Click.GiftLoad :-(

**verko1** · 2011-05-13, 22:24

Hi,
unfortunately I also found this malware in my PC and cannot get rid of it. Thank u for ur help in advance.

I´ve already backed up the registry.
I´ve only tried to remove it with the help of AdAware and Spybot
Symptoms:
- svchost running crazy using 200 000 kb
- firefox redirects to different sites
- sometimes limited connectivity
- and the last one which happened few minutes ago - I couldnt log in to windows using my password. I had to smile to lenovo Veriface in order to log in.

Here is the the log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Peto at 21:37:51,40 on p* 13.05.2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.476 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\QSTART.SYS\config\DVMExportService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\BisonC07\BisonM07.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Documents and Settings\Peto\Plocha\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.sk/
uInternet Connection Wizard,ShellNext = hxxp://lenovo.live.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mWinlogon: Taskman=c:\documents and settings\peto\ctfmon.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BisonMnt] c:\windows\bisonc07\BisonM07.exe
mRun: [VeriFaceManager] c:\program files\lenovo\verifaceiii\PManage.exe
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\blueto~1.lnk - c:\program files\lenovo\bluetooth software\BTTray.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\lenovo\bluetooth software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.lenovo.com
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: autobazar.eu
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264672677421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: PicNotify - PicNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\peto\dataap~1\mozilla\firefox\profiles\uwaa8407.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 192.168.1.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\peto\data aplikacă*\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\peto\data aplikacă*\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\peto\local settings\data aplikacă*\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-3-11 165264]
R1 MpKsl802fbf1e;MpKsl802fbf1e;c:\documents and settings\all users\data aplikací\microsoft\microsoft antimalware\definition updates\{8ffaa301-90a2-4bd9-b452-44a2bdd01c23}\MpKsl802fbf1e.sys [2011-5-13 28752]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [2011-3-7 51072]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\qstart.sys\config\DVMExportService.exe [2009-3-26 315392]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-1-31 88176]
R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\lenovo\onekey app\system repair\UpdateMonitor.exe [2009-9-28 430080]
R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2009-9-28 48192]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2009-12-20 9472]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2008-4-14 69120]
S1 MpKsl70f9fc5b;MpKsl70f9fc5b;\??\c:\documents and settings\all users\data aplikací\microsoft\microsoft antimalware\definition updates\{00727e7b-4480-48b1-bacf-dd1a13116f19}\mpksl70f9fc5b.sys --> c:\documents and settings\all users\data aplikací\microsoft\microsoft antimalware\definition updates\{00727e7b-4480-48b1-bacf-dd1a13116f19}\MpKsl70f9fc5b.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-9-28 1684736]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-19 136176]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 2146496]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15232]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-28 165888]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2009-9-28 81192]
.
=============== Created Last 30 ================
.
2011-05-13 19:33:03 28752 ----a-w- c:\docume~1\alluse~1\dataap~1\microsoft\microsoft antimalware\definition updates\{8ffaa301-90a2-4bd9-b452-44a2bdd01c23}\MpKsl802fbf1e.sys
2011-05-13 19:27:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-11 11:25:47 -------- d-----w- c:\windows\Snapshot
2011-05-09 18:33:57 7071056 ----a-w- c:\docume~1\alluse~1\dataap~1\microsoft\microsoft antimalware\definition updates\{8ffaa301-90a2-4bd9-b452-44a2bdd01c23}\mpengine.dll
2011-05-02 19:16:20 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-02 19:16:20 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-29 18:50:15 -------- d-----w- c:\program files\Veetle
.
==================== Find3M ====================
.
2011-05-13 19:27:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-18 10:23:39 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-07 18:51:15 405 ----a-w- c:\windows\system32\ANGELDOS.SYS
2011-03-07 18:51:15 20480 ----a-w- c:\windows\system32\ANGELVDD.DLL
2011-03-07 05:33:34 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36:57 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53:33 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08:04 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08:03 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:54:06 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 21:40:52,78 ===============

