prosim o kontrolu combofixu , mam nejake podozrenie ze nieco by tu mohlo byt, notas spomalene nabieha, obcas su velke odozvy na internet
ComboFix 10-06-14.03 - ITjopo 15.06.2010 16:05:48.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2046.1544 [GMT 2:00]
Running from: c:\documents and settings\ITjopo\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Outpost Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2010-05-15 to 2010-06-15 )))))))))))))))))))))))))))))))
.
2010-06-12 21:47 . 2010-06-12 21:47 -------- d-----w- c:\program files\Common Files\Skype
2010-06-12 00:31 . 2010-06-12 00:31 63488 ----a-w- c:\documents and settings\ITjopo\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-12 00:31 . 2010-06-12 00:31 52224 ----a-w- c:\documents and settings\ITjopo\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-11 08:57 . 2010-06-15 14:14 122568 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-07 19:39 . 2010-06-07 19:39 -------- d-----w- c:\program files\Ventrilo
2010-06-02 15:28 . 2010-06-02 15:28 -------- d-----w- c:\windows\Sun
2010-06-02 15:28 . 2010-06-02 15:28 61440 ----a-w- c:\documents and settings\ITjopo\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-39949430-n\decora-sse.dll
2010-06-02 15:28 . 2010-06-02 15:28 503808 ----a-w- c:\documents and settings\ITjopo\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-208fe746-n\msvcp71.dll
2010-06-02 15:28 . 2010-06-02 15:28 499712 ----a-w- c:\documents and settings\ITjopo\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-208fe746-n\jmc.dll
2010-06-02 15:28 . 2010-06-02 15:28 348160 ----a-w- c:\documents and settings\ITjopo\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-208fe746-n\msvcr71.dll
2010-06-02 15:28 . 2010-06-02 15:28 12800 ----a-w- c:\documents and settings\ITjopo\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-39949430-n\decora-d3d.dll
2010-06-02 15:27 . 2010-06-02 15:26 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-20 13:38 . 2008-05-12 16:04 13480 ----a-w- c:\windows\system32\drivers\smiif32.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-15 13:59 . 2009-01-21 17:55 -------- d-----w- c:\program files\Crawler
2010-06-15 13:29 . 2008-10-28 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-06-12 21:48 . 2008-11-20 20:20 -------- d-----w- c:\documents and settings\ITjopo\Application Data\Skype
2010-06-12 21:17 . 2008-11-20 20:21 -------- d-----w- c:\documents and settings\ITjopo\Application Data\skypePM
2010-06-12 00:31 . 2009-04-07 09:20 117760 ----a-w- c:\documents and settings\ITjopo\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-12 00:27 . 2008-12-02 21:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-11 08:31 . 2008-11-03 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-07 19:38 . 2008-12-31 12:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-05 17:39 . 2008-10-29 09:50 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 15:27 . 2008-10-28 04:11 -------- d-----w- c:\program files\Common Files\Java
2010-06-02 15:26 . 2008-10-28 04:11 -------- d-----w- c:\program files\Java
2010-05-21 13:52 . 2008-11-14 20:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-20 13:40 . 2008-10-28 04:01 -------- d-----w- c:\program files\Lenovo
2010-05-04 17:20 . 2006-04-30 06:56 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2006-04-30 06:55 78336 ------w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2006-04-30 06:55 17408 ------w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2006-04-30 06:55 1851264 ------w- c:\windows\system32\win32k.sys
2010-04-29 13:39 . 2008-11-14 20:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2008-11-14 20:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-22 15:56 . 2008-10-28 13:25 -------- d-----w- c:\program files\Spyware Terminator
2010-04-20 05:30 . 2006-04-30 06:55 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-18 22:48 . 2009-01-21 17:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-04-18 14:19 . 2010-04-18 14:19 -------- d-----w- c:\program files\Enigma Software Group
2010-03-24 18:33 . 2008-08-18 12:27 95872 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-03-24 18:31 . 2009-02-06 13:23 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-03-24 18:23 . 2008-08-18 12:18 139192 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-03-02 513384]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2010-03-02 208896]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-08-03 62240]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-09-09 176128]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-08 256576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-14 13549568]
