-27 18:03
ComboFix3.txt 2011-03-27 14:13
ComboFix4.txt 2011-03-26 17:43
ComboFix5.txt 2011-03-27 19:33
.
Před spuštěním: 6 273 642 496
Po spuštění: 6 268 358 656
.
- - End Of File - - 651CB619A3746581FE77D30CE768B58E
Re: prosím o analýzu logu - nimnul?
Ten jeden zmetek se tam drží zuby, nechty tak že jinak.
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Stáhni a spusť OTMoveIt
do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:
klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,
pokud aplikace bude požadovat restart, klikni na YES
v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Stáhni a spusť OTMoveIt
do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:
Kód: Vybrat vše
:processes
explorer.exe
:files
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
c:\documents and settings\IBM ThinkPad X31\Nabídka Start\Programy\Po spuštění\qgsfesrr.exe
:commands
[purity]
[emptytemp]
[start explorer]pokud aplikace bude požadovat restart, klikni na YES
v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\
Re: prosím o analýzu logu - nimnul?
jj, drží se fest, moc dík za trpělivost s tim mým "případem".
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
File/Folder c:\documents and settings\IBM ThinkPad X31\Nabídka Start\Programy\Po spuštění\qgsfesrr.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: IBM ThinkPad X31
->Temp folder emptied: 150359 bytes
->Temporary Internet Files folder emptied: 7276267 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 53825170 bytes
->Flash cache emptied: 3829 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1723 bytes
Total Files Cleaned = 59,00 mb
OTM by OldTimer - Version 3.1.17.2 log created on 03282011_172231
Files moved on Reboot...
Registry entries deleted on Reboot...
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
File/Folder c:\documents and settings\IBM ThinkPad X31\Nabídka Start\Programy\Po spuštění\qgsfesrr.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: IBM ThinkPad X31
->Temp folder emptied: 150359 bytes
->Temporary Internet Files folder emptied: 7276267 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 53825170 bytes
->Flash cache emptied: 3829 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1723 bytes
Total Files Cleaned = 59,00 mb
OTM by OldTimer - Version 3.1.17.2 log created on 03282011_172231
Files moved on Reboot...
Registry entries deleted on Reboot...
Re: prosím o analýzu logu - nimnul?
Zajímavé, před chvilkou tam byl a teď už zase ne.
Koukni sem :
c:\documents and settings\IBM ThinkPad X31\Nabídka Start\Programy\Po spuštění\qgsfesrr.exe
jestli tam ten šmejd ještě je a když jo použij na něj Unlocker podle TOHOTO návodu.
Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!
tímto po sobě uklidí.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Pak mi sem dej aktuální log z Rsit.
Koukni sem :
c:\documents and settings\IBM ThinkPad X31\Nabídka Start\Programy\Po spuštění\qgsfesrr.exe
jestli tam ten šmejd ještě je a když jo použij na něj Unlocker podle TOHOTO návodu.
Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!
tímto po sobě uklidí.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Pak mi sem dej aktuální log z Rsit.
Re: prosím o analýzu logu - nimnul?
Tak v tom adresáři
c:\documents and settings\IBM ThinkPad X31\Nabídka Start\Programy\Po spuštění\qgsfesrr.exe
nic nebylo...
