VIRY.CZ

Zdravím a prosím o pomoc
Počítač po připojení do inetu začne rozesílat maily - spamy.
Maily jsou kontrolovány Symantec Antivirus - kontrola zaplní lištu + začne vyhazovat okna o zablokování mailů.

Přikládám log a děkuji za pomoc.
Karel

Logfile of random's system information tool 1.06 (written by random/random)
Run by 10342 at 2010-04-13 18:07:45
Microsoft Windows XP Professional Service Pack 2
System drive C: has 6 GB (16%) free of 38 GB
Total RAM: 1014 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:07:54, on 13.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\10342\Desktop\RSIT.exe
C:\Program Files\trend micro\10342.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.9.2:3128
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [PDAsync] "C:\Program Files\Laplink PDAsync\SyncLauncher.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [PasswordAgent] C:\PRG\Password Agent\PwAgent.exe /minimize
O4 - HKCU\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /runonce
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: CDPforFilesSrv.lnk = C:\Program Files\Tivoli\CDP_for_Files\FilePathSrv.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://tellus.intentia.com
O16 - DPF: {0CDC8A43-059E-47CD-A3D0-FA46E01F6496} (ExcelGenerator Class) - http://tellus.corp.intentia.net/Tellus/ ... portAx.CAB
O16 - DPF: {1C7CF466-F149-478F-B232-BC6F72638D28} (TellusView Class) - http://tellus.intentia.com/Tellus/Misc/TellusList.CAB
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://vpn.se.lawson.com/vdesk/cachecl ... ,0223,0315
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://vpn.se.lawson.com/vdesk/termina ... 9,1010,313
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - https://vpn.se.lawson.com/vdesk/termina ... 9,1010,310
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://vpn.se.lawson.com/vdesk/termina ... ,1010,0312
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.cz/OnlineScanner.cab
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://vpn.ph.lawson.com/vdesk/termina ... ,0904,1939
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3102345156
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks Static Application Tunnel Control) - https://vpn.se.lawson.com/vdesk/termina ... ,0223,0314
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3109669859
O16 - DPF: {841DC3EC-0320-4CF6-92E4-710EE5F56CA3} (MieCollection INet 5 Class) - http://212.209.194.223/MIEWeb/Setup.cab
O16 - DPF: {B8C681FD-D629-4CCE-90CD-89493F1F2799} (MovexWorkplaceExtension Object) - http://czprw011/mwp/ieui/IEMod.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://vpn.se.lawson.com/vdesk/termina ... 9,1010,308
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://lawson.webex.com/client/T26L/webex/ieatgpc.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://vpn.se.lawson.com/vdesk/termina ... 9,1010,304
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://www.securaccess.de/dana-cached/ ... tupSP1.cab
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://vpn.ph.lawson.com/policy/downlo ... ,0904,1947
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corpnet.lawson.com
O17 - HKLM\Software\..\Telephony: DomainName = corpnet.lawson.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corpnet.lawson.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = lawson.com,corp.intentia.net,corpnet.lawson.com,intentia.net,intentia.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = lawson.com,corp.intentia.net,corpnet.lawson.com,intentia.net,intentia.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: CDPforFilesSrv (FilePathsrv) - IBM Corporation - C:\WINDOWS\system32\FilePathsrv.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: JDPLUX - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\10342\LOCALS~1\Temp\JDPLUX.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\WINDOWS\system32\nslsvice.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Preview - StreamServe, Inc. - c:\Program Files\StreamServe\4.1.2\Server\PreviewServer.exe
O23 - Service: QCONSVC - Lenovo - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: StreamServe Reporter (Reporter) - Unknown owner - C:\Program Files\StreamServe\4.1.2\Reporter\bin\bootloader.exe
O23 - Service: StreamServe Repository Server (Repository Server) - POET Software - C:\Program Files\StreamServe\4.1.2\Server\bin\ptserv32.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SDBPSWHV - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SDBPSWHV.exe
O23 - Service: ServiceBroker - StreamServe, Inc. - C:\Program Files\StreamServe\4.1.2\Server\ServiceBroker.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StreamServe Alerter - StreamServe, Inc. - C:\Program Files\StreamServe\4.1.2\Common\StrsAlerter.exe
O23 - Service: StreamServe1 - StreamServe, Inc. - C:\Program Files\StreamServe\3.0\Server\strsvc.exe
O23 - Service: StreamServe MVXOUT4 (StreamServe2) - StreamServe, Inc. - C:\Program Files\StreamServe\4.1.2\Server\strsvc.exe
O23 - Service: StreamServe MVXOUTUPG (StreamServe3) - StreamServe, Inc. - C:\Program Files\StreamServe\4.1.2\Server\strsvc.exe
O23 - Service: StreamServe MVXOUTEZ (StreamServe4) - StreamServe, Inc. - C:\Program Files\StreamServe\4.1.2\Server\strsvc.exe
O23 - Service: StreamServe STRS-EDU (StreamServe5) - StreamServe, Inc. - C:\Program Files\StreamServe\4.1.2\Server\strsvc.exe
O23 - Service: StreamServe StreamServe6 (StreamServe6) - StreamServe, Inc. - C:\Program Files\StreamServe\4.1.2\Server\strsvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\10342\My Documents\Desktop.htm

--
End of file - 14933 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\PMTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"=C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [2005-08-29 94208]
"ibmmessages"=C:\Program Files\IBM\Messages By IBM\ibmmessages.exe [2004-08-06 442368]
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2005-08-22 86016]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2005-09-01 237568]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2005-08-23 864256]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog []
"TPTRAY"=C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE [2005-08-31 50176]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2007-08-11 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-08-11 512000]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2005-08-24 40960]
"Client Access Service"=C:\Program Files\IBM\Client Access\cwbsvstr.exe [2002-08-07 20530]
"Client Access Help Update"=C:\Program Files\IBM\Client Access\cwbinhlp.exe [2002-08-07 24576]
"Client Access Check Version"=C:\Program Files\IBM\Client Access\cwbckver.exe [2002-08-07 45106]
"Client Access Express Welcome"=C:\Program Files\IBM\Client Access\cwbwlwiz.exe [2002-08-07 20480]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-07-19 52896]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-09-27 125168]
"QCTray"=C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe [2005-09-06 745472]
"PDAsync"=C:\Program Files\Laplink PDAsync\SyncLauncher.exe [2007-03-09 40960]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-11-23 198160]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PasswordAgent"=C:\PRG\Password Agent\PwAgent.exe [2002-11-05 1163936]
"FinePrint Dispatcher v5"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe [2004-12-20 458752]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-03-09 26100520]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"ibmmessages"=C:\Program Files\IBM\Messages By IBM\ibmmessages.exe [2004-08-06 442368]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
CDPforFilesSrv.lnk - C:\Program Files\Tivoli\CDP_for_Files\FilePathSrv.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
VPN Client.lnk - C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-01-02 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-09-27 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\QConGina]
C:\WINDOWS\system32\QConGina.dll [2005-09-06 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\WINDOWS\system32\notifyf2.dll [2005-07-05 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2005-06-16 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=WARNING NOTICE:
"legalnoticetext"=You are about to enter a Private Network that is intended for the authorized use of Lawson Software, Inc., its affiliate companies (the Company), and users authorized by the Company for business purposes only (Code of Conduct can be located by following this link: http://www.lawson.com/wcw.nsf/pub/IR_21905C) The actual or attempted unauthorized access, use, or modification of this network is strictly prohibited by the Company. Unauthorized users and/or unauthorized
use are subject to Company disciplinary proceedings and/or civil penalties in accordance with applicable domestic and foreign laws. Where authorized by law, the use of this system may be monitored and recorded for administrative and security reasons. If such monitoring and/or recording reveals possible evidence of criminal activity, the Company may provide the monitored evidence of such activity to law enforcement officials.
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"_NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======List of files/folders created in the last 1 months======