Hi,
the problem is getting worse I think. Every day I remove up to 5 Trojans through nod32 online scanner (my MS Security Essentials doesn't detect anything) and 20 malware softs through AdAware.
Despite that Windows doesn't launch properly, Firefox barely moves and redirects continuously. Here is a fresh DDS log. Hopefully u ll help me to get rid of it. Thanx

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Peto at 17:58:13,95 on po 16.05.2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.74 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\QSTART.SYS\config\DVMExportService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\BisonC07\BisonM07.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
C:\Documents and Settings\Peto\Plocha\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.sk/
uInternet Connection Wizard,ShellNext = hxxp://lenovo.live.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mWinlogon: Taskman=c:\documents and settings\peto\ctfmon.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BisonMnt] c:\windows\bisonc07\BisonM07.exe
mRun: [VeriFaceManager] c:\program files\lenovo\verifaceiii\PManage.exe
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\blueto~1.lnk - c:\program files\lenovo\bluetooth software\BTTray.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\lenovo\bluetooth software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.lenovo.com
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: autobazar.eu
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264672677421
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: PicNotify - PicNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\peto\dataap~1\mozilla\firefox\profiles\uwaa8407.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 192.168.1.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\peto\data aplikacă*\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\peto\data aplikacă*\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\peto\local settings\data aplikacă*\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-3-11 165264]
R1 MpKsl16239681;MpKsl16239681;c:\documents and settings\all users\data aplikací\microsoft\microsoft antimalware\definition updates\{ae992952-4ccf-4384-93b5-bc54b6845cbb}\MpKsl16239681.sys [2011-5-16 28752]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [2011-3-7 51072]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\qstart.sys\config\DVMExportService.exe [2009-3-26 315392]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-1-31 88176]
R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\lenovo\onekey app\system repair\UpdateMonitor.exe [2009-9-28 430080]
R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2009-9-28 48192]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2009-12-20 9472]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 2146496]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15232]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2008-4-14 69120]
S1 MpKsl70f9fc5b;MpKsl70f9fc5b;\??\c:\documents and settings\all users\data aplikací\microsoft\microsoft antimalware\definition updates\{00727e7b-4480-48b1-bacf-dd1a13116f19}\mpksl70f9fc5b.sys --> c:\documents and settings\all users\data aplikací\microsoft\microsoft antimalware\definition updates\{00727e7b-4480-48b1-bacf-dd1a13116f19}\MpKsl70f9fc5b.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-9-28 1684736]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-19 136176]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-28 165888]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2009-9-28 81192]
.
=============== Created Last 30 ================
.
2011-05-16 12:38:38 28752 ----a-w- c:\docume~1\alluse~1\dataap~1\microsoft\microsoft antimalware\definition updates\{ae992952-4ccf-4384-93b5-bc54b6845cbb}\MpKsl16239681.sys
2011-05-16 12:38:09 7071056 ----a-w- c:\docume~1\alluse~1\dataap~1\microsoft\microsoft antimalware\definition updates\{ae992952-4ccf-4384-93b5-bc54b6845cbb}\mpengine.dll
2011-05-14 17:26:48 -------- d-----w- c:\program files\ESET
2011-05-13 19:27:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-11 11:25:47 -------- d-----w- c:\windows\Snapshot
2011-05-02 19:16:20 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-02 19:16:20 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-29 18:50:15 -------- d-----w- c:\program files\Veetle
.
==================== Find3M ====================
.
2011-05-13 19:27:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-18 10:23:39 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-07 18:51:15 405 ----a-w- c:\windows\system32\ANGELDOS.SYS
2011-03-07 18:51:15 20480 ----a-w- c:\windows\system32\ANGELVDD.DLL
2011-03-07 05:33:34 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36:57 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53:33 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08:04 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08:03 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:54:06 5632 ----a-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 18:01:41,34 ===============

**ken545** · 2011-05-18, 22:47

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Sorry for the delay but a bit of a mix up with your posts. You need to reply to this thread only and please do not start any new topics

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Please download Malwarebytes from Here or Here

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report please

**verko1** · 2011-05-18, 23:44

Hi Ken 545,
Thank you for your time.