Logfile of random's system information tool 1.08 (written by random/random)
Run by IBM ThinkPad X31 at 2011-03-28 20:38:55
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (7%) free of 76 GB
Total RAM: 1023 MB (46% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:39:26, on 28.3.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Documents and Settings\IBM ThinkPad X31\Plocha\Virus Removal Tool\setup_9.0.0.722_23.03.2011_20-11[1]\setup_9.0.0.722_23.03.2011_20-11[1].exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\IBM ThinkPad X31\Local Settings\Temporary Internet Files\Content.IE5\PV2Q6IG7\RSIT[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\IBM ThinkPad X31.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25517
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\Program Files\iabstplb\qgsfesrr.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PXCIEaddin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: setup_9.0.0.722_23.03.2011_20-11[1].lnk = C:\Documents and Settings\IBM ThinkPad X31\Plocha\Virus Removal Tool\setup_9.0.0.722_23.03.2011_20-11[1]\startup.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download using ASUS Download - C:\Program Files\ASUS\WL-500gP Wireless Router Utilities\ASDownload.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0977998469
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: Služba Windows Media Player Network Sharing (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
--
End of file - 8373 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42DFA04F-0F16-418e-B80C-AB97A5AFAD39}]
PDFXChange 4.0 - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll [2010-02-02 422168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2010-04-12 149968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-17 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - PDFXChange 4.0 - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll [2010-02-02 422168]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"=C:\Program Files\Lenovo\TrackPoint\tp4serv.exe [2009-06-26 92960]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2011-03-27 487424]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2011-03-27 1388544]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2003-06-27 88363]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe [2011-03-27 753664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2011-03-27 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\\Phone\Skype.exe [2010-09-02 13351304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDDMStatus.lnk]
C:\PROGRA~1\WESTER~1\WDSMAR~1\WDDRIV~1\WDDMST~1.EXE [2010-01-21 2057536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDSmartWare.lnk]
C:\PROGRA~1\WESTER~1\WDSMAR~1\FRONTP~1\WDSMAR~1.EXE [2010-01-21 9136960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2011-03-27 123904]
C:\Documents and Settings\IBM ThinkPad X31\Nabídka Start\Programy\Po spuštění
setup_9.0.0.722_23.03.2011_20-11[1].lnk - C:\Documents and Settings\IBM ThinkPad X31\Plocha\Virus Removal Tool\setup_9.0.0.722_23.03.2011_20-11[1]\startup.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-05-13 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\WINDOWS\system32\notifyf2.dll [2005-07-06 28672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2005-11-30 24576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2011-03-27 304128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Program Files\ASUS\WL-500gP Wireless Router Utilities\Download.exe"="C:\Program Files\ASUS\WL-500gP Wireless Router Utilities\Download.exe:*:Enabled:ASUS Download Master Utility"
"C:\Program Files\ASUS\WL-500gP Wireless Router Utilities\Discovery.exe"="C:\Program Files\ASUS\WL-500gP Wireless Router Utilities\Discovery.exe:*:Enabled:ASUS Device Discovery Application"
"C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe"="C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2011-03-28 20:28:04 ----D---- C:\rsit
2011-03-28 20:24:25 ----D---- C:\swshare
2011-03-28 20:22:00 ----D---- C:\Program Files\Unlocker
2011-03-28 19:47:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2524375$
2011-03-27 22:40:11 ----ASH---- C:\hiberfil.sys
2011-03-27 22:31:21 ----SHD---- C:\RECYCLER
2011-03-27 22:01:08 ----D---- C:\Program Files\iabstplb
2011-03-27 21:57:29 ----D---- C:\WINDOWS\temp
2011-03-27 08:56:58 ----N---- C:\cureit-201103270235.exe
2011-03-27 08:56:53 ----N---- C:\drweb-600-win-space-pro-x86(4).exe
2011-03-26 21:29:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Backup