2010-04-13 16:00:48 ----D---- C:\Program Files\trend micro
2010-04-13 16:00:43 ----D---- C:\rsit
2010-04-13 10:54:58 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-09 12:05:17 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-04-07 08:49:52 ----D---- C:\Documents and Settings\10342\Application Data\u-turn
2010-03-22 11:27:36 ----D---- C:\Program Files\Common Files\Skype
2010-03-17 14:15:09 ----A---- C:\WINDOWS\NewsRover.INI
2010-03-17 10:52:07 ----A---- C:\WINDOWS\News Rover Uninstaller.exe

======List of files/folders modified in the last 1 months======

2010-04-13 18:06:04 ----D---- C:\WINDOWS\Temp
2010-04-13 18:05:40 ----A---- C:\WINDOWS\wincmd.ini
2010-04-13 17:51:10 ----D---- C:\WINDOWS\system32
2010-04-13 17:49:41 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-13 17:39:51 ----D---- C:\Program Files\Symantec AntiVirus
2010-04-13 17:39:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-13 17:39:49 ----A---- C:\WINDOWS\ptserv32.INI
2010-04-13 17:30:08 ----D---- C:\Documents and Settings\10342\Application Data\Skype
2010-04-13 16:19:08 ----SHD---- C:\WINDOWS\Installer
2010-04-13 16:18:56 ----HD---- C:\WINDOWS\inf
2010-04-13 16:18:55 ----AD---- C:\WINDOWS\system32\drivers
2010-04-13 16:18:20 ----RD---- C:\Program Files
2010-04-13 16:18:18 ----D---- C:\WINDOWS
2010-04-13 16:10:25 ----D---- C:\Documents and Settings\10342\Application Data\skypePM
2010-04-13 16:09:09 ----A---- C:\WINDOWS\SMSCFG.INI
2010-04-13 13:41:17 ----SHD---- C:\System Volume Information
2010-04-13 13:41:17 ----D---- C:\WINDOWS\system32\Restore
2010-04-13 13:21:28 ----A---- C:\WINDOWS\system.ini
2010-04-13 13:11:54 ----D---- C:\WINDOWS\AppPatch
2010-04-13 13:11:48 ----D---- C:\Program Files\Common Files
2010-04-13 13:05:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-13 12:58:24 ----D---- C:\WINDOWS\system32\config
2010-04-13 11:51:08 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-13 11:29:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-13 10:46:08 ----D---- C:\WINDOWS\system32\LogFiles
2010-04-13 10:46:08 ----D---- C:\WINDOWS\Debug
2010-04-13 10:44:34 ----D---- C:\Program Files\CCleaner
2010-04-13 09:02:28 ----D---- C:\Documents and Settings\10342\Application Data\vlc
2010-04-12 20:30:52 ----A---- C:\WINDOWS\uedit32.INI
2010-04-12 15:34:35 ----D---- C:\Program Files\MVXDOC125
2010-04-09 12:08:11 ----D---- C:\Program Files\QuickTime
2010-04-09 10:28:53 ----D---- C:\WINDOWS\system32\ccmsetup
2010-04-08 16:14:36 ----D---- C:\Program Files\MVXDOC113
2010-04-08 15:55:05 ----A---- C:\WINDOWS\hpbafd.ini
2010-04-07 09:02:55 ----D---- C:\PRG
2010-04-06 11:01:58 ----A---- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
2010-04-02 17:50:07 ----D---- C:\Program Files\Runic Games
2010-04-02 17:24:09 ----D---- C:\Program Files\Symantec
2010-04-02 17:24:09 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2010-04-02 16:11:50 ----D---- C:\Program Files\Mozilla Firefox
2010-03-31 11:33:00 ----D---- C:\Program Files\Internet Explorer
2010-03-31 11:29:04 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-31 08:59:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-26 09:33:25 ----D---- C:\Documents and Settings\10342\Application Data\dvdcss
2010-03-25 15:15:47 ----D---- C:\WINDOWS\system32\DirectX
2010-03-18 17:15:28 ----D---- C:\WINDOWS\system32\wbem
2010-03-17 17:19:44 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-03-17 15:20:18 ----DC---- C:\RealTimeBackup
2010-03-17 11:56:20 ----D---- C:\Program Files\MUSICMATCH
2010-03-15 19:21:10 ----A---- C:\WINDOWS\win.ini
2010-03-15 19:19:04 ----D---- C:\Program Files\Movie Maker
2010-03-15 19:12:01 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2007-05-02 161792]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 dsNcAdpt;Juniper Network Connect Adapter; C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2008-08-29 23552]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2007-06-01 21424]
R3 kbstuff;SMS Virtual Keyboard; C:\WINDOWS\system32\DRIVERS\kbstuff5.sys [2004-06-27 4864]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2005-11-01 28276]
R3 portio;TPM Service; C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys [2004-05-19 13757]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-08-11 177664]
R3 TPInput;TPInput; C:\WINDOWS\System32\DRIVERS\TPInput.sys [2005-05-25 6400]
R3 urvpndrv;F5 Networks VPN Adapter; C:\WINDOWS\system32\DRIVERS\covpndrv.sys [2009-10-10 33920]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2005-07-19 3289088]
S1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2005-09-06 11520]
S1 c4788d6a;c4788d6a; C:\WINDOWS\System32\drivers\c4788d6a.sys []
S1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
S1 FileDisk;FileDisk; C:\WINDOWS\system32\drivers\FileDisk.sys [2005-10-16 12928]
S1 FilePath;VitalFile; C:\WINDOWS\system32\DRIVERS\fp.sys [2007-10-04 313553]
S1 IBMTPCHK;IBMTPCHK; C:\WINDOWS\System32\drivers\IBMBLDID.SYS [2005-09-06 2432]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
S1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
S1 ShockMgr;ShockMgr; C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-06 4736]
S1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2005-08-31 14848]
S1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
S1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776]
S1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2005-08-31 9340]
S1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2005-07-05 17699]
S1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2005-04-14 4442]
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-10-31 17801]
S2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
S2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-03 87424]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
S2 rttfsfilt;R-TT FS Filter; C:\WINDOWS\system32\DRIVERS\rttfsfilt.sys [2004-09-03 27936]
S2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-07-23 11354]
S2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501); C:\WINDOWS\system32\DRIVERS\adusbmdm65.sys [2005-05-02 64896]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\adusbser.sys [2006-10-23 93440]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501); C:\WINDOWS\system32\DRIVERS\adusbser65.sys [2005-05-02 64896]
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-05-17 133200]
S3 AF15BDA;AF9015 BDA Device; C:\WINDOWS\system32\DRIVERS\AF15BDA.sys [2010-02-18 483200]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-01-24 530861]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-10-09 30459]
S3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\drivers\btkrnl.sys [2007-02-27 868042]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-10-15 149123]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-10-15 30285]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-01-24 67960]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 cglptnt;cglptnt; \??\C:\Program Files\totalcmd\cglptnt.sys []
S3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-03 14080]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 EGATHDRV;IBM Access Support; \??\C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS []
S3 ENUM1394;%1394\031887&040892.DeviceDesc%; C:\WINDOWS\system32\DRIVERS\enum1394.sys [2001-08-17 6400]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
S3 esihdrv;esihdrv; \??\C:\DOCUME~1\10342\LOCALS~1\Temp\esihdrv.sys []
S3 f5ipfw;F5 Networks StoneWall Filter; \??\C:\WINDOWS\system32\drivers\urfltw2k.sys []
S3 genmcmnUSB;USB Scroll Mouse Driver; C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-01-25 1038208]
S3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-01-25 207616]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032]
S3 idisw2km;idisw2km; C:\WINDOWS\system32\DRIVERS\idisw2km.sys [2004-06-27 2112]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-04 15360]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2004-08-03 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100412.003\naveng.sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100412.003\navex15.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-01-21 18048]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-12-30 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-12-30 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-12-30 8320]
S3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2004-08-03 28672]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pfsvgae;pfsvgae; \??\C:\DOCUME~1\rezkar0\LOCALS~1\Temp\pfsvgae.sys []
S3 PortTalk;PortTalk; C:\WINDOWS\System32\Drivers\PortTalk.sys [2002-01-12 3567]
S3 prepdrvr;SMS Process Event Driver; \??\C:\WINDOWS\system32\CCM\prepdrv.sys []
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
S3 QCNDISIF;QCNDISIF; C:\WINDOWS\System32\drivers\qcndisif.SYS [2005-09-06 12288]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
S3 SABProcEnum;SABProcEnum; \??\C:\PROGRA~1\MOZILL~1\SABProcEnum.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SliceDisk5;SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-02-10 260224]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-08-07 24768]
S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-03 12416]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-12-30 7936]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-04 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-12-30 7936]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2001-08-23 30208]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-01-25 703616]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-09-02 721904]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-06-11 607576]
S2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2007-02-27 266295]
S2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-07-19 192160]
S2 CcmExec;SMS Agent Host; C:\WINDOWS\system32\CCM\CcmExec.exe [2004-08-04 570368]
S2 ccmsetup;ccmsetup; C:\WINDOWS\system32\ccmsetup\ccmsetup.exe [2004-06-27 258048]
S2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-07-19 169632]
S2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-07-16 1524512]
S2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-09-27 31472]
S2 dsNcService;Juniper Network Connect Service; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [2008-08-29 431472]
S2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-07-23 86016]
S2 FilePathsrv;CDPforFilesSrv; C:\WINDOWS\system32\FilePathsrv.exe [2007-10-04 458319]
S2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2007-06-01 36400]
S2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
S2 Lotus Notes Single Logon;Lotus Notes Single Logon; C:\WINDOWS\system32\nslsvice.exe [2004-09-15 20530]
S2 OracleMTSRecoveryService;OracleMTSRecoveryService; C:\oracle\ora92\bin\omtsreco.exe [2002-04-30 57603]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe [2005-04-29 69632]
S2 Preview;Preview; c:\Program Files\StreamServe\4.1.2\Server\PreviewServer.exe [2005-12-27 65536]
S2 QCONSVC;QCONSVC; C:\WINDOWS\System32\QCONSVC.EXE [2005-09-06 81920]
S2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-07-23 139264]
S2 Repository Server;StreamServe Repository Server; C:\Program Files\StreamServe\4.1.2\Server\bin\ptserv32.exe [2005-09-30 573559]
S2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-07-23 372809]
S2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2006-11-20 33280]
S2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
S2 StreamServe Alerter;StreamServe Alerter; C:\Program Files\StreamServe\4.1.2\Common\StrsAlerter.exe [2005-12-27 98304]
S2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-09-27 1813232]
S2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.EXE [2005-06-06 77824]
S2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2005-06-06 32768]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Cwbrxd;iSeries Access for Windows Remote Command; C:\WINDOWS\CWBRXD.EXE [2002-08-07 57392]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 JDPLUX;JDPLUX; C:\DOCUME~1\10342\LOCALS~1\Temp\JDPLUX.exe [2010-04-13 387968]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-25 2528960]
S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache; C:\oracle\ora92\BIN\ONRSD.EXE [2002-04-26 242328]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Reporter;StreamServe Reporter; C:\Program Files\StreamServe\4.1.2\Reporter\bin\bootloader.exe [2005-12-27 11776]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]
S3 SDBPSWHV;SDBPSWHV; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SDBPSWHV.exe [2010-04-13 412544]
S3 ServiceBroker;ServiceBroker; C:\Program Files\StreamServe\4.1.2\Server\ServiceBroker.exe [2005-12-27 1753088]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-08-07 214720]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2004-08-04 8704]
S3 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-06-10 606720]
S3 StreamServe1;StreamServe1; C:\Program Files\StreamServe\3.0\Server\strsvc.exe [2002-10-04 6836224]
S3 StreamServe2;StreamServe MVXOUT4; C:\Program Files\StreamServe\4.1.2\Server\strsvc.exe [2005-12-27 9863168]
S3 StreamServe3;StreamServe MVXOUTUPG; C:\Program Files\StreamServe\4.1.2\Server\strsvc.exe [2005-12-27 9863168]
S3 StreamServe4;StreamServe MVXOUTEZ; C:\Program Files\StreamServe\4.1.2\Server\strsvc.exe [2005-12-27 9863168]
S3 StreamServe5;StreamServe STRS-EDU; C:\Program Files\StreamServe\4.1.2\Server\strsvc.exe [2005-12-27 9863168]
S3 StreamServe6;StreamServe StreamServe6; C:\Program Files\StreamServe\4.1.2\Server\strsvc.exe [2005-12-27 9863168]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Tady je log z Combofixu, bohužel nemůžu vypnout antivirus, je to centrálně spravovaná instalace do které nemůžu zasáhnout.

ComboFix 10-04-13.02 - 10342 13.04.2010 20:11:21.7.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1250.420.1033.18.1014.681 [GMT 2:00]
Spuštěný z: c:\documents and settings\10342\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\jhnoeb.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_jhnoeb
-------\Service_jhnoeb


((((((((((((((((((((((((( Soubory vytvořené od 2010-03-13 do 2010-04-13 )))))))))))))))))))))))))))))))
.