"nwiz"="nwiz.exe" [2009-01-14 1630208]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-14 487424]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2010-03-01 431464]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2010-03-01 181608]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-24 1036288]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2008-07-31 479232]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-10 2176512]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-13 3073336]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-02-25 2553088]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-03-02 1225032]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" [2009-03-02 433480]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-14 86016]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"AMSG"="c:\progra~1\THINKV~2\AMSG\Amsg.exe" [2009-09-03 436800]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-09-21 1392640]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1206544]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-15 417792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-24 2145000]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\ITjopo\Start Menu\Programs\Startup\
logon.lnk - c:\siet\logon.bat [2008-10-28 506]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-10-27 50688]
Oznamovaź.lnk - c:\program files\Teamware\Office\twnoti32.exe [2008-12-2 264192]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-06-12 00:27 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-12-01 12:41 100104 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Teamware\\Office\\twnoti32.exe"=
"c:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [24.2.2010 11:10 24304]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.11.2008 13:34 717296]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [9.10.2009 13:10 20520]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 15:23 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [18.8.2008 14:27 95872]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [20.5.2010 15:38 13480]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [7.4.2009 14:33 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [22.12.2008 12:06 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [22.12.2008 12:05 67656]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [28.10.2008 15:25 142592]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [9.5.2008 6:50 46144]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [7.4.2009 14:29 1267016]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [24.2.2010 11:10 132456]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [24.3.2010 20:31 810120]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [21.1.2009 19:38 206096]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [27.10.2008 23:47 53248]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [13.3.2009 14:47 12560]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [30.3.2007 10:39 63928]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [14.5.2008 17:25 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [9.5.2008 6:50 360448]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [7.4.2009 14:29 30864]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [7.4.2009 14:32 257432]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [8.10.2005 12:00 22272]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [13.9.2006 21:42 37312]
R3 VPPP;DrayTek Virtual PPP Adapter;c:\windows\system32\drivers\VPPP.sys [18.6.2008 10:09 32784]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [21.5.2009 20:48 44984]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [7.4.2009 14:33 33888]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [27.4.2009 17:06 13224]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [27.4.2009 16:56 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [27.4.2009 16:56 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [27.4.2009 16:56 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [27.4.2009 16:56 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [27.4.2009 16:56 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [27.4.2009 16:56 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [27.4.2009 16:56 115752]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [22.12.2008 12:06 12872]
S3 SMmonitor;TPSSM;c:\program files\TPSSM\client\monitor\SMmonitor.exe [18.11.2008 10:59 69632]
S3 Smport;Smport;c:\windows\system32\smport.sys [2.12.2008 21:08 2627]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-06-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]
2010-04-02 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]
2010-06-15 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-10-28 23:20]
2010-06-13 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2010-02-18 00:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.lenovo.com/welcome/thinkpad
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Crawler Search - tbr:iemenu
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\ITjopo\Application Data\Mozilla\Firefox\Profiles\kasyafpg.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.qr.cz
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60049&qkw=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
Notify-ACNotify - ACNotify.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-15 16:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spfy.sys >>UNKNOWN [0x8A5E0938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9e67cb8
\Driver\atapi -> atapi.sys @ 0xb9ddeb40
\Driver\iaStor -> iaStor.sys @ 0xb9d54d30
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Intel(R) Wireless WiFi Link 4965AGN -> SendCompleteHandler -> NDIS.sys @ 0xb9c00bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9befa0d
SendHandler -> NDIS.sys @ 0xb9c03b40
user & kernel MBR OK
copy of MBR has been found in sector 8 !