2011-03-26 21:23:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Panda Security
2011-03-26 20:33:20 ----D---- C:\Program Files\trend micro
2011-03-26 20:12:49 ----SHD---- C:\WINDOWS\CSC
2011-03-26 20:12:38 ----A---- C:\WINDOWS\ntbtlog.txt
2011-03-24 08:37:55 ----ASH---- C:\pagefile.sys
2011-03-23 22:52:45 ----A---- C:\WINDOWS\system32\drivers\42445021.sys
2011-03-23 22:52:45 ----A---- C:\WINDOWS\system32\drivers\4244502.sys
2011-03-23 20:26:21 ----A---- C:\Boot.bak
2011-03-23 20:26:01 ----RASHD---- C:\cmdcons
2011-03-13 20:11:18 ----D---- C:\20110313_Rokytnice
2011-03-12 01:50:39 ----D---- C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\Windows Search
2011-03-09 19:50:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2011-03-09 19:42:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2011-03-08 23:18:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
======List of files/folders modified in the last 1 months======
2011-03-28 20:39:02 ----D---- C:\WINDOWS\Prefetch
2011-03-28 20:33:30 ----D---- C:\WINDOWS
2011-03-28 20:32:18 ----SHD---- C:\System Volume Information
2011-03-28 20:32:18 ----D---- C:\WINDOWS\system32\Restore
2011-03-28 20:30:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-03-28 20:30:56 ----D---- C:\WINDOWS\system32\CatRoot2
2011-03-28 20:22:00 ----RD---- C:\Program Files
2011-03-28 20:18:47 ----D---- C:\WOLF3D
2011-03-28 20:12:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-03-28 20:12:00 ----D---- C:\Program Files\Windows Media Player
2011-03-28 20:09:27 ----D---- C:\Program Files\Outlook Express
2011-03-28 20:07:45 ----D---- C:\Program Files\Movie Maker
2011-03-28 19:59:13 ----D---- C:\Program Files\Internet Explorer
2011-03-28 19:47:25 ----HD---- C:\WINDOWS\inf
2011-03-28 19:44:47 ----HD---- C:\WINDOWS\$hf_mig$
2011-03-28 17:22:32 ----D---- C:\WINDOWS\system32
2011-03-28 17:20:46 ----D---- C:\WINDOWS\system32\drivers
2011-03-27 21:50:41 ----A---- C:\WINDOWS\system.ini
2011-03-27 21:50:30 ----D---- C:\WINDOWS\system32\drivers\etc
2011-03-27 21:48:23 ----D---- C:\WINDOWS\system32\config
2011-03-27 21:44:37 ----D---- C:\WINDOWS\AppPatch
2011-03-27 21:44:36 ----D---- C:\Program Files\Common Files
2011-03-27 20:43:41 ----D---- C:\Program Files\Mozilla Firefox
2011-03-27 16:11:31 ----SD---- C:\WINDOWS\Tasks
2011-03-27 15:11:36 ----SHD---- C:\WINDOWS\Installer
2011-03-27 15:11:35 ----D---- C:\Config.Msi
2011-03-27 15:10:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2011-03-27 15:04:43 ----HD---- C:\Program Files\InstallShield Installation Information
2011-03-27 14:32:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-03-27 00:09:00 ----A---- C:\WINDOWS\win.ini
2011-03-26 14:20:03 ----D---- C:\Program Files\ReaConverter 6.0 Standard
2011-03-26 13:41:53 ----D---- C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\RCP 6
2011-03-26 12:59:46 ----D---- C:\Program Files\BitTorrent
2011-03-26 12:58:00 ----D---- C:\WINDOWS\Help
2011-03-26 09:57:42 ----D---- C:\WINDOWS\Network Diagnostic
2011-03-26 08:53:54 ----D---- C:\Program Files\Windows Desktop Search
2011-03-26 05:57:30 ----D---- C:\Program Files\QuickTime
2011-03-25 21:19:26 ----D---- C:\Program Files\PC Connectivity Solution
2011-03-25 21:11:37 ----D---- C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\Skype
2011-03-25 21:10:32 ----D---- C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\skypePM
2011-03-25 20:40:17 ----D---- C:\Program Files\AIMP2
2011-03-25 20:29:54 ----D---- C:\Program Files\Mozilla Firefox 3.6 Beta 5
2011-03-25 20:27:31 ----D---- C:\Program Files\The KMPlayer
2011-03-25 11:22:22 ----D---- C:\Program Files\Lenovo
2011-03-25 11:22:20 ----D---- C:\Program Files\ltmoh
2011-03-25 11:22:18 ----D---- C:\Program Files\Messenger
2011-03-25 11:21:08 ----D---- C:\Program Files\NetMeeting
2011-03-25 11:11:11 ----D---- C:\Program Files\totalcmd
2011-03-25 07:35:41 ----D---- C:\Program Files\BenchMarX
2011-03-25 07:35:40 ----D---- C:\Program Files\Cleaner 5 EZ
2011-03-25 07:35:29 ----D---- C:\Program Files\Codec Pack - All In 1
2011-03-25 07:35:20 ----D---- C:\Program Files\Common Files\ACD Systems
2011-03-25 07:34:17 ----D---- C:\Program Files\Common Files\Lenovo
2011-03-24 23:59:26 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2011-03-24 08:10:08 ----D---- C:\WINDOWS\Debug
2011-03-23 20:26:21 ----RASH---- C:\boot.ini
2011-03-23 19:23:29 ----D---- C:\WINDOWS\system32\CatRoot
2011-03-23 14:13:20 ----D---- C:\Program Files\Windows Media Connect 2
2011-03-19 13:33:51 ----D---- C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\AIMP