2010-04-13 14:00 . 2010-04-13 16:07 -------- d-----w- c:\program files\trend micro
2010-04-13 14:00 . 2010-04-13 16:07 -------- d-----w- C:\rsit
2010-04-13 13:48 . 2010-04-13 13:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-04-09 10:05 . 2010-04-09 10:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-07 11:26 . 2010-04-13 11:49 52224 ----a-w- c:\documents and settings\10342\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-07 06:49 . 2010-04-07 07:51 -------- d-----w- c:\documents and settings\10342\Local Settings\Application Data\u-turn
2010-04-07 06:49 . 2010-04-07 07:51 -------- d-----w- c:\documents and settings\10342\Application Data\u-turn
2010-04-02 14:28 . 2010-04-02 14:28 -------- d-s---w- c:\documents and settings\Administrator\UserData
2010-03-22 09:27 . 2010-03-22 09:27 -------- d-----w- c:\program files\Common Files\Skype
2010-03-17 08:52 . 2010-03-17 08:52 108949 ----a-w- c:\windows\News Rover Uninstaller.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-13 18:28 . 2007-02-07 07:41 -------- d-----w- c:\documents and settings\10342\Application Data\Skype
2010-04-13 18:23 . 2005-10-31 13:11 -------- d-----w- c:\program files\Symantec AntiVirus
2010-04-13 15:51 . 2007-12-10 15:38 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-13 14:10 . 2008-12-02 06:38 -------- d-----w- c:\documents and settings\10342\Application Data\skypePM
2010-04-13 12:56 . 2009-03-25 11:22 117760 ----a-w- c:\documents and settings\10342\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-13 09:51 . 2007-02-02 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-13 08:44 . 2008-06-17 07:16 -------- d-----w- c:\program files\CCleaner
2010-04-13 07:02 . 2009-10-13 12:36 -------- d-----w- c:\documents and settings\10342\Application Data\vlc
2010-04-12 13:34 . 2005-11-08 12:25 -------- d-----w- c:\program files\MVXDOC125
2010-04-09 17:47 . 2009-10-27 08:41 177544 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-09 10:08 . 2009-11-20 10:50 -------- d-----w- c:\program files\QuickTime
2010-04-08 14:14 . 2005-11-08 12:22 -------- d-----w- c:\program files\MVXDOC113
2010-04-02 15:50 . 2010-03-09 09:41 -------- d-----w- c:\program files\Runic Games
2010-04-02 15:24 . 2005-10-31 13:11 -------- d-----w- c:\program files\Symantec
2010-04-02 15:24 . 2005-10-31 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-26 07:33 . 2010-01-22 11:43 -------- d-----w- c:\documents and settings\10342\Application Data\dvdcss
2010-03-17 09:56 . 2005-11-01 11:41 -------- d-----w- c:\program files\MUSICMATCH
2010-03-12 13:24 . 2010-03-12 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2010-03-12 12:29 . 2010-03-12 12:29 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-12 12:27 . 2010-03-11 14:01 -------- d-----w- c:\program files\Nokia
2010-03-12 12:22 . 2010-03-12 12:22 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\msxml6Exec.exe
2010-03-12 12:22 . 2010-03-12 12:22 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\Sleep.exe
2010-03-12 12:22 . 2010-03-12 12:22 3203453 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\vcredistExec.exe
2010-03-12 12:22 . 2010-03-11 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-03-12 12:22 . 2010-03-12 12:24 34818368 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\NokiaSoftwareUpdaterSetup_cs[1].exe
2010-03-12 12:15 . 2010-03-12 12:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-03-12 12:15 . 2010-03-12 12:15 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-03-12 12:14 . 2010-03-12 12:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-03-11 15:17 . 2007-02-07 07:40 -------- d-----w- c:\documents and settings\10342\Application Data\PC Suite
2010-03-11 14:31 . 2010-03-11 14:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-03-11 14:30 . 2010-03-11 14:30 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-03-11 14:30 . 2007-02-07 07:40 -------- d-----w- c:\documents and settings\10342\Application Data\Nokia
2010-03-11 14:30 . 2006-06-29 09:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-03-11 14:03 . 2010-03-11 14:03 -------- d-----w- c:\program files\Common Files\PCSuite
2010-03-11 14:02 . 2006-06-29 09:06 -------- d-----w- c:\program files\DIFX
2010-03-11 14:00 . 2005-10-31 12:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-11 13:58 . 2005-11-04 10:27 -------- d-----w- c:\program files\Common Files\Nokia
2010-03-11 13:54 . 2010-03-11 13:54 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
2010-03-11 13:54 . 2010-03-11 13:54 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
2010-03-11 13:54 . 2010-03-11 13:54 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-03-11 13:54 . 2010-03-11 13:54 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe
2010-03-11 13:53 . 2010-03-11 14:00 34701512 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_cze_web.exe
2010-03-09 09:53 . 2010-03-09 09:53 -------- d-----w- c:\documents and settings\10342\Application Data\runic games
2010-03-09 08:46 . 2010-02-18 13:20 12788 ----a-w- c:\documents and settings\All Users\Application Data\BlazeVideo\BlazeDTV 6.0\blazedvd.dll
2010-03-03 19:05 . 2006-12-28 21:37 -------- d-----w- c:\program files\yBook
2010-02-26 06:12 . 2008-06-06 10:41 662016 ------w- c:\windows\system32\wininet.dll
2010-02-26 06:12 . 2008-06-06 14:52 81920 ------w- c:\windows\system32\ieencode.dll
2010-02-25 08:11 . 2010-02-25 08:11 -------- d-----w- c:\documents and settings\10342\Application Data\webex
2010-02-25 08:10 . 2009-10-01 12:44 -------- d-----w- c:\program files\WebEx
2010-02-18 14:24 . 2010-02-18 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\BlazeVideo
2010-02-18 14:24 . 2005-11-02 23:13 -------- d-----w- c:\program files\Common Files\Real
2010-02-18 13:18 . 2010-02-18 13:18 -------- d-----w- c:\program files\BlazeVideo
2010-02-18 13:17 . 2010-02-18 13:12 483200 ----a-w- c:\windows\system32\drivers\AF15BDA.sys
2010-02-18 13:17 . 2010-02-18 13:13 28672 ----a-w- c:\windows\system32\AF15BDAEX.dll
2010-02-18 13:17 . 2010-02-18 13:13 140 ----a-w- c:\windows\system32\AF15IRTBL.bin
2010-02-02 22:27 . 2010-02-02 17:50 943472 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd295a04.vdb\NAVEX32A.DLL
2010-02-02 22:27 . 2010-02-02 17:50 895408 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd295a04.vdb\NAVEX15.SYS
2010-02-02 22:27 . 2010-02-02 17:50 82256 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd295a04.vdb\NAVENG.SYS
2010-02-02 22:27 . 2010-02-02 17:50 128368 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd295a04.vdb\NAVENG32.DLL
2010-02-02 22:27 . 2010-02-02 17:50 385072 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd295a04.vdb\EECTRL.SYS
2010-02-02 22:27 . 2010-02-02 17:50 284016 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd295a04.vdb\ECMSVR32.DLL
2010-02-02 22:27 . 2010-02-02 17:50 2561072 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd295a04.vdb\CCERASER.DLL
2010-02-02 22:27 . 2010-02-02 17:50 109616 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd295a04.vdb\ERASER.SYS
2010-01-22 11:37 . 2010-01-22 11:37 52736 ----a-w- c:\windows\ipuninst.exe
2010-01-21 13:53 . 2010-03-12 12:27 18048 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PasswordAgent"="c:\prg\Password Agent\PwAgent.exe" [2002-11-05 1163936]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2004-12-20 458752]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 442368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-08-29 94208]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 442368]
"TpShocks"="TpShocks.exe" [2005-08-22 86016]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-09-01 237568]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-08-23 864256]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-13 139264]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-13 208896]