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2201160869-596085660-500604444-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
@Denied: (Full) (Administrators)
"View"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,ff,ff,ff,16,00,00,00,1d,00,00,00,24,06,00,00,c0,03,00,00,52,01,00,\
"FindFlags"=dword:0000000e
"LastKey"="Tento počítač\\HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer"
[HKEY_USERS\S-1-5-21-2201160869-596085660-500604444-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites]
@Denied: (Full) (Administrators)
@Denied: (Full) (S-1-5-21-2201160869-596085660-500604444-1005)
"Order"=hex:08,00,00,00,02,00,00,00,e8,01,00,00,01,00,00,00,05,00,00,00,6e,00,
00,00,00,00,00,00,60,00,31,00,00,00,00,00,5c,39,f5,1d,10,00,4c,45,4e,4f,56,\
[HKEY_USERS\S-1-5-21-2201160869-596085660-500604444-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2]
@Denied: (Full) (Administrators)
@Denied: (Full) (S-1-5-21-2201160869-596085660-500604444-1005)
[HKEY_USERS\S-1-5-21-2201160869-596085660-500604444-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs]
"Order"=hex:08,00,00,00,02,00,00,00,fa,2b,00,00,01,00,00,00,54,00,00,00,9c,00,
00,00,00,00,00,00,8e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,7c,00,32,\
[HKEY_USERS\S-1-5-21-2201160869-596085660-500604444-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Accessories]
"Order"=hex:08,00,00,00,02,00,00,00,10,0a,00,00,01,00,00,00,0f,00,00,00,f4,00,
00,00,00,00,00,00,e6,00,00,00,41,75,67,4d,02,00,00,00,02,00,00,00,6c,00,31,\
[HKEY_USERS\S-1-5-21-2201160869-596085660-500604444-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Accessories\Communications]
"Order"=hex:08,00,00,00,02,00,00,00,62,04,00,00,01,00,00,00,06,00,00,00,98,00,
00,00,00,00,00,00,8a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,78,00,32,\
[HKEY_USERS\S-1-5-21-2201160869-596085660-500604444-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Accessories\Entertainment]
"Order"=hex:08,00,00,00,02,00,00,00,d2,01,00,00,01,00,00,00,03,00,00,00,9a,00,
00,00,00,00,00,00,8c,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,7a,00,32,\
[HKEY_USERS\S-1-5-21-2201160869-596085660-500604444-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Accessories\Microsoft Interactive Training]
"Order"=hex:08,00,00,00,02,00,00,00,62,01,00,00,01,00,00,00,02,00,00,00,a6,00,
00,00,00,00,00,00,98,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,86,00,32,\
[HKEY_USERS\S-1-5-21-2201160869-596085660-500604444-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Accessories\System Tools]
"Order"=hex:08,00,00,00,02,00,00,00,82,06,00,00,01,00,00,00,0a,00,00,00,88,00,
00,00,00,00,00,00,7a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,68,00,32,\
[HKEY_USERS\S-1-5-21-2201160869-596085660-500604444-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Diskeeper Corporation]
"Order"=hex:08,00,00,00,02,00,00,00,24,01,00,00,01,00,00,00,02,00,00,00,86,00,
00,00,00,00,00,00,78,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,66,00,32,\
[HKEY_USERS\S-1-5-21-2201160869-596085660-500604444-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ESET]
"Order"=hex:08,00,00,00,02,00,00,00,92,00,00,00,01,00,00,00,01,00,00,00,86,00,
00,00,00,00,00,00,78,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,66,00,31,\
[HKEY_USERS\S-1-5-21-2201160869-596085660-500604444-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Games]
"Order"=hex:08,00,00,00,02,00,00,00,38,07,00,00,01,00,00,00,0b,00,00,00,8e,00,
00,00,00,00,00,00,80,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6e,00,32,\
[HKEY_USERS\S-1-5-21-2201160869-596085660-500604444-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Integrated Camera]
"Order"=hex:08,00,00,00,02,00,00,00,88,00,00,00,01,00,00,00,01,00,00,00,7c,00,
00,00,00,00,00,00,6e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5c,00,32,\
[HKEY_USERS\S-1-5-21-2201160869-596085660-500604444-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Multimedia Center for Think Offerings]
"Order"=hex:08,00,00,00,02,00,00,00,44,04,00,00,01,00,00,00,08,00,00,00,5e,00,
00,00,00,00,00,00,50,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,3e,00,31,\
[HKEY_USERS\S-1-5-21-2201160869-596085660-500604444-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Multimedia Center for Think Offerings\DLA]
"Order"=hex:08,00,00,00,02,00,00,00,04,01,00,00,01,00,00,00,02,00,00,00,7a,00,
00,00,00,00,00,00,6c,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5a,00,32,\
[HKEY_USERS\S-1-5-21-2201160869-596085660-500604444-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\NetWaiting]
"Order"=hex:08,00,00,00,02,00,00,00,8a,00,00,00,01,00,00,00,01,00,00,00,7e,00,