2011-03-09 19:44:54 ----A---- C:\WINDOWS\system32\MRT.exe
2011-03-09 19:44:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-03-07 18:47:05 ----D---- C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\Miranda
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-09-08 64288]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 42445021;42445021; C:\WINDOWS\system32\DRIVERS\42445021.sys [2009-09-25 128016]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 setup_9.0.0.722_23.03.2011_20-11[1]drv;setup_9.0.0.722_23.03.2011_20-11[1]drv; C:\WINDOWS\system32\DRIVERS\4244502.sys [2009-10-09 315408]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2005-07-05 17699]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-03-04 127872]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2003-06-27 1196352]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-05-13 672256]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2009-08-24 24872]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-14 28672]
R3 PCX504;Cisco Systems Wireless LAN Adapter Driver; C:\WINDOWS\system32\DRIVERS\PCX504.sys [2004-05-04 119296]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-02-19 21376]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992]
R3 Tp4Track;PS/2 TrackPoint Driver; C:\WINDOWS\system32\DRIVERS\tp4track.sys [2009-06-26 23080]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S0 42445022;42445022 Boot Guard Driver; C:\WINDOWS\system32\DRIVERS\42445022.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 MpKsl13018c9d;MpKsl13018c9d; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl13018c9d.sys []
S1 MpKsl16ae708c;MpKsl16ae708c; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl16ae708c.sys []
S1 MpKsl43d728c9;MpKsl43d728c9; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl43d728c9.sys []
S1 MpKsl4d59e322;MpKsl4d59e322; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl4d59e322.sys []
S1 MpKsl6276b5bd;MpKsl6276b5bd; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl6276b5bd.sys []
S1 MpKsl65c64585;MpKsl65c64585; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{B2E987ED-857A-4F4F-9E3C-004BF5DD2041}\MpKsl65c64585.sys []
S1 MpKslfaf5127b;MpKslfaf5127b; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKslfaf5127b.sys []
S1 MpKslff7a89cf;MpKslff7a89cf; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{F108BB5A-F909-4E51-B5D4-9287BFB34627}\MpKslff7a89cf.sys []
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-09-17 145408]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 RkPavproc1;RkPavproc1; \??\C:\WINDOWS\system32\drivers\RkPavproc1.sys []
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2009-03-04 709248]
S3 TwoTrack;IBM PS/2 TrackPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\TwoTrack.sys [2001-08-17 11520]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-05-13 397312]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2009-08-24 38176]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 SUService;System Update; C:\Program Files\Lenovo\System Update\SUService.exe [2009-06-12 28672]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2011-03-27 1122304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-10 136176]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-03-27 657408]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe []
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
c:\documents and settings\IBM ThinkPad X31\Nabídka Start\Programy\Po spuštění\qgsfesrr.exe
nic nebylo...
Logfile of random's system information tool 1.08 (written by random/random)
Run by IBM ThinkPad X31 at 2011-03-28 20:38:55
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (7%) free of 76 GB
Total RAM: 1023 MB (46% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:39:26, on 28.3.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Documents and Settings\IBM ThinkPad X31\Plocha\Virus Removal Tool\setup_9.0.0.722_23.03.2011_20-11[1]\setup_9.0.0.722_23.03.2011_20-11[1].exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\IBM ThinkPad X31\Local Settings\Temporary Internet Files\Content.IE5\PV2Q6IG7\RSIT[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\IBM ThinkPad X31.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25517
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\Program Files\iabstplb\qgsfesrr.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PXCIEaddin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: setup_9.0.0.722_23.03.2011_20-11[1].lnk = C:\Documents and Settings\IBM ThinkPad X31\Plocha\Virus Removal Tool\setup_9.0.0.722_23.03.2011_20-11[1]\startup.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download using ASUS Download - C:\Program Files\ASUS\WL-500gP Wireless Router Utilities\ASDownload.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0977998469