GooredFix downloaded, run and log is below (hopefully I did it right because it took only like 3 seconds to produce that log with firefox closed).

Malwarebytes also downloaded, installed, updated but it didnt find anything, log attached.

Quick update about situation here. In the morning, I run Spybot but for the first time it didnt find ANYTHING, also nod32 onlinescanner didnt recognize any Trojans. AdAware though, found usual 20 tracking cookies, like every day. Running all of them was necessary, otherwise my netbook wouldnt even move, since svchost still utilizes lots of RAM and sometimes uses 98 percent of cpu. Firefox still redirects and Windows update doesnt work. Seems like infection got deeper :-/

GooredFix by jpshortstuff (03.07.10.1)
Log created at 23:19 on 18/05/2011 (Peto)
Firefox version 4.0.1 (en-US)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [10:05 10/05/2011]
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [09:04 01/04/2010]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [13:32 23/04/2010]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [06:23 09/08/2010]
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [20:09 05/11/2010]
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [19:27 13/05/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [19:36 27/01/2010]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [21:17 31/01/2010]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [19:27 13/05/2011]

-=E.O.F=-

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6612

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18.5.2011 23:31:39
mbam-log-2011-05-18 (23-31-39).txt

Scan type: Quick scan
Objects scanned: 153623
Time elapsed: 9 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**ken545** · 2011-05-18, 23:56

How is Firefox behaving now, still redirects ?

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

**verko1** · 2011-05-19, 01:10

Hi again

,

I visited sites that usually got redirected (wikipedia and youtube) and they seem to run clean and neat :-) Entire pc (especially when booting and shutting down), as well as Firefox seems faster as before (I might be only paranoid)

Combofix log below:

P.S. I will probably carry out your next advise in the morning since it is after midnight already.