00,00,00,00,00,00,70,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5e,00,32,\
[HKEY_USERS\S-1-5-21-2201160869-596085660-500604444-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\PC-Doctor 5 for Windows]
"Order"=hex:08,00,00,00,02,00,00,00,a4,00,00,00,01,00,00,00,01,00,00,00,98,00,
00,00,00,00,00,00,8a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,78,00,32,\
[HKEY_USERS\S-1-5-21-2201160869-596085660-500604444-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Picasa2]
"Order"=hex:08,00,00,00,02,00,00,00,fe,00,00,00,01,00,00,00,02,00,00,00,76,00,
00,00,00,00,00,00,68,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,56,00,32,\
[HKEY_USERS\S-1-5-21-2201160869-596085660-500604444-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\PowerQuest PartitionMagic 8.0]
"Order"=hex:08,00,00,00,02,00,00,00,ce,01,00,00,01,00,00,00,03,00,00,00,a2,00,
00,00,00,00,00,00,94,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,82,00,31,\
[HKEY_USERS\S-1-5-21-2201160869-596085660-500604444-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\PowerQuest PartitionMagic 8.0\PartitionMagic 8.0 Documentation]
"Order"=hex:08,00,00,00,02,00,00,00,52,01,00,00,01,00,00,00,02,00,00,00,aa,00,
00,00,00,00,00,00,9c,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,8a,00,32,\
[HKEY_USERS\S-1-5-21-2201160869-596085660-500604444-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\PowerQuest PartitionMagic 8.0\PartitionMagic 8.0 Tools]
"Order"=hex:08,00,00,00,02,00,00,00,24,03,00,00,01,00,00,00,06,00,00,00,98,00,
00,00,00,00,00,00,8a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,78,00,32,\
[HKEY_USERS\S-1-5-21-2201160869-596085660-500604444-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SoundMAX]
"Order"=hex:08,00,00,00,02,00,00,00,fe,00,00,00,01,00,00,00,02,00,00,00,84,00,
00,00,00,00,00,00,76,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,64,00,32,\
[HKEY_USERS\S-1-5-21-2201160869-596085660-500604444-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Startup]
"Order"=hex:08,00,00,00,02,00,00,00,50,02,00,00,01,00,00,00,04,00,00,00,9c,00,
00,00,00,00,00,00,8e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,7c,00,32,\
[HKEY_USERS\S-1-5-21-2201160869-596085660-500604444-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ThinkVantage]
"Order"=hex:08,00,00,00,02,00,00,00,8e,09,00,00,01,00,00,00,11,00,00,00,a0,00,
00,00,00,00,00,00,92,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,80,00,31,\
[HKEY_USERS\S-1-5-21-2201160869-596085660-500604444-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ThinkVantage\ThinkVantage Fingerprint Software]
"Order"=hex:08,00,00,00,02,00,00,00,1a,02,00,00,01,00,00,00,04,00,00,00,86,00,
00,00,00,00,00,00,78,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,66,00,32,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="B2EE00EBD3BAF0EE2E3F708235997CD11DC51AA7452F2E249BD1289433D1C8E3F62DA3F2326AA2D7EBE2A8C3379E252279CDA71C55D35522B6853AA721F6EFA1C98A030727969158E3CF1F74F65774B84C102DBC3128361602ED5B8A38D5368F6C698D7ADD610052932B0C092EB044ACF40C49444607E2EA5E0834DB38D886FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5C8EDD5E5BE2F6E6673038E1DB0D4E2EFD7F266A13A44B807C38A81745E1A5991335C1A4F49077396178CECFF71AD147DC0D6538C40E23A2713542965978AEB7A36B4B422C8F157352349801AEA569F87EBA96B25EF552B623C833BF693ECC3926011C5FE020E5604DEE8E2D7A6318554AEA350E6277305BD4CB15629FCDC6E8D6618F0B06054019A6CAEBBF38DA67614F93FCB3377D1623EBA6C6840D1C6708958CC388F55500AAD67DB1D8296964173FBF6FBEA7C96016F45AE9E0A26EFC48E4181D4D6B7A8515FBCE244B723C20E4F00CD100E1F072AE9E7AE463BADC5BD3ED2A430407B4B44F569ECA9E9ED9AD2DDCAB2DFB79DBB05BB92DE1AD0F56D7467D01A08CCD9674BF495BF18D1B982745A265CF6C62C60501BF2ECE95BE9C4CAE016C63762807B0C6600CA989B7A328770213C83C78C3DCF4CACCDEA54E459A128E50808C62C0D8B247C9C6B42AFB5202E222EE8C7AB52A02996C071B24B9A1E85D24AD45AC52E0C9CEC160E60EF4C9174E175AB28956E2680F0502E50C39CB1DC77566D11B9D4044EB3453ACDDB637DBF006E836AD3280DA32204D2D35D37F1150E56B93A6DAF250377840C37DBCC76A1F1ABA53CF2B80002DDDAB493370AF1799A6BCA12B14780EEDF50AA031D5AA52CD12B6FBBF74E373CFF1A2487D48CBF8EB80A3C4E9A8549271AAD96B21A6161596BF05D3AE98B1430DA37D6C6F69CBF03252ABFD87C98EE6C6279A7EDCA7C1A6370812B2347273F3FB4E49AAC9B42B307D89A37F8A01328815927D69D4246BF3916790264933B5FAD5DFD8AC2DE0665901AB9DADE1264F68AA2477EF5EBBD1D82CEA74EE4D610AC4FADD42CEA3F70286155171255BE979EAF82B3F0B3362BB2830B577800254882FEE5D5F241657044236A63A342DCE48E91307516470DEF0A86D7D16058EB8C68DD60BCE715631F70D02EBD7DB6EABD732342DEDDC974EBD13D20D1257FC8FE6A7FEA4F1B0960BEA5B3EF3EB549DA94704B6A81A070E9F7317774170883BAD06B7D500EF8F6D3D6F14D3A95F081949B9959D941C2A1E97E554178D7ADC9C3B4E6C6D02B16ED7779D15CB87DB1425DDD88F0D240242734C6EE28CF7BDCDD7B666697E28E66435BA10AB589C51CC6C8B4D0E4E9B9A7F202C694C5C9B8A87856F7C46627F"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1644)