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: Služba Windows Media Player Network Sharing (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
--
End of file - 8373 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42DFA04F-0F16-418e-B80C-AB97A5AFAD39}]
PDFXChange 4.0 - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll [2010-02-02 422168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2010-04-12 149968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-17 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - PDFXChange 4.0 - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll [2010-02-02 422168]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"=C:\Program Files\Lenovo\TrackPoint\tp4serv.exe [2009-06-26 92960]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2011-03-27 487424]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2011-03-27 1388544]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2003-06-27 88363]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe [2011-03-27 753664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2011-03-27 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\\Phone\Skype.exe [2010-09-02 13351304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDDMStatus.lnk]
C:\PROGRA~1\WESTER~1\WDSMAR~1\WDDRIV~1\WDDMST~1.EXE [2010-01-21 2057536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WDSmartWare.lnk]
C:\PROGRA~1\WESTER~1\WDSMAR~1\FRONTP~1\WDSMAR~1.EXE [2010-01-21 9136960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2011-03-27 123904]
C:\Documents and Settings\IBM ThinkPad X31\Nabídka Start\Programy\Po spuštění
setup_9.0.0.722_23.03.2011_20-11[1].lnk - C:\Documents and Settings\IBM ThinkPad X31\Plocha\Virus Removal Tool\setup_9.0.0.722_23.03.2011_20-11[1]\startup.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-05-13 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\WINDOWS\system32\notifyf2.dll [2005-07-06 28672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2005-11-30 24576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2011-03-27 304128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Program Files\ASUS\WL-500gP Wireless Router Utilities\Download.exe"="C:\Program Files\ASUS\WL-500gP Wireless Router Utilities\Download.exe:*:Enabled:ASUS Download Master Utility"
"C:\Program Files\ASUS\WL-500gP Wireless Router Utilities\Discovery.exe"="C:\Program Files\ASUS\WL-500gP Wireless Router Utilities\Discovery.exe:*:Enabled:ASUS Device Discovery Application"
"C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe"="C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2011-03-28 20:28:04 ----D---- C:\rsit
2011-03-28 20:24:25 ----D---- C:\swshare
2011-03-28 20:22:00 ----D---- C:\Program Files\Unlocker
2011-03-28 19:47:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2524375$
2011-03-27 22:40:11 ----ASH---- C:\hiberfil.sys
2011-03-27 22:31:21 ----SHD---- C:\RECYCLER
2011-03-27 22:01:08 ----D---- C:\Program Files\iabstplb
2011-03-27 21:57:29 ----D---- C:\WINDOWS\temp
2011-03-27 08:56:58 ----N---- C:\cureit-201103270235.exe
2011-03-27 08:56:53 ----N---- C:\drweb-600-win-space-pro-x86(4).exe
2011-03-26 21:29:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Backup
2011-03-26 21:23:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Panda Security
2011-03-26 20:33:20 ----D---- C:\Program Files\trend micro
2011-03-26 20:12:49 ----SHD---- C:\WINDOWS\CSC
2011-03-26 20:12:38 ----A---- C:\WINDOWS\ntbtlog.txt
2011-03-24 08:37:55 ----ASH---- C:\pagefile.sys
2011-03-23 22:52:45 ----A---- C:\WINDOWS\system32\drivers\42445021.sys
2011-03-23 22:52:45 ----A---- C:\WINDOWS\system32\drivers\4244502.sys
2011-03-23 20:26:21 ----A---- C:\Boot.bak
2011-03-23 20:26:01 ----RASHD---- C:\cmdcons
2011-03-13 20:11:18 ----D---- C:\20110313_Rokytnice
2011-03-12 01:50:39 ----D---- C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\Windows Search
2011-03-09 19:50:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2011-03-09 19:42:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2011-03-08 23:18:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
======List of files/folders modified in the last 1 months======
2011-03-28 20:39:02 ----D---- C:\WINDOWS\Prefetch
2011-03-28 20:33:30 ----D---- C:\WINDOWS
