VIRY.CZ

Ahoj,
nasel jsem tu nejake popisy boju se sirefefem, ale pokazde to probiha trochu jinak, tak bych vas chtel poprosit o pomoc. Avira mi hlasi Sirefef.BP.1 a nekdy taky Sirefef.A.28, Rootkit.gen2 a parkrat taky Crypt.xpack, kteremu jsem ted vypnul proces, tak se mi neozyva, ale jiste zase zacne. Kazdou minutu na me ted bafne Sirefef. Prikladam log z OTL (otl a extras v jednom packu), protoze tim se vzdy zacinalo. A nize vkladam hijackthis log.
Diky moc
Tom

Logfile of random's system information tool 1.09 (written by random/random)
Run by Krcalek at 2012-02-25 19:07:21
Microsoft® Windows Vista™ Business Service Pack 2
System drive C: has 7 GB (5%) free of 146 GB
Total RAM: 2046 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:07:38, on 25.2.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\OETRN.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Krcalek\Downloads\OTL.exe
C:\Windows\system32\conime.exe
C:\Users\Krcalek\Downloads\RSIT.exe
C:\Program Files\trend micro\Krcalek.exe
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Windows\WebIE.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Windows\WebIE.dll
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKCU\..\Run: [OEXPRESS] C:\Windows\OETRN.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Nezapomen] C:\Program Files\Nezapomen\nezapomen.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Krcalek\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Windows\WebIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Windows\WebIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://as.photoprintit.de/ips-opdata/l ... oader4.cab
O16 - DPF: {EFFDEEEC-F9E1-4461-91D2-DAEB8CC595F1} (CSViewer Control) - http://90.177.99.3/CSViewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A74EC124-15EE-44C3-B499-C434931C3EA9}: NameServer = 212.96.161.6,212.96.160.7
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14345 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1423714611-289679160-126880394-1003Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1423714611-289679160-126880394-1003UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Krcalek\AppData\Roaming\Mozilla\Firefox\Profiles\1eqhvjtb.default

prefs.js - "browser.startup.homepage" - "www.seznam.cz"
prefs.js - "extensions.enabledItems" - "{6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900, {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900, {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05, {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07, {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, m3ffxtbr@mywebsearch.com:1.2, {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280, cs@dictionaries.addons.mozilla.org:1.0.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.19"
prefs.js - "keyword.URL" - "http://search.mywebsearch.com/mywebsear ... searchfor="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
"{6904342A-8307-11DF-A508-4AE2DFD72085}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0]
"Description"=DivX OVS Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69]
"Description"=6.0.12.69
"Path"=C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeploytk.dll
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
nprpjplug.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Krcalek\AppData\Roaming\Mozilla\Firefox\Profiles\1eqhvjtb.default\extensions\
cs@dictionaries.addons.mozilla.org
{20a82645-c095-46ed-80e3-08825760534b}

C:\Users\Krcalek\AppData\Roaming\Mozilla\Firefox\Profiles\1eqhvjtb.default\searchplugins\
mywebsearch.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Windows\WebIE.dll [2008-01-16 491520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]
DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F040E541-A427-4CF7-85D8-75E3E0F476C5}]
CPwmIEBrowserHelper Object - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2006-12-22 796224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Windows\WebIE.dll [2008-01-16 491520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2007-03-09 66176]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-03-05 172032]
"PWMTRV"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog []
"TpShocks"=C:\Windows\system32\TpShocks.exe [2007-03-30 181808]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2007-03-28 243248]
"AwaySch"=C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [2006-11-07 91688]
"ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2007-07-05 419112]
"ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2007-07-05 124200]
"cssauth"=C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2006-12-22 2614848]
"LenovoOobeOffers"=c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe [2006-12-29 28672]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-06-09 13543968]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-06-09 92704]
"Message Center Plus"=C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27 49976]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-07-10 1282048]
"DivX Download Manager"=C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe [2010-12-08 63360]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-01-11 1230704]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"Nikon Message Center 2"=C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [2010-05-25 619008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"=C:\Windows\OETRN.EXE [2008-01-16 26624]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"Nezapomen"=C:\Program Files\Nezapomen\nezapomen.exe [2001-06-30 457216]
"Google Update"=C:\Users\Krcalek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-06 136176]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
C:\Program Files\ThinkVantage\AMSG\Amsg.exe [2009-03-06 458752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FineReader7NewsReaderPro]
C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe [2003-09-12 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe [2007-03-22 120368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]
C:\PROGRA~1\ICQ\ICQNet.exe [2003-10-14 38984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [2007-04-09 58416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2011-01-31 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2011-01-31 550360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~1\Office10\OSA.EXE [2001-02-13 83360]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Windows\system32\psqlpwd.dll [2007-03-15 89600]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd
ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.cvid"=iccvid.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-02-25 19:07:21 ----D---- C:\rsit
2012-02-25 18:54:41 ----A---- C:\COMMANDS.TXT
2012-02-25 17:03:02 ----ASH---- C:\Windows\system32\dds_log_trash.cmd
2012-02-16 23:10:59 ----A---- C:\Windows\system32\mshtmled.dll
2012-02-16 23:10:59 ----A---- C:\Windows\system32\jscript.dll
2012-02-16 23:10:59 ----A---- C:\Windows\system32\iertutil.dll
2012-02-16 23:10:58 ----A---- C:\Windows\system32\wininet.dll
2012-02-16 23:10:58 ----A---- C:\Windows\system32\url.dll
2012-02-16 23:10:58 ----A---- C:\Windows\system32\jscript9.dll
2012-02-16 23:10:58 ----A---- C:\Windows\system32\ieui.dll
2012-02-16 23:10:57 ----A---- C:\Windows\system32\jsproxy.dll
2012-02-16 23:10:56 ----A---- C:\Windows\system32\mshtml.dll
2012-02-16 23:10:53 ----A---- C:\Windows\system32\urlmon.dll
2012-02-16 23:10:53 ----A---- C:\Windows\system32\ieframe.dll
2012-02-16 14:39:04 ----A---- C:\Windows\system32\msvcrt.dll
2012-02-16 14:39:03 ----A---- C:\Windows\system32\win32k.sys