c:\windows\system32\vrlogon.dll
c:\windows\system32\IWPDGINA.DLL
c:\program files\Intel\WiFi\bin\LangResources\ENU\SsoGnENU.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
- - - - - - - > 'explorer.exe'(2356)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSSK.DLL
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
c:\program files\Lenovo\Client Security Solution\tvtpwm_interface.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TpKmpSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TpShocks.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Lenovo\Client Security Solution\password_manager.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\Teamware\Office\TWEVTSRV.EXE
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
.
**************************************************************************
.
Completion time: 2010-06-15 16:43:50 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-15 14:43
ComboFix2.txt 2010-04-18 14:10
Pre-Run: 32 547 557 376 bytes free
Post-Run: 21 adresárov, 32 689 664 000 voľných bajtov
- - End Of File - - A41541B4E1D226C21B63713CFB9F4631
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
kontrola combofix
Moderátor: Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola combofix
Udělejte sken IceSword: http://www.viry.cz/forum/viewtopic.php?f=29&t=11394 a dejte logy Process a KernelModule.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola combofix
prikladam spominane logy
Kernel Module:
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
VolSnap.sys
atapi.sys
iaStor.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
DRVMCDB.SYS
PxHelp20.sys
KSecDD.sys
WudfPf.sys
DozeHDD.sys
Ntfs.sys
NDIS.sys
Apsx86.sys
ApsHM86.sys
risdptsk.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
Mup.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\e1e5132.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw5x32.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\Wdf01000.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\atmeltpm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ibmpmdrv.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\iviaspi.sys
\SystemRoot\System32\Drivers\DLACDBHM.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\afw.sys
\SystemRoot\system32\drivers\afwcore.sys
\SystemRoot\system32\drivers\TDI.SYS
\SystemRoot\system32\DRIVERS\btkrnl.sys
\SystemRoot\system32\DRIVERS\VPPP.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\System32\Drivers\pcouffin.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\psadd.sys
\SystemRoot\system32\DRIVERS\Tvti2c.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\tap0801.sys
\SystemRoot\system32\DRIVERS\btport.sys
\SystemRoot\system32\drivers\btaudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\ADIHdAud.sys
\SystemRoot\system32\drivers\AEAudio.sys
\SystemRoot\system32\DRIVERS\HSFHWAZL.sys
\SystemRoot\system32\DRIVERS\HSF_DPV.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\tcusb.sys
\SystemRoot\system32\DRIVERS\tvtumon.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_N.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\epfwtdir.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\TSMAPIP.SYS
\SystemRoot\System32\drivers\Tppwrif.sys
\SystemRoot\system32\DRIVERS\TPHKDRV.sys
\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\??\C:\WINDOWS\system32\drivers\SandBox.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\System32\Drivers\PQNTDrv.SYS
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\smiif32.sys
\??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\drivers\ANC.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\eamon.sys
\SystemRoot\system32\DRIVERS\tvtfilter.sys
\SystemRoot\System32\Drivers\DRVNDDM.SYS
\SystemRoot\System32\DLA\DLADResN.SYS
\SystemRoot\System32\DLA\DLAIFS_M.SYS
\SystemRoot\System32\DLA\DLAOPIOM.SYS
\SystemRoot\System32\DLA\DLAPoolM.SYS
\??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
\SystemRoot\System32\DLA\DLABOIOM.SYS
\SystemRoot\System32\DLA\DLAUDFAM.SYS
\SystemRoot\System32\DLA\DLAUDF_M.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\s24trans.sys
\SystemRoot\system32\DRIVERS\PROCDD.SYS
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\??\C:\WINDOWS\System32\drivers\pmemnt.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\System32\Drivers\IsDrv122.sys
\WINDOWS\system32\ntdll.dll
Process:
System Idle Process
System
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
D:\GAMES\Metin2_CZ\metin2client.bin