2011-03-28 20:32:18 ----SHD---- C:\System Volume Information
2011-03-28 20:32:18 ----D---- C:\WINDOWS\system32\Restore
2011-03-28 20:30:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-03-28 20:30:56 ----D---- C:\WINDOWS\system32\CatRoot2
2011-03-28 20:22:00 ----RD---- C:\Program Files
2011-03-28 20:18:47 ----D---- C:\WOLF3D
2011-03-28 20:12:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-03-28 20:12:00 ----D---- C:\Program Files\Windows Media Player
2011-03-28 20:09:27 ----D---- C:\Program Files\Outlook Express
2011-03-28 20:07:45 ----D---- C:\Program Files\Movie Maker
2011-03-28 19:59:13 ----D---- C:\Program Files\Internet Explorer
2011-03-28 19:47:25 ----HD---- C:\WINDOWS\inf
2011-03-28 19:44:47 ----HD---- C:\WINDOWS\$hf_mig$
2011-03-28 17:22:32 ----D---- C:\WINDOWS\system32
2011-03-28 17:20:46 ----D---- C:\WINDOWS\system32\drivers
2011-03-27 21:50:41 ----A---- C:\WINDOWS\system.ini
2011-03-27 21:50:30 ----D---- C:\WINDOWS\system32\drivers\etc
2011-03-27 21:48:23 ----D---- C:\WINDOWS\system32\config
2011-03-27 21:44:37 ----D---- C:\WINDOWS\AppPatch
2011-03-27 21:44:36 ----D---- C:\Program Files\Common Files
2011-03-27 20:43:41 ----D---- C:\Program Files\Mozilla Firefox
2011-03-27 16:11:31 ----SD---- C:\WINDOWS\Tasks
2011-03-27 15:11:36 ----SHD---- C:\WINDOWS\Installer
2011-03-27 15:11:35 ----D---- C:\Config.Msi
2011-03-27 15:10:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2011-03-27 15:04:43 ----HD---- C:\Program Files\InstallShield Installation Information
2011-03-27 14:32:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-03-27 00:09:00 ----A---- C:\WINDOWS\win.ini
2011-03-26 14:20:03 ----D---- C:\Program Files\ReaConverter 6.0 Standard
2011-03-26 13:41:53 ----D---- C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\RCP 6
2011-03-26 12:59:46 ----D---- C:\Program Files\BitTorrent
2011-03-26 12:58:00 ----D---- C:\WINDOWS\Help
2011-03-26 09:57:42 ----D---- C:\WINDOWS\Network Diagnostic
2011-03-26 08:53:54 ----D---- C:\Program Files\Windows Desktop Search
2011-03-26 05:57:30 ----D---- C:\Program Files\QuickTime
2011-03-25 21:19:26 ----D---- C:\Program Files\PC Connectivity Solution
2011-03-25 21:11:37 ----D---- C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\Skype
2011-03-25 21:10:32 ----D---- C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\skypePM
2011-03-25 20:40:17 ----D---- C:\Program Files\AIMP2
2011-03-25 20:29:54 ----D---- C:\Program Files\Mozilla Firefox 3.6 Beta 5
2011-03-25 20:27:31 ----D---- C:\Program Files\The KMPlayer
2011-03-25 11:22:22 ----D---- C:\Program Files\Lenovo
2011-03-25 11:22:20 ----D---- C:\Program Files\ltmoh
2011-03-25 11:22:18 ----D---- C:\Program Files\Messenger
2011-03-25 11:21:08 ----D---- C:\Program Files\NetMeeting
2011-03-25 11:11:11 ----D---- C:\Program Files\totalcmd
2011-03-25 07:35:41 ----D---- C:\Program Files\BenchMarX
2011-03-25 07:35:40 ----D---- C:\Program Files\Cleaner 5 EZ
2011-03-25 07:35:29 ----D---- C:\Program Files\Codec Pack - All In 1
2011-03-25 07:35:20 ----D---- C:\Program Files\Common Files\ACD Systems
2011-03-25 07:34:17 ----D---- C:\Program Files\Common Files\Lenovo
2011-03-24 23:59:26 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2011-03-24 08:10:08 ----D---- C:\WINDOWS\Debug
2011-03-23 20:26:21 ----RASH---- C:\boot.ini
2011-03-23 19:23:29 ----D---- C:\WINDOWS\system32\CatRoot
2011-03-23 14:13:20 ----D---- C:\Program Files\Windows Media Connect 2
2011-03-19 13:33:51 ----D---- C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\AIMP
2011-03-09 19:44:54 ----A---- C:\WINDOWS\system32\MRT.exe
2011-03-09 19:44:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-03-07 18:47:05 ----D---- C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\Miranda
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-09-08 64288]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 42445021;42445021; C:\WINDOWS\system32\DRIVERS\42445021.sys [2009-09-25 128016]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 setup_9.0.0.722_23.03.2011_20-11[1]drv;setup_9.0.0.722_23.03.2011_20-11[1]drv; C:\WINDOWS\system32\DRIVERS\4244502.sys [2009-10-09 315408]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2005-07-05 17699]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-03-04 127872]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2003-06-27 1196352]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-05-13 672256]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2009-08-24 24872]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-14 28672]