Thank you

ComboFix 11-05-17.03 - Peto 19.05.2011 0:29.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.476 [GMT 2:00]
Spuštěný z: c:\documents and settings\Peto\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-18 do 2011-05-18 )))))))))))))))))))))))))))))))
.
.
2011-05-18 22:19 . 2011-05-18 22:19 28752 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{602BA0BE-0473-429A-A134-0DA9D87044D6}\MpKsl1165510f.sys
2011-05-18 22:19 . 2011-04-18 07:15 7071056 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{602BA0BE-0473-429A-A134-0DA9D87044D6}\mpengine.dll
2011-05-18 21:21 . 2011-05-18 21:21 -------- d-----w- c:\documents and settings\Peto\Data aplikací\Malwarebytes
2011-05-18 21:21 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-18 21:21 . 2011-05-18 21:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-05-18 21:21 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-18 21:21 . 2011-05-18 21:21 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2011-05-17 14:04 . 2011-05-17 14:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-14 18:31 . 2011-05-14 18:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Adobe
2011-05-14 17:26 . 2011-05-14 17:26 -------- d-----w- c:\program files\ESET
2011-05-13 20:08 . 2011-05-13 20:08 -------- d-----w- c:\program files\ERUNT
2011-05-13 19:27 . 2011-05-13 19:27 -------- d-----w- c:\program files\Common Files\Java
2011-05-13 19:27 . 2011-05-13 19:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-13 19:27 . 2011-05-13 19:27 -------- d-----w- c:\program files\Java
2011-05-11 11:25 . 2011-05-11 11:25 -------- d-----w- c:\windows\Snapshot
2011-05-02 19:16 . 2011-05-02 19:16 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-02 19:11 . 2011-05-02 19:11 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-05-01 16:26 . 2011-05-02 19:15 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\Thunderbird
2011-05-01 16:26 . 2011-05-01 16:26 -------- d-----r- c:\documents and settings\NetworkService\Oblíbené položky
2011-04-29 18:50 . 2011-05-02 19:15 -------- d-----w- c:\program files\Veetle
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-13 19:27 . 2010-04-23 13:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-18 10:23 . 2010-10-21 19:07 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-18 07:15 . 2010-01-28 11:43 7071056 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-07 18:51 . 2011-03-07 18:51 51072 ----a-w- c:\windows\system32\drivers\ANGELNT.SYS
2011-03-07 18:51 . 2011-03-07 18:51 20480 ----a-w- c:\windows\system32\ANGELVDD.DLL
2011-03-07 18:51 . 2011-03-07 18:51 11520 ----a-w- c:\windows\system32\drivers\angelusb.sys
2011-03-07 05:33 . 2008-09-01 10:14 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2008-04-14 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2008-04-14 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-14 16:26 . 2011-05-10 10:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2009-12-19 23:00 241752 ----a-w- c:\windows\system32\IcnOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"RTHDCPL"="RTHDCPL.EXE" [2009-07-20 18670592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"BisonMnt"="c:\windows\BisonC07\BisonM07.exe" [2009-05-05 36864]
"VeriFaceManager"="c:\program files\Lenovo\VeriFaceIII\PManage.exe" [2009-12-19 323584]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-01-04 4462464]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2008-12-26 1277952]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-1-16 604776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PicNotify]
2009-12-19 23:00 1167360 ----a-w- c:\windows\system32\PicNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\Peto\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"googletalk"=c:\program files\Google\Google Talk\googletalk.exe /autostart
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Kalkulacky\\DR\\Deutscher Ring Calculator SK.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Peto\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.4.2010 9:46 691696]
R1 MpKsl1165510f;MpKsl1165510f;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{602BA0BE-0473-429A-A134-0DA9D87044D6}\MpKsl1165510f.sys [19.5.2011 0:19 28752]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [7.3.2011 20:51 51072]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\qstart.sys\config\DVMExportService.exe [26.3.2009 10:20 315392]
R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [28.9.2009 3:09 430080]
R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [28.9.2009 3:09 48192]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [20.12.2009 1:08 9472]
S1 MpKsl16239681;MpKsl16239681;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{AE992952-4CCF-4384-93B5-BC54B6845CBB}\MpKsl16239681.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{AE992952-4CCF-4384-93B5-BC54B6845CBB}\MpKsl16239681.sys [?]
S1 MpKsl70f9fc5b;MpKsl70f9fc5b;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{00727E7B-4480-48B1-BACF-DD1A13116F19}\MpKsl70f9fc5b.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{00727E7B-4480-48B1-BACF-DD1A13116F19}\MpKsl70f9fc5b.sys [?]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [31.1.2010 23:17 88176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28.9.2009 3:03 1684736]
S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19.10.2010 9:58 136176]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12.8.2010 14:15 2146496]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12.8.2010 14:15 15232]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [28.9.2009 3:04 165888]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [28.9.2009 3:09 81192]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL1165510F
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 15:14]
.
2011-05-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
uInternet Connection Wizard,ShellNext = hxxp://lenovo.live.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
Trusted Zone: autobazar.eu
FF - ProfilePath - c:\documents and settings\Peto\Data aplikací\Mozilla\Firefox\Profiles\uwaa8407.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 192.168.1.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-19 00:44
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BisonMnt = c:\windows\BisonC07\BisonM07.exe?????????????????????????????????????????????????????????????????????????????????P??????????????????????????????????????????|???x????????????v?|????????x???????????|????????x?|????? Q?????|???$??????|????????|???8????X?w???
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\PicNotify.dll
c:\windows\system32\FaceVerify.dll
c:\windows\system32\MainOp.dll
c:\windows\system32\VideoOp.dll
c:\windows\system32\Image.dll
c:\windows\system32\Momo.dll
c:\windows\system32\Apblend.dll
c:\windows\system32\SetDev.dll
c:\windows\system32\FunFrm.dll
c:\windows\system32\facev.dll
.
Celkový čas: 2011-05-19 00:50:27
ComboFix-quarantined-files.txt 2011-05-18 22:50
.
Před spuštěním: Volných bajtů: 88*919*552*000
Po spuštění: Volných bajtů: 89*112*014*848
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[Boot Loader]
Timeout=2
Default=c:\$win_nt$.~bt\BOOTSECT.DAT
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
c:\$win_nt$.~bt\BOOTSECT.DAT="Microsoft Windows XP Professional - instalace"
.
- - End Of File - - E6C626229B2E1FFB418DD73586B7C5D2

**verko1** · 2011-05-19, 01:23

Right as I posted the reply a new Firefox window opened with 6 tabs full of advertisement.