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\GAMES\Metin2_CZ\metin2client.bin
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\WINDOWS\system32\smss.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\alg.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
C:\PROGRA~1\THINKV~2\AMSG\Amsg.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\ITjopo\Desktop\IceSword122en\IceSword122en\IceSword.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\ZOOM\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\system32\oodtray.exe
C:\WINDOWS\explorer.exe
Kernel Module:
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
VolSnap.sys
atapi.sys
iaStor.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
DRVMCDB.SYS
PxHelp20.sys
KSecDD.sys
WudfPf.sys
DozeHDD.sys
Ntfs.sys
NDIS.sys
Apsx86.sys
ApsHM86.sys
risdptsk.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
Mup.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\e1e5132.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw5x32.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\Wdf01000.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\atmeltpm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ibmpmdrv.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\iviaspi.sys
\SystemRoot\System32\Drivers\DLACDBHM.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\afw.sys
\SystemRoot\system32\drivers\afwcore.sys
\SystemRoot\system32\drivers\TDI.SYS
\SystemRoot\system32\DRIVERS\btkrnl.sys
\SystemRoot\system32\DRIVERS\VPPP.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\System32\Drivers\pcouffin.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\psadd.sys
\SystemRoot\system32\DRIVERS\Tvti2c.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\tap0801.sys
\SystemRoot\system32\DRIVERS\btport.sys
\SystemRoot\system32\drivers\btaudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\ADIHdAud.sys
\SystemRoot\system32\drivers\AEAudio.sys
\SystemRoot\system32\DRIVERS\HSFHWAZL.sys
\SystemRoot\system32\DRIVERS\HSF_DPV.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\tcusb.sys
\SystemRoot\system32\DRIVERS\tvtumon.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_N.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\epfwtdir.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\TSMAPIP.SYS
\SystemRoot\System32\drivers\Tppwrif.sys
\SystemRoot\system32\DRIVERS\TPHKDRV.sys
\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\??\C:\WINDOWS\system32\drivers\SandBox.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\System32\Drivers\PQNTDrv.SYS
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\smiif32.sys
\??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\drivers\ANC.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\eamon.sys
\SystemRoot\system32\DRIVERS\tvtfilter.sys
\SystemRoot\System32\Drivers\DRVNDDM.SYS
\SystemRoot\System32\DLA\DLADResN.SYS
\SystemRoot\System32\DLA\DLAIFS_M.SYS
\SystemRoot\System32\DLA\DLAOPIOM.SYS
\SystemRoot\System32\DLA\DLAPoolM.SYS
\??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
\SystemRoot\System32\DLA\DLABOIOM.SYS
\SystemRoot\System32\DLA\DLAUDFAM.SYS
\SystemRoot\System32\DLA\DLAUDF_M.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\s24trans.sys
\SystemRoot\system32\DRIVERS\PROCDD.SYS
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\??\C:\WINDOWS\System32\drivers\pmemnt.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\System32\Drivers\IsDrv122.sys
\WINDOWS\system32\ntdll.dll
Process:
System Idle Process
System
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
D:\GAMES\Metin2_CZ\metin2client.bin
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\GAMES\Metin2_CZ\metin2client.bin
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\WINDOWS\system32\smss.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\alg.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
C:\PROGRA~1\THINKV~2\AMSG\Amsg.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\ITjopo\Desktop\IceSword122en\IceSword122en\IceSword.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\ZOOM\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\system32\oodtray.exe
C:\WINDOWS\explorer.exe
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola combofix
Nevidíim nic nebezpečného, nemáte ani rootkit. Co jste instaloval těsně před tím, než se problém objevil?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola combofix
praveze nic, skusim to precistit a nieco dat prec co nepotrebujem, dakujem za pomoc
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola combofix
Můžete také zkusit optimalizovat pomocí XPManageru: http://www.viry.cz/forum/viewtopic.php?f=46&t=17549 . Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?