R3 PCX504;Cisco Systems Wireless LAN Adapter Driver; C:\WINDOWS\system32\DRIVERS\PCX504.sys [2004-05-04 119296]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-02-19 21376]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992]
R3 Tp4Track;PS/2 TrackPoint Driver; C:\WINDOWS\system32\DRIVERS\tp4track.sys [2009-06-26 23080]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S0 42445022;42445022 Boot Guard Driver; C:\WINDOWS\system32\DRIVERS\42445022.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 MpKsl13018c9d;MpKsl13018c9d; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl13018c9d.sys []
S1 MpKsl16ae708c;MpKsl16ae708c; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl16ae708c.sys []
S1 MpKsl43d728c9;MpKsl43d728c9; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl43d728c9.sys []
S1 MpKsl4d59e322;MpKsl4d59e322; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl4d59e322.sys []
S1 MpKsl6276b5bd;MpKsl6276b5bd; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKsl6276b5bd.sys []
S1 MpKsl65c64585;MpKsl65c64585; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{B2E987ED-857A-4F4F-9E3C-004BF5DD2041}\MpKsl65c64585.sys []
S1 MpKslfaf5127b;MpKslfaf5127b; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9CDB689C-FC1E-495A-A61F-DFA22AA40589}\MpKslfaf5127b.sys []
S1 MpKslff7a89cf;MpKslff7a89cf; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{F108BB5A-F909-4E51-B5D4-9287BFB34627}\MpKslff7a89cf.sys []
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-09-17 145408]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 RkPavproc1;RkPavproc1; \??\C:\WINDOWS\system32\drivers\RkPavproc1.sys []
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2009-03-04 709248]
S3 TwoTrack;IBM PS/2 TrackPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\TwoTrack.sys [2001-08-17 11520]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-05-13 397312]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2009-08-24 38176]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 SUService;System Update; C:\Program Files\Lenovo\System Update\SUService.exe [2009-06-12 28672]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2011-03-27 1122304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-10 136176]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-03-27 657408]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe []
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Re: prosím o analýzu logu - nimnul?
Při přeskenování pomocí Virus Removal TOOL to pořád ještě Nimnul v různých DLL nachází.
Připadá mi to jako začarovanej kruh...
A tohle v tom posledním logu?
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\Program Files\iabstplb\qgsfesrr.exe
Mám pocit, že to tam pořád je.
Díky za trpělivost...
Už propadám lehkému zoufalství
Připadá mi to jako začarovanej kruh...
A tohle v tom posledním logu?
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\Program Files\iabstplb\qgsfesrr.exe
Mám pocit, že to tam pořád je.
Díky za trpělivost...
Už propadám lehkému zoufalství
Re: prosím o analýzu logu - nimnul?
Tohle fixni v HJT :
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\Program Files\iabstplb\qgsfesrr.exe
Přes Start >> Ovládací panely >> Možnosti složky >> karta Zobrazení najdi Zobrazovat skryté soubory a složky a zaškrtni,
klikni na Použít a OK
Pak se podívej znovu zda tam ten šmejd je :
C:\Program Files\iabstplb
a Unlockerem odpal celou složku.
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\IBM ThinkPad X31\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\Program Files\iabstplb\qgsfesrr.exe
Přes Start >> Ovládací panely >> Možnosti složky >> karta Zobrazení najdi Zobrazovat skryté soubory a složky a zaškrtni,
klikni na Použít a OK
Pak se podívej znovu zda tam ten šmejd je :
C:\Program Files\iabstplb
a Unlockerem odpal celou složku.
Re: prosím o analýzu logu - nimnul?
A nebo stáhni Avenger
do okna s názvem Input script here vlož následující text:
klikni na Execute a potvrď na vyskočeném okně hlášku o potvrzení provedení skriptu klikem na Yes
poté budeš odměněn dalším oknem informujícím Tě o nastavení skriptu pro další start PC, kliknutím na tlačítko Yes restartuj PC
po restartu na tebe vypadne log z avengeru, zkopíruj ho sem.
do okna s názvem Input script here vlož následující text:
Kód: Vybrat vše
Folders to delete:
C:\Program Files\iabstplb
poté budeš odměněn dalším oknem informujícím Tě o nastavení skriptu pro další start PC, kliknutím na tlačítko Yes restartuj PC
po restartu na tebe vypadne log z avengeru, zkopíruj ho sem.
Přispějete na provoz fóra?