**ken545** · 2011-05-19, 01:29

BisonM07.exe <--What can you tell me about this program, is it something you installed and use ?

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

OTL by OldTimer

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

**verko1** · 2011-05-19, 10:12

Hi Im back,

BisonM07 - i can only tell you what google says: "one of the most infamous and toughest computer error which is closely tied with BisonM07.exe file. BisonM07.exe file is one of an important Dynamic-link library file playing a crucial role in the Microsoft Windows"
- in other words it is not something I installed, or intend to use. On the other side I am almost sure it has been there since I bought the PC.

Situation update: winupdate not working, computer runs much faster, firefox redirects, after rebooting svchost uses minimum memory, but as I start firefox it starts consuming more, eventually reaching 260 000kb after few hours. And one more thing, I am not sure if it is connected to my problem, but it did not happen before. When I start Firefox, nothing happens - firefox process pops up in task manager using like 8000kb but thats all. I gotta click 2-5 times to really open it and then kill other firefox processes. And it sometimes happens to explorer as well (not internet explorer) on start up of the PC - so i have to kill explorer and start new task in order to start pc.

Now back to logs:

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-19 09:34:30
-----------------------------
09:34:30.578 OS Version: Windows 5.1.2600 Service Pack 3
09:34:30.578 Number of processors: 2 586 0x1C02
09:34:30.578 ComputerName: LENOVO-PV UserName: Peto
09:34:32.437 Initialize success
09:35:38.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
09:35:38.296 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
09:35:38.296 Disk 0 MBR read error 0
09:35:38.296 Disk 0 MBR scan
09:35:38.296 Disk 0 unknown MBR code
09:35:38.312 MBR BIOS signature not found 0
09:35:38.312 Disk 0 scanning sectors +312581808
09:35:38.328 Disk 0 scanning C:\WINDOWS\system32\drivers
09:35:44.343 Service scanning
09:35:45.953 Disk 0 trace - called modules:
09:35:45.953 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x865524f0]<<
09:35:45.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f27030]
09:35:45.968 3 CLASSPNP.SYS[f78bdfd7] -> nt!IofCallDriver -> \Device\00000075[0x86eeda28]
09:35:45.984 5 ACPI.sys[f7729620] -> nt!IofCallDriver -> [0x86f28028]
09:35:46.000 \Driver\iaStor[0x86f48290] -> IRP_MJ_CREATE -> 0x865524f0
09:35:46.015 Scan finished successfully
09:36:44.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Peto\Plocha\MBR.dat"
09:36:44.593 The log file has been saved successfully to "C:\Documents and Settings\Peto\Plocha\aswMBR.txt"

OTL logfile created on: 19.5.2011 9:38:30 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Peto\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1*014,00 Mb Total Physical Memory | 431,00 Mb Available Physical Memory | 43,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105,10 Gb Total Space | 83,01 Gb Free Space | 78,99% Space Free | Partition Type: NTFS
Drive D: | 29,19 Gb Total Space | 2,55 Gb Free Space | 8,73% Space Free | Partition Type: NTFS

Computer Name: LENOVO-PV | User Name: Peto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Peto\Plocha\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\WINDOWS\BisonC07\BisonM07.exe ()
PRC - C:\QSTART.SYS\config\DVMExportService.exe (DeviceVM)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
PRC - C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
PRC - C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Peto\Plocha\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)

========== Win32 Services (SafeList) ==========

SRV - (WLTRYSVC) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (DvmMDES) -- C:\QSTART.SYS\config\DVMExportService.exe (DeviceVM)
SRV - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (System_Repair_UpdateMonitor) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (Lenovo Group Limited)