======List of files/folders modified in the last 1 month======

2012-02-25 19:07:38 ----D---- C:\Program Files\Trend Micro
2012-02-25 19:07:33 ----D---- C:\Windows\System32
2012-02-25 19:06:59 ----D---- C:\Windows\Prefetch
2012-02-25 18:01:05 ----D---- C:\Windows
2012-02-25 18:01:05 ----A---- C:\Windows\MAILTRAN.INI
2012-02-25 17:59:58 ----SHD---- C:\System Volume Information
2012-02-25 17:36:51 ----D---- C:\Windows\system32\drivers
2012-02-25 17:21:17 ----D---- C:\Windows\Temp
2012-02-25 17:16:23 ----A---- C:\Windows\system32\PROCDB.INI
2012-02-25 17:15:42 ----HD---- C:\SWSHARE
2012-02-25 17:15:19 ----A---- C:\Windows\system32\IPSCtrl.INI
2012-02-22 19:06:27 ----D---- C:\Users\Krcalek\AppData\Roaming\Skype
2012-02-20 19:41:02 ----D---- C:\Windows\system32\catroot2
2012-02-17 22:53:15 ----D---- C:\Program Files\Mozilla Firefox
2012-02-17 09:24:04 ----D---- C:\Windows\winsxs
2012-02-17 09:13:50 ----D---- C:\Windows\Microsoft.NET
2012-02-17 09:13:49 ----RSD---- C:\Windows\assembly
2012-02-17 08:55:59 ----D---- C:\Windows\system32\migration
2012-02-17 08:55:59 ----D---- C:\Program Files\Internet Explorer
2012-02-17 08:55:52 ----D---- C:\Program Files\Microsoft Silverlight
2012-02-16 23:12:46 ----A---- C:\Windows\system32\mrt.exe
2012-02-16 23:11:31 ----D---- C:\Windows\system32\catroot
2012-02-16 23:10:36 ----SHD---- C:\Windows\Installer
2012-02-16 23:09:03 ----D---- C:\Program Files\Windows Mail
2012-02-16 23:05:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-02-16 23:05:43 ----D---- C:\Windows\inf
2012-02-03 21:16:46 ----A---- C:\Windows\NeroDigital.ini
2012-01-29 05:10:42 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-02-12 277784]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-02-02 43528]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2006-07-05 59256]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2007-02-08 83320]
R0 Shockprf;Shockprf; C:\Windows\System32\DRIVERS\Apsx86.sys [2007-03-03 100656]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-01-16 682232]
R0 TPDIGIMN;TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM86.sys [2007-03-03 19760]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiif32.sys [2006-08-30 13744]
R1 NetworkX;NetworkX; C:\Windows\system32\ckldrv.sys [2008-03-17 19584]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr32v.sys [2007-06-17 12080]
R2 5689;5689; \??\C:\Users\Krcalek\AppData\Local\Temp\5689.sys [2012-02-25 143360]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-08 56816]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 PROCDD;IPS Helper Driver; C:\Windows\system32\DRIVERS\PROCDD.SYS [2006-11-06 12080]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-08-08 45568]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-03-15 11152]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2007-07-16 5120]
R2 tvtfilter;tvtfilter; C:\Windows\system32\DRIVERS\tvtfilter.sys [2007-10-28 33536]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2007-10-04 348160]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-03-04 146432]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2007-02-27 224128]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-22 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-12-22 207360]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2007-05-31 21424]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-04-29 2219520]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-06-09 7522624]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2009-06-01 30144]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2007-03-15 40848]
R3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2008-01-19 45624]
R3 TVTI2C;Lenovo SM bus driver; C:\Windows\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264]
S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [2007-07-16 41984]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 79664]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 81200]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 16432]
S3 dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2007-07-05 91432]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2007-07-05 206120]
R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2007-02-05 69632]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 IBMPMSVC;ThinkPad PM Service; C:\Windows\system32\ibmpmsvc.exe [2007-05-31 36400]
R2 IPSSVC;IPS Core Service; C:\Windows\system32\IPSSVC.EXE [2007-01-30 108080]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-06-09 196608]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2008-10-20 28672]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG.exe [2007-03-03 37680]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2007-03-02 55936]
R2 TSSCoreService;TSS Core Service; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [2006-12-22 722496]
R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-01-09 569344]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2007-01-09 950272]
R2 TVT Scheduler;TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
R2 tvtnetwk;tvtnetwk; C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe [2007-01-09 45056]
S2 A88xTuner;Procexp90; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 aamqdispatcher;Invoker; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 acrotray;Pfmodnt; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 alcxsens;LC7981; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 aniwzcsdservice;ADSMService; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 arcltsrv;Lxrsii1s; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 ARSVC;Se45mdfl; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 aspi32;Odclientservice; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 aswupdsv;Outpostfirewall; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 ati;Ssoftservice; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 atixsaudio;Akshasp; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 autostore;Timounter; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 AVerTV;Xponaut_WBD; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 AYDrvNT_ALYAC;Enxpsvr; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 BCMTPM;Avg7rsw; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 BRGSp50;RR2Vbi; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 catchme;Nfsds; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 CcmExec;Fasttx2k; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 cdvp;EagleNT; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 CiscoVpnInstallService;NOWMEMDF; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 cisvc;Razerusb; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 COMMONFX.DLL;Wtwservice; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 CoolerXPDriver;S24eventmonitor; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 coste;KMWDFilter; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 Crypkey License;Crypkey License; C:\Windows\system32\crypserv.exe [2008-05-08 122880]