"TPTRAY"="c:\progra~1\ThinkPad\UTILIT~1\TP98TRAY.EXE" [2005-08-30 50176]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-10 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-10 512000]
"TP4EX"="tp4ex.exe" [2005-08-24 40960]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2002-08-07 20530]
"Client Access Help Update"="c:\program files\IBM\Client Access\cwbinhlp.exe" [2002-08-07 24576]
"Client Access Check Version"="c:\program files\IBM\Client Access\cwbckver.exe" [2002-08-07 45106]
"Client Access Express Welcome"="c:\program files\IBM\Client Access\cwbwlwiz.exe" [2002-08-07 20480]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
"QCTray"="c:\progra~1\ThinkPad\CONNEC~1\QCTray.exe" [2005-09-06 745472]
"PDAsync"="c:\program files\Laplink PDAsync\SyncLauncher.exe" [2007-03-09 40960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-23 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2006-11-07 12451]
"MPlayer2_FixUp"="c:\windows\inf\unregmp2.exe" [2007-06-26 317440]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
CDPforFilesSrv.lnk - c:\program files\Tivoli\CDP_for_Files\FilePathSrv.exe [2007-10-4 458319]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-10-31 24576]
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2009-10-21 6144]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\documents and settings\10342\My Documents\Desktop.htm
FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-02 14:58 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2005-09-06 02:08 262144 ----a-w- c:\windows\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 21:45 28672 ----a-w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-06-16 20:23 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 rttmntr;R-TT Backup Archive Explorer;c:\windows\system32\drivers\rttmntr.sys [3.9.2004 13:11 200512]
R0 snaprtt;R-TT Snapshots Manager;c:\windows\system32\drivers\snaprtt.sys [3.9.2004 13:11 78624]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [31.10.2005 15:00 14720]
R1 FilePath;VitalFile;c:\windows\system32\drivers\Fp.sys [4.10.2007 14:14 313553]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [28.5.2008 10:33 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28.5.2008 10:33 55024]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [10.6.2008 13:08 141312]
R2 ccmsetup;ccmsetup;c:\windows\system32\ccmsetup\ccmsetup.exe [2.2.2007 9:19 258048]
R2 Preview;Preview;c:\program files\StreamServe\4.1.2\Server\PreviewServer.exe [30.10.2008 15:05 65536]
R2 Repository Server;StreamServe Repository Server;c:\program files\StreamServe\4.1.2\Server\bin\ptserv32.exe -config "c:\program files\StreamServe\4.1.2\Common\bin\ptserver.cfg" --> c:\program files\StreamServe\4.1.2\Server\bin\ptserv32.exe -config c:\program files\StreamServe\4.1.2\Common\bin\ptserver.cfg [?]
R2 rttfsfilt;R-TT FS Filter;c:\windows\system32\drivers\rttfsfilt.sys [3.9.2004 13:11 27936]
R2 StreamServe Alerter;StreamServe Alerter;c:\program files\StreamServe\4.1.2\Common\StrsAlerter.exe [30.10.2008 15:05 98304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2.9.2009 10:49 102448]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [31.10.2005 15:00 6400]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [10.10.2009 5:15 33920]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S0 xmasscsi;xmasscsi;c:\windows\system32\Drivers\xmasscsi.sys --> c:\windows\system32\Drivers\xmasscsi.sys [?]
S1 c4788d6a;c4788d6a;c:\windows\system32\drivers\c4788d6a.sys --> c:\windows\system32\drivers\c4788d6a.sys [?]
S2 FilePathsrv;CDPforFilesSrv;c:\windows\system32\FilePathSrv.exe [4.10.2007 14:14 458319]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\system32\drivers\adusbmdm65.sys [2.5.2005 14:55 64896]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [7.1.2008 10:13 93440]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\system32\drivers\adusbser65.sys [7.1.2008 10:53 64896]
S3 cglptnt;cglptnt;c:\program files\totalcmd\CGLPTNT.SYS [31.10.2005 14:19 7888]
S3 esihdrv;esihdrv;\??\c:\docume~1\10342\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\10342\LOCALS~1\Temp\esihdrv.sys [?]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [4.4.2007 19:35 10752]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [19.4.2004 15:01 6656]
S3 JDPLUX;JDPLUX;c:\docume~1\10342\LOCALS~1\Temp\JDPLUX.exe --> c:\docume~1\10342\LOCALS~1\Temp\JDPLUX.exe [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [12.3.2010 14:27 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [12.3.2010 14:27 8320]
S3 pfsvgae;pfsvgae;\??\c:\docume~1\rezkar0\LOCALS~1\Temp\pfsvgae.sys --> c:\docume~1\rezkar0\LOCALS~1\Temp\pfsvgae.sys [?]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [11.2.2009 12:31 3567]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 14:20 12648]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [31.10.2005 14:42 12288]
S3 Reporter;StreamServe Reporter;c:\program files\StreamServe\4.1.2\Reporter\bin\bootloader.exe [30.10.2008 15:06 11776]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28.5.2008 10:33 7408]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [27.9.2006 20:33 116464]
S3 SDBPSWHV;SDBPSWHV;c:\docume~1\ADMINI~1\LOCALS~1\Temp\SDBPSWHV.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\SDBPSWHV.exe [?]
S3 ServiceBroker;ServiceBroker;c:\program files\StreamServe\4.1.2\Server\ServiceBroker.exe [30.10.2008 15:05 1753088]
S3 SliceDisk5;SliceDisk5;\??\c:\program files\A-FF Find and Mount\slicedisk.sys --> c:\program files\A-FF Find and Mount\slicedisk.sys [?]
S3 StreamServe1;StreamServe1;c:\program files\StreamServe\3.0\Server\strsvc.exe [17.10.2008 12:32 6836224]
S3 StreamServe2;StreamServe MVXOUT4;c:\program files\StreamServe\4.1.2\Server\strsvc.exe [30.10.2008 15:05 9863168]
S3 StreamServe3;StreamServe MVXOUTUPG;c:\program files\StreamServe\4.1.2\Server\strsvc.exe [30.10.2008 15:05 9863168]
S3 StreamServe4;StreamServe MVXOUTEZ;c:\program files\StreamServe\4.1.2\Server\strsvc.exe [30.10.2008 15:05 9863168]
S3 StreamServe5;StreamServe STRS-EDU;c:\program files\StreamServe\4.1.2\Server\strsvc.exe [30.10.2008 15:05 9863168]
S3 StreamServe6;StreamServe StreamServe6;c:\program files\StreamServe\4.1.2\Server\strsvc.exe [30.10.2008 15:05 9863168]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [27.5.2009 10:53 23600]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.9.2009 12:40 721904]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-04-13 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2005-10-31 23:01]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 192.168.9.2:3128
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: intentia.com\tellus
Trusted Zone: lawson.com\password
Trusted Zone: lawson.com\vpn.se
Trusted Zone: microsoft.com\www.update
Trusted Zone: salesforce.com
DPF: {0CDC8A43-059E-47CD-A3D0-FA46E01F6496} - hxxp://tellus.corp.intentia.net/Tellus/Misc/TellusExportAx.CAB
DPF: {1C7CF466-F149-478F-B232-BC6F72638D28} - hxxp://tellus.intentia.com/Tellus/Misc/TellusList.CAB
DPF: {841DC3EC-0320-4CF6-92E4-710EE5F56CA3} - hxxp://212.209.194.223/MIEWeb/Setup.cab
DPF: {B8C681FD-D629-4CCE-90CD-89493F1F2799} - hxxp://czprw011/mwp/ieui/IEMod.cab
FF - ProfilePath - c:\documents and settings\10342\Application Data\Mozilla\Firefox\Profiles\lrlltn73.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage
FF - prefs.js: keyword.enabled - false
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPuroamHost.dll
FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-13 20:25
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2127521184-22818289-501965909-57423\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:e4,e2,d7,f7,5b,d4,49,24,30,30,d8,00,b1,49,2d,90,cf,25,a7,b1,e7,ba,47,
4f,a6,c1,92,e3,5c,6b,39,3f,26,cd,23,86,31,63,32,e2,3c,41,6f,17,0a,46,77,ec,\
"??"=hex:4e,6d,89,ba,c9,29,10,34,6e,41,fa,27,c7,e3,47,e0