========== Driver Services (SafeList) ==========

DRV - (MpKsl5fef053f) -- c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{2F4F7EF3-A454-434F-BB15-71F1D9F1A68C}\MpKsl5fef053f.sys (Microsoft Corporation)
DRV - (Angelnt) -- C:\WINDOWS\System32\Drivers\ANGELNT.SYS (Identcode Ltd.)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (Cam5607) -- C:\WINDOWS\system32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (tvtumon) -- C:\WINDOWS\system32\drivers\tvtumon.sys (Lenovo)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (ACPIVPC) -- C:\WINDOWS\system32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (WSVD) -- C:\WINDOWS\system32\drivers\WSVD.sys (CyberLink)
DRV - (WimFltr) -- C:\WINDOWS\system32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com

IE - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
IE - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: sk@dictionaries.addons.mozilla.org:2.03.2
FF - prefs.js..network.proxy.http: "192.168.1.1"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011.05.18 14:50:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.10 12:05:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.10 11:37:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.05.11 11:47:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010.01.31 22:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Extensions
[2010.01.31 22:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.05.02 21:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Firefox\Profiles\uwaa8407.default\extensions
[2010.10.09 11:15:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Firefox\Profiles\uwaa8407.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.12 21:47:24 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Firefox\Profiles\uwaa8407.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.02.22 21:19:06 | 000,000,000 | ---D | M] (SlovnĂ*ky slovenskĂ©ho pravopisu) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Firefox\Profiles\uwaa8407.default\extensions\sk@dictionaries.addons.mozilla.org
[2010.10.09 11:15:54 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Firefox\Profiles\uwaa8407.default\extensions\youtube2mp3@mondayx.de
[2011.05.13 21:27:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.23 15:32:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.09 08:23:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.05 22:09:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.05.13 21:27:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PETO\DATA APLIKACĂ*\MOZILLA\FIREFOX\PROFILES\UWAA8407.DEFAULT\EXTENSIONS\DE-DE@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PETO\DATA APLIKACĂ*\MOZILLA\FIREFOX\PROFILES\UWAA8407.DEFAULT\EXTENSIONS\SK@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PETO\DATA APLIKACĂ*\MOZILLA\FIREFOX\PROFILES\UWAA8407.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE
[2011.05.13 21:27:09 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.05.18 14:50:17 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011.04.14 18:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011.05.13 21:27:07 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011.05.12 10:09:40 | 000,434,210 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 14947 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [BisonMnt] C:\WINDOWS\BisonC07\BisonM07.exe ()
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
O4 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk = C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O15 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\..Trusted Domains: autobazar.eu ([]* in Důvěryhodné servery)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1264672677421 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos...ineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PicNotify: DllName - PicNotify.dll - C:\WINDOWS\System32\PicNotify.dll ()
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\WALLPAPER\LENOVO1.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\WALLPAPER\LENOVO1.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.09.01 12:17:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.05.19 09:33:59 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Peto\Plocha\OTL.exe
[2011.05.19 09:30:01 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Peto\Plocha\aswMBR.exe
[2011.05.19 00:26:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.05.19 00:22:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.05.19 00:22:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.05.19 00:22:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.05.19 00:22:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.05.19 00:16:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.05.18 23:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peto\Data aplikací\Malwarebytes
[2011.05.18 23:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2011.05.18 23:21:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.05.18 23:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2011.05.18 23:21:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.05.18 23:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2011.05.18 23:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peto\Plocha\GooredFix Backups
[2011.05.18 23:17:50 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Peto\Plocha\mbam-setup-1.50.1.1100.exe
[2011.05.18 23:16:36 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Peto\Plocha\GooredFix.exe
[2011.05.17 16:04:52 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.05.14 20:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Adobe