S2 crystalaps;SetupNT; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 CTHWIUT.DLL;DCamUSBDXGTech; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 CTMSHD;Npkcrypt; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 cwcpsvc20;Pxfhmdfl; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 db2jds;Btfirst; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 digisptiservice;S117obex; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 DirectUpdate;S716mdfl; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 DivisCTP;Mclogmanagerservice; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 DSDrv4;Symsnap; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 entertainment;Sysaidagent; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 erecoveryservice;Noipducservice; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 filechecker;Nsctop; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 FTSER2K;I81x; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 GameConsoleService;Sfilter; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 GMSIPCI;EMSCR; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 GT890x;IASJet; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 GTSCSER;WinDriver6; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 hidgame;Pmsveh; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 https-admserv61;Subsonic; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 InCDsrvR;AppnBase; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 ini910u;Zebrsce; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 intelroam;Motoswitchservice; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 InterBaseServer;Sit_mdm; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 konfig;Epstnt01; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 L1e;Ftpds; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 licenseservice;S116obex; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 LVPrcMon;Cavasm; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 lvsrvlauncher;Se2Bnd5; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 matlabserver;Sf; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 mcshield;Yukonwxp; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 minilog;UsbserFilt; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 mpe;Elbycdfl; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 mssqlserverolapservice;Pavfnsvr; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 nod32krn;Pensup; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 orbpvr;Ino_fltr; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 ownershipprotocol;Netdetect; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 p1131vid;Lbtserv; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 PD0620VID;Video3D; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 PGPsdkDriver;Retroexplauncher; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 phnxvcdservice;Wintab32; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 pivot;Aic116x; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 plsremotesvc;NWHOST; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 qmofiltr;Vvoice; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 qserver;PSDFilter; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 redbook;Es1371; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 regspy;Sbiesvc; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 rimusb;Ati; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 RIOUNIV;Cicsclient; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 rnadiagnosticsservice;Enecbpth; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 rollbackclientservice;Db2governor; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 rtm;Astcc; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 s217bus;L1e; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 s217mgmt;S3twistr; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 s616obex;Tm_cfw; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 scsiaccess;Xcomm; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 SE2Bobex;Roxliveshare; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 SE2Emdm;Belmonitorservice; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 server;Nabtsfec; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 simbad;NETw3x32; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 SMPLSCSI;MxlW2k; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 snapman;Thkeys; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 SPCtl;Cq_mem; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
S2 SQTECH905C;Qcmerced; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 SrvcTPIOMngr;LMouKE; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 StarOpen;WmFilter; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 SWUMX51;Hcmon; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 symantecantibotdriver;NICSer_WPC300N; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 syntp;Ahcix86s; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 Tb2RCAssist;Bdfdll; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 tdrpman174;Qbcfmonitorservice; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 telnet;Senfilt; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 tfsnboio;Nisum; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 tfsnudf;DN2AKNET; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 tng-dtmg;Zfdwm; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 tosrfbd;Pxfhmdm; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-15 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe []

-----------------EOF-----------------

Zdravím!
Porprosím o log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Ahoj, díly za rychlou reakci. Nemohl jsem to spustit kvuli avire, tak jsem ji odinstaloval, restartoval a porad mi to hazi warning na nainstalovany AntiVirus Desktop. Nic jineho podle me nainstalovaneho nemam, nic jsem nenasel. No tak jsem to dal spustit i pres to a pochybuju, ze se to spustilo. Nejdriv okno bledemodre a to pak zmizi a nic se nedeje. Myslel jsem ze to treba bezi skryte ale ani po 30 minutach nic.

Zkuste to v nouz. režimu. Pokud máte Aviru odinstalovanou, hlášku ignorujte.

Tak jsem nahodil nouzový režim, program se dostal dál, modré okno nespadlo a objevila se hláška, že to bude trvat. No ale trvá to už víc jak půl hodiny a nevypadá to, že by to nějak jelo. Je tam jen ta hláška, že to bude trvat ale pod tím nic nepřibývá.

Ani OTL nám celkem nic neprozradil. Zkuste sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log.

Tak to našlo docela dost virů, ale nechce se mi věřit, že by kaspersk byl tak dobrej a všeho se opravdu zbavil.

Status: Disinfected (events: 4)
26.2.2012 0:22:09 Disinfected virus Virus.Win32.ZAccess.c c:\Windows\System32\drivers\tdx.sys High
26.2.2012 1:09:51 Disinfected virus Virus.Win32.ZAccess.c c:\Windows\System32\drivers\netbt.sys High
26.2.2012 1:19:22 Disinfected Trojan program Exploit.Java.CVE-2011-3544.ik C:\Documents and Settings\Krcalek\AppData\Local\Temp\jar_cache1606194983303951265.tmp/fuYVxbRoL.class High
26.2.2012 1:19:22 Disinfected Trojan program Exploit.Java.CVE-2011-3544.ik C:\Documents and Settings\Krcalek\AppData\Local\Temp\jar_cache1606194983303951265.tmp High
Status: Deleted (events: 6)
26.2.2012 1:17:48 Deleted Trojan program Rootkit.Win32.PMax.x C:\Documents and Settings\Krcalek\AppData\Local\22766cda\U\800000c0.@ High
26.2.2012 1:17:50 Deleted Trojan program Backdoor.Win32.ZAccess.aqo C:\Documents and Settings\Krcalek\AppData\Local\22766cda\U\00000001.@ High
26.2.2012 1:17:49 Deleted Trojan program Trojan-Downloader.Win32.Agent.gyal C:\Documents and Settings\Krcalek\AppData\Local\22766cda\U\000000cf.@ High
26.2.2012 1:17:53 Deleted Trojan program Trojan.Win32.Zapchast.aayn C:\Documents and Settings\Krcalek\AppData\Local\22766cda\U\800000cb.@ High
26.2.2012 1:17:55 Deleted Trojan program Backdoor.Win32.ZAccess.bwd C:\Documents and Settings\Krcalek\AppData\Local\22766cda\U\800000cf.@ High
26.2.2012 3:29:55 Deleted virus Virus.Win32.ZAccess.c C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys High
Status: Quarantined (events: 2)
26.2.2012 1:26:25 Quarantined unknown threat UDS:DangerousObject.Multi.Generic C:\Documents and Settings\Krcalek\AppData\Local\Temp\725A.tmp High
26.2.2012 3:13:15 Quarantined unknown threat UDS:DangerousObject.Multi.Generic C:\Windows\Temp\_ex-08.exe High

A také všechny smazal. Kaspersky patří k světové špičce. Teď byste měl mít čisto.

Díky moc Rudy za pomoc, určitě se počítači ulehčilo. Ten sirefef tam ale asi ještě je, napsal mi Naughty že ví jak na to a pomůže mi s ním. Díky moc!

Nemáte zač!

Klidně, tak dalece nevím, jak je na tom AVP s aktualizacemi.