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1368)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\tphklock.dll

- - - - - - - > 'explorer.exe'(3020)
c:\windows\System32\shdoclc.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nslsvice.exe
c:\windows\system32\nsl.exe
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\oracle\ora92\bin\omtsreco.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
c:\windows\System32\QCONSVC.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\StreamServe\4.1.2\Server\bin\ptserv32.exe
c:\windows\System32\snmp.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\program files\Laplink PDAsync\XTNDPC.exe
c:\program files\Microsoft ActiveSync\Wcescomm.exe
c:\program files\Skype\Phone\Skype.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-04-13 20:33:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-13 18:33

Před spuštěním: 6 197 923 840 bytes free
Po spuštění: 5 113 589 760 bytes free

- - End Of File - - 361316E26B070495E6CA8F068E9787B9

Rootkit smazán. Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\docume~1\ADMINI~1\LOCALS~1\Temp\SDBPSWHV.exe

Driver::
SDBPSWHV

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Tady je pro jistotu log z combofixu po výmazu, snad to dopadlo dobře a je potvora pryč.
Zatím se nic podezřelého neděje.
Můžu se zeptat co to bylo zač? Pod tím názvem SDBPSWHV jsem nic nenašel.



ComboFix 10-04-13.02 - 10342 13.04.2010 21:05:32.8.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.420.1033.18.1014.380 [GMT 2:00]
Spuštěný z: c:\documents and settings\10342\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\10342\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SDBPSWHV
-------\Service_SDBPSWHV


((((((((((((((((((((((((( Soubory vytvořené od 2010-03-13 do 2010-04-13 )))))))))))))))))))))))))))))))
.