[2011.05.14 19:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.05.13 22:09:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.05.13 22:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\ERUNT
[2011.05.13 22:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011.05.13 21:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.05.13 21:27:24 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.05.13 21:27:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.05.13 21:27:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.05.13 21:27:24 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011.05.13 21:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.05.13 19:40:34 | 004,614,888 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Peto\Plocha\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[2011.05.13 18:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peto\Plocha\gmer
[2011.05.13 13:16:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peto\Plocha\intsall_files
[2011.05.13 13:04:24 | 002,074,384 | ---- | C] (Hewlett-Packard ) -- C:\Documents and Settings\Peto\Plocha\HPTool.exe
[2011.05.12 23:54:44 | 000,471,688 | ---- | C] (Lenovo Group Limited ) -- C:\Documents and Settings\Peto\Plocha\6iim10ww.exe
[2011.05.11 13:25:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Snapshot
[2011.05.10 11:42:45 | 012,521,992 | ---- | C] (Mozilla) -- C:\Documents and Settings\Peto\Plocha\Firefox Setup 4.0.1.exe
[2011.05.01 18:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Data aplikací\Thunderbird
[2011.04.30 17:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Data aplikací\Sun
[2011.04.30 17:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Data aplikací\Macromedia
[2011.04.30 17:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Data aplikací\Adobe
[2011.04.29 20:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2011.04.23 17:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peto\Plocha\DP33-50
[2011.04.20 10:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peto\Plocha\DP16-32
[2011.04.19 19:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peto\Plocha\DP1-15
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.05.19 09:36:44 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\MBR.dat
[2011.05.19 09:34:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Peto\Plocha\OTL.exe
[2011.05.19 09:32:36 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2011.05.19 09:30:09 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Peto\Plocha\aswMBR.exe
[2011.05.19 09:27:39 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.05.19 09:22:35 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo
[2011.05.19 09:22:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.05.19 09:22:00 | 1063,202,816 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.19 00:26:54 | 000,000,390 | RHS- | M] () -- C:\boot.ini
[2011.05.19 00:21:24 | 004,351,251 | R--- | M] () -- C:\Documents and Settings\Peto\Plocha\ComboFix.exe
[2011.05.18 23:21:28 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.05.18 23:18:03 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Peto\Plocha\mbam-setup-1.50.1.1100.exe
[2011.05.18 23:16:39 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Peto\Plocha\GooredFix.exe
[2011.05.18 22:27:08 | 000,088,576 | ---- | M] () -- C:\Documents and Settings\Peto\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.18 13:14:55 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011.05.18 13:03:35 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\userinit.exe
[2011.05.18 00:28:35 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011.05.18 00:28:35 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011.05.17 16:04:52 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.05.17 12:15:24 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2011.05.16 20:22:14 | 000,029,151 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\Snímek 005.jpg
[2011.05.16 20:21:24 | 000,030,420 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\Snímek 004.jpg
[2011.05.14 09:55:34 | 000,434,452 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.05.14 09:55:34 | 000,431,420 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2011.05.14 09:55:34 | 000,079,708 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2011.05.14 09:55:34 | 000,069,024 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.05.13 22:10:19 | 000,003,849 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\Attach.zip
[2011.05.13 22:08:30 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\ERUNT.lnk
[2011.05.13 21:27:05 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.05.13 21:27:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.05.13 21:27:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.05.13 21:27:05 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011.05.13 21:27:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011.05.13 19:40:45 | 004,614,888 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Peto\Plocha\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[2011.05.13 18:23:36 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\dds.scr
[2011.05.13 13:16:16 | 000,074,006 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\intsall.htm
[2011.05.13 13:13:45 | 003,402,105 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\WinSetupFromUSB_0-2-2.exe
[2011.05.13 13:04:29 | 002,074,384 | ---- | M] (Hewlett-Packard ) -- C:\Documents and Settings\Peto\Plocha\HPTool.exe
[2011.05.12 23:54:57 | 000,471,688 | ---- | M] (Lenovo Group Limited ) -- C:\Documents and Settings\Peto\Plocha\6iim10ww.exe