2010-04-13 14:00 . 2010-04-13 16:07 -------- d-----w- c:\program files\trend micro
2010-04-13 14:00 . 2010-04-13 16:07 -------- d-----w- C:\rsit
2010-04-13 13:48 . 2010-04-13 13:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-04-09 10:05 . 2010-04-09 10:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-07 11:26 . 2010-04-13 11:49 52224 ----a-w- c:\documents and settings\10342\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-07 06:49 . 2010-04-07 07:51 -------- d-----w- c:\documents and settings\10342\Local Settings\Application Data\u-turn
2010-04-07 06:49 . 2010-04-07 07:51 -------- d-----w- c:\documents and settings\10342\Application Data\u-turn
2010-04-02 14:28 . 2010-04-02 14:28 -------- d-s---w- c:\documents and settings\Administrator\UserData
2010-03-22 09:27 . 2010-03-22 09:27 -------- d-----w- c:\program files\Common Files\Skype
2010-03-17 08:52 . 2010-03-17 08:52 108949 ----a-w- c:\windows\News Rover Uninstaller.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-13 19:28 . 2007-02-07 07:41 -------- d-----w- c:\documents and settings\10342\Application Data\Skype
2010-04-13 19:17 . 2005-10-31 13:11 -------- d-----w- c:\program files\Symantec AntiVirus
2010-04-13 15:51 . 2007-12-10 15:38 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-13 14:10 . 2008-12-02 06:38 -------- d-----w- c:\documents and settings\10342\Application Data\skypePM
2010-04-13 12:56 . 2009-03-25 11:22 117760 ----a-w- c:\documents and settings\10342\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-13 09:51 . 2007-02-02 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-13 08:44 . 2008-06-17 07:16 -------- d-----w- c:\program files\CCleaner
2010-04-13 07:02 . 2009-10-13 12:36 -------- d-----w- c:\documents and settings\10342\Application Data\vlc
2010-04-12 13:34 . 2005-11-08 12:25 -------- d-----w- c:\program files\MVXDOC125
2010-04-09 17:47 . 2009-10-27 08:41 177544 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-09 10:08 . 2009-11-20 10:50 -------- d-----w- c:\program files\QuickTime
2010-04-08 14:14 . 2005-11-08 12:22 -------- d-----w- c:\program files\MVXDOC113
2010-04-02 15:50 . 2010-03-09 09:41 -------- d-----w- c:\program files\Runic Games
2010-04-02 15:24 . 2005-10-31 13:11 -------- d-----w- c:\program files\Symantec
2010-04-02 15:24 . 2005-10-31 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-26 07:33 . 2010-01-22 11:43 -------- d-----w- c:\documents and settings\10342\Application Data\dvdcss
2010-03-17 09:56 . 2005-11-01 11:41 -------- d-----w- c:\program files\MUSICMATCH
2010-03-12 13:24 . 2010-03-12 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2010-03-12 12:29 . 2010-03-12 12:29 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-12 12:27 . 2010-03-11 14:01 -------- d-----w- c:\program files\Nokia
2010-03-12 12:22 . 2010-03-12 12:22 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\msxml6Exec.exe
2010-03-12 12:22 . 2010-03-12 12:22 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\Sleep.exe
2010-03-12 12:22 . 2010-03-12 12:22 3203453 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\vcredistExec.exe
2010-03-12 12:22 . 2010-03-11 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-03-12 12:22 . 2010-03-12 12:24 34818368 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\NokiaSoftwareUpdaterSetup_cs[1].exe
2010-03-12 12:15 . 2010-03-12 12:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-03-12 12:15 . 2010-03-12 12:15 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-03-12 12:14 . 2010-03-12 12:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-03-11 15:17 . 2007-02-07 07:40 -------- d-----w- c:\documents and settings\10342\Application Data\PC Suite
2010-03-11 14:31 . 2010-03-11 14:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-03-11 14:30 . 2010-03-11 14:30 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-03-11 14:30 . 2007-02-07 07:40 -------- d-----w- c:\documents and settings\10342\Application Data\Nokia
2010-03-11 14:30 . 2006-06-29 09:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-03-11 14:03 . 2010-03-11 14:03 -------- d-----w- c:\program files\Common Files\PCSuite
2010-03-11 14:02 . 2006-06-29 09:06 -------- d-----w- c:\program files\DIFX
2010-03-11 14:00 . 2005-10-31 12:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-11 13:58 . 2005-11-04 10:27 -------- d-----w- c:\program files\Common Files\Nokia
2010-03-11 13:54 . 2010-03-11 13:54 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
2010-03-11 13:54 . 2010-03-11 13:54 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
2010-03-11 13:54 . 2010-03-11 13:54 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-03-11 13:54 . 2010-03-11 13:54 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe
2010-03-11 13:53 . 2010-03-11 14:00 34701512 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_cze_web.exe
2010-03-09 09:53 . 2010-03-09 09:53 -------- d-----w- c:\documents and settings\10342\Application Data\runic games
2010-03-09 08:46 . 2010-02-18 13:20 12788 ----a-w- c:\documents and settings\All Users\Application Data\BlazeVideo\BlazeDTV 6.0\blazedvd.dll
2010-03-03 19:05 . 2006-12-28 21:37 -------- d-----w- c:\program files\yBook
2010-02-26 06:12 . 2008-06-06 10:41 662016 ------w- c:\windows\system32\wininet.dll
2010-02-26 06:12 . 2008-06-06 14:52 81920 ------w- c:\windows\system32\ieencode.dll
2010-02-25 08:11 . 2010-02-25 08:11 -------- d-----w- c:\documents and settings\10342\Application Data\webex
2010-02-25 08:10 . 2009-10-01 12:44 -------- d-----w- c:\program files\WebEx
2010-02-18 14:24 . 2010-02-18 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\BlazeVideo
2010-02-18 14:24 . 2005-11-02 23:13 -------- d-----w- c:\program files\Common Files\Real
2010-02-18 13:18 . 2010-02-18 13:18 -------- d-----w- c:\program files\BlazeVideo
2010-02-18 13:17 . 2010-02-18 13:12 483200 ----a-w- c:\windows\system32\drivers\AF15BDA.sys
2010-02-18 13:17 . 2010-02-18 13:13 28672 ----a-w- c:\windows\system32\AF15BDAEX.dll
2010-02-18 13:17 . 2010-02-18 13:13 140 ----a-w- c:\windows\system32\AF15IRTBL.bin
2010-02-02 22:27 . 2010-02-02 17:50 943472 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd295a04.vdb\NAVEX32A.DLL
2010-02-02 22:27 . 2010-02-02 17:50 895408 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd295a04.vdb\NAVEX15.SYS
2010-02-02 22:27 . 2010-02-02 17:50 82256 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd295a04.vdb\NAVENG.SYS
2010-02-02 22:27 . 2010-02-02 17:50 128368 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd295a04.vdb\NAVENG32.DLL
2010-02-02 22:27 . 2010-02-02 17:50 385072 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd295a04.vdb\EECTRL.SYS
2010-02-02 22:27 . 2010-02-02 17:50 284016 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd295a04.vdb\ECMSVR32.DLL
2010-02-02 22:27 . 2010-02-02 17:50 2561072 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd295a04.vdb\CCERASER.DLL
2010-02-02 22:27 . 2010-02-02 17:50 109616 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd295a04.vdb\ERASER.SYS
2010-01-22 11:37 . 2010-01-22 11:37 52736 ----a-w- c:\windows\ipuninst.exe
2010-01-21 13:53 . 2010-03-12 12:27 18048 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PasswordAgent"="c:\prg\Password Agent\PwAgent.exe" [2002-11-05 1163936]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2004-12-20 458752]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 442368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-08-29 94208]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 442368]
"TpShocks"="TpShocks.exe" [2005-08-22 86016]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-09-01 237568]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-08-23 864256]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-13 139264]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-13 208896]
"TPTRAY"="c:\progra~1\ThinkPad\UTILIT~1\TP98TRAY.EXE" [2005-08-30 50176]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-10 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-10 512000]
"TP4EX"="tp4ex.exe" [2005-08-24 40960]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2002-08-07 20530]
"Client Access Help Update"="c:\program files\IBM\Client Access\cwbinhlp.exe" [2002-08-07 24576]
"Client Access Check Version"="c:\program files\IBM\Client Access\cwbckver.exe" [2002-08-07 45106]
"Client Access Express Welcome"="c:\program files\IBM\Client Access\cwbwlwiz.exe" [2002-08-07 20480]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
"QCTray"="c:\progra~1\ThinkPad\CONNEC~1\QCTray.exe" [2005-09-06 745472]
"PDAsync"="c:\program files\Laplink PDAsync\SyncLauncher.exe" [2007-03-09 40960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-23 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2006-11-07 12451]
"MPlayer2_FixUp"="c:\windows\inf\unregmp2.exe" [2007-06-26 317440]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
CDPforFilesSrv.lnk - c:\program files\Tivoli\CDP_for_Files\FilePathSrv.exe [2007-10-4 458319]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-10-31 24576]
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2009-10-21 6144]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\documents and settings\10342\My Documents\Desktop.htm
FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-02 14:58 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2005-09-06 02:08 262144 ----a-w- c:\windows\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 21:45 28672 ----a-w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-06-16 20:23 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 rttmntr;R-TT Backup Archive Explorer;c:\windows\system32\drivers\rttmntr.sys [3.9.2004 13:11 200512]
R0 snaprtt;R-TT Snapshots Manager;c:\windows\system32\drivers\snaprtt.sys [3.9.2004 13:11 78624]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [31.10.2005 15:00 14720]
R1 FilePath;VitalFile;c:\windows\system32\drivers\Fp.sys [4.10.2007 14:14 313553]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [28.5.2008 10:33 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28.5.2008 10:33 55024]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [10.6.2008 13:08 141312]
R2 ccmsetup;ccmsetup;c:\windows\system32\ccmsetup\ccmsetup.exe [2.2.2007 9:19 258048]
R2 Preview;Preview;c:\program files\StreamServe\4.1.2\Server\PreviewServer.exe [30.10.2008 15:05 65536]
R2 Repository Server;StreamServe Repository Server;c:\program files\StreamServe\4.1.2\Server\bin\ptserv32.exe -config "c:\program files\StreamServe\4.1.2\Common\bin\ptserver.cfg" --> c:\program files\StreamServe\4.1.2\Server\bin\ptserv32.exe -config c:\program files\StreamServe\4.1.2\Common\bin\ptserver.cfg [?]
R2 rttfsfilt;R-TT FS Filter;c:\windows\system32\drivers\rttfsfilt.sys [3.9.2004 13:11 27936]
R2 StreamServe Alerter;StreamServe Alerter;c:\program files\StreamServe\4.1.2\Common\StrsAlerter.exe [30.10.2008 15:05 98304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2.9.2009 10:49 102448]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [31.10.2005 15:00 6400]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [10.10.2009 5:15 33920]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S0 xmasscsi;xmasscsi;c:\windows\system32\Drivers\xmasscsi.sys --> c:\windows\system32\Drivers\xmasscsi.sys [?]
S1 c4788d6a;c4788d6a;c:\windows\system32\drivers\c4788d6a.sys --> c:\windows\system32\drivers\c4788d6a.sys [?]
S2 FilePathsrv;CDPforFilesSrv;c:\windows\system32\FilePathSrv.exe [4.10.2007 14:14 458319]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\system32\drivers\adusbmdm65.sys [2.5.2005 14:55 64896]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [7.1.2008 10:13 93440]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\system32\drivers\adusbser65.sys [7.1.2008 10:53 64896]
S3 cglptnt;cglptnt;c:\program files\totalcmd\CGLPTNT.SYS [31.10.2005 14:19 7888]
S3 esihdrv;esihdrv;\??\c:\docume~1\10342\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\10342\LOCALS~1\Temp\esihdrv.sys [?]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [4.4.2007 19:35 10752]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [19.4.2004 15:01 6656]
S3 JDPLUX;JDPLUX;c:\docume~1\10342\LOCALS~1\Temp\JDPLUX.exe --> c:\docume~1\10342\LOCALS~1\Temp\JDPLUX.exe [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [12.3.2010 14:27 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [12.3.2010 14:27 8320]
S3 pfsvgae;pfsvgae;\??\c:\docume~1\rezkar0\LOCALS~1\Temp\pfsvgae.sys --> c:\docume~1\rezkar0\LOCALS~1\Temp\pfsvgae.sys [?]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [11.2.2009 12:31 3567]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 14:20 12648]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [31.10.2005 14:42 12288]
S3 Reporter;StreamServe Reporter;c:\program files\StreamServe\4.1.2\Reporter\bin\bootloader.exe [30.10.2008 15:06 11776]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28.5.2008 10:33 7408]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [27.9.2006 20:33 116464]
S3 ServiceBroker;ServiceBroker;c:\program files\StreamServe\4.1.2\Server\ServiceBroker.exe [30.10.2008 15:05 1753088]
S3 SliceDisk5;SliceDisk5;\??\c:\program files\A-FF Find and Mount\slicedisk.sys --> c:\program files\A-FF Find and Mount\slicedisk.sys [?]
S3 StreamServe1;StreamServe1;c:\program files\StreamServe\3.0\Server\strsvc.exe [17.10.2008 12:32 6836224]
S3 StreamServe2;StreamServe MVXOUT4;c:\program files\StreamServe\4.1.2\Server\strsvc.exe [30.10.2008 15:05 9863168]
S3 StreamServe3;StreamServe MVXOUTUPG;c:\program files\StreamServe\4.1.2\Server\strsvc.exe [30.10.2008 15:05 9863168]
S3 StreamServe4;StreamServe MVXOUTEZ;c:\program files\StreamServe\4.1.2\Server\strsvc.exe [30.10.2008 15:05 9863168]
S3 StreamServe5;StreamServe STRS-EDU;c:\program files\StreamServe\4.1.2\Server\strsvc.exe [30.10.2008 15:05 9863168]
S3 StreamServe6;StreamServe StreamServe6;c:\program files\StreamServe\4.1.2\Server\strsvc.exe [30.10.2008 15:05 9863168]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [27.5.2009 10:53 23600]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.9.2009 12:40 721904]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-04-13 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2005-10-31 23:01]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 192.168.9.2:3128
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: intentia.com\tellus
Trusted Zone: lawson.com\password
Trusted Zone: lawson.com\vpn.se
Trusted Zone: microsoft.com\www.update
Trusted Zone: salesforce.com
DPF: {0CDC8A43-059E-47CD-A3D0-FA46E01F6496} - hxxp://tellus.corp.intentia.net/Tellus/Misc/TellusExportAx.CAB
DPF: {1C7CF466-F149-478F-B232-BC6F72638D28} - hxxp://tellus.intentia.com/Tellus/Misc/TellusList.CAB
DPF: {841DC3EC-0320-4CF6-92E4-710EE5F56CA3} - hxxp://212.209.194.223/MIEWeb/Setup.cab
DPF: {B8C681FD-D629-4CCE-90CD-89493F1F2799} - hxxp://czprw011/mwp/ieui/IEMod.cab
FF - ProfilePath - c:\documents and settings\10342\Application Data\Mozilla\Firefox\Profiles\lrlltn73.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage
FF - prefs.js: keyword.enabled - false
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPuroamHost.dll
FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-13 21:25
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2127521184-22818289-501965909-57423\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:e4,e2,d7,f7,5b,d4,49,24,30,30,d8,00,b1,49,2d,90,cf,25,a7,b1,e7,ba,47,
4f,a6,c1,92,e3,5c,6b,39,3f,26,cd,23,86,31,63,32,e2,3c,41,6f,17,0a,46,77,ec,\
"??"=hex:4e,6d,89,ba,c9,29,10,34,6e,41,fa,27,c7,e3,47,e0

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1368)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\tphklock.dll

- - - - - - - > 'explorer.exe'(996)
c:\windows\System32\shdoclc.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nslsvice.exe
c:\windows\system32\nsl.exe
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\oracle\ora92\bin\omtsreco.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
c:\windows\System32\QCONSVC.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\StreamServe\4.1.2\Server\bin\ptserv32.exe
c:\windows\System32\snmp.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\program files\Laplink PDAsync\XTNDPC.exe
c:\program files\Microsoft ActiveSync\Wcescomm.exe
c:\program files\Skype\Phone\Skype.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-04-13 21:33:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-13 19:32
ComboFix2.txt 2010-04-13 18:33

Před spuštěním: 5 122 682 880 bytes free
Po spuštění: 5 087 195 136 bytes free

- - End Of File - - 5CD6D90BB7001DC9D86CAD5669DAF362

Log již vypadá čistý.

Děkuji a přeji pěkný zbytek večera

Nemáte zač!