[2011.05.12 10:09:40 | 000,434,210 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.05.10 14:50:47 | 002,631,789 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\PV_CH1.tif
[2011.05.10 12:10:45 | 000,000,273 | ---- | M] () -- C:\Boot.bak
[2011.05.10 11:43:05 | 012,521,992 | ---- | M] (Mozilla) -- C:\Documents and Settings\Peto\Plocha\Firefox Setup 4.0.1.exe
[2011.05.09 07:40:13 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.05.02 22:08:59 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.05.02 21:43:29 | 000,433,404 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110512-100940.backup
[2011.05.01 20:53:00 | 000,029,417 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\SRO_vyssia.htm
[2011.05.01 20:52:44 | 000,029,417 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\SRO_nizka.htm
[2011.05.01 11:08:16 | 000,433,404 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110502-214329.backup
[2011.04.25 21:48:12 | 000,117,693 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\Nemcina.pdf
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.05.19 09:36:44 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\MBR.dat
[2011.05.19 00:26:49 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2011.05.19 00:22:59 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.05.19 00:22:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.05.19 00:22:59 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.05.19 00:22:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.05.19 00:22:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.05.18 23:21:28 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.05.16 20:22:14 | 000,029,151 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\Snímek 005.jpg
[2011.05.16 20:21:24 | 000,030,420 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\Snímek 004.jpg
[2011.05.13 22:10:19 | 000,003,849 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\Attach.zip
[2011.05.13 22:08:30 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\ERUNT.lnk
[2011.05.13 19:54:38 | 004,351,251 | R--- | C] () -- C:\Documents and Settings\Peto\Plocha\ComboFix.exe
[2011.05.13 18:23:21 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\dds.scr
[2011.05.13 13:16:12 | 000,074,006 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\intsall.htm
[2011.05.13 13:12:34 | 003,402,105 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\WinSetupFromUSB_0-2-2.exe
[2011.05.10 14:47:13 | 002,631,789 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\PV_CH1.tif
[2011.05.09 22:09:34 | 000,000,273 | ---- | C] () -- C:\Boot.bak
[2011.05.09 22:09:33 | 000,467,439 | R--- | C] () -- C:\txtsetup.sif
[2011.05.09 22:09:33 | 000,261,328 | R--- | C] () -- C:\old_$LDR$
[2011.05.02 22:20:13 | 1063,202,816 | -HS- | C] () -- C:\hiberfil.sys
[2011.05.01 20:52:57 | 000,029,417 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\SRO_vyssia.htm
[2011.05.01 20:52:43 | 000,029,417 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\SRO_nizka.htm
[2011.05.01 10:52:14 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011.05.01 10:52:14 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011.04.25 21:48:12 | 000,117,693 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\Nemcina.pdf
[2011.03.07 20:51:15 | 000,000,405 | ---- | C] () -- C:\WINDOWS\System32\ANGELDOS.SYS
[2010.10.21 21:07:00 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010.10.10 20:10:54 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.02.01 15:18:28 | 000,026,112 | R--- | C] () -- C:\WINDOWS\LgUninst.exe
[2010.01.31 21:49:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.01.28 16:35:19 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.01.28 15:58:36 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.01.27 23:53:34 | 000,088,576 | ---- | C] () -- C:\Documents and Settings\Peto\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.20 01:14:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.12.20 01:00:59 | 009,338,880 | ---- | C] () -- C:\WINDOWS\System32\Facev.dll
[2009.12.20 01:00:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\image.dll
[2009.12.20 01:00:57 | 000,655,360 | ---- | C] () -- C:\WINDOWS\System32\EncIcons.dll
[2009.12.20 01:00:57 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
[2009.12.20 01:00:57 | 000,241,752 | ---- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll
[2009.12.20 01:00:57 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SetDev.dll
[2009.12.20 01:00:57 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\VideoOp.dll
[2009.12.20 01:00:57 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FunFrm.dll
[2009.12.20 01:00:56 | 009,502,720 | ---- | C] () -- C:\WINDOWS\System32\FaceVerify.dll
[2009.12.20 01:00:56 | 001,564,672 | ---- | C] () -- C:\WINDOWS\System32\MainOp.dll
[2009.12.20 01:00:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DevFilt.dll
[2009.12.20 01:00:54 | 001,974,272 | ---- | C] () -- C:\WINDOWS\System32\Imagereog.dll
[2009.12.20 01:00:54 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\PicNotify.dll
[2009.12.20 01:00:54 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\Apblend.dll
[2009.12.20 01:00:54 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Momo.dll
[2009.12.20 01:00:52 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll
[2009.12.20 00:58:22 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009.09.28 04:03:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.09.28 03:04:19 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009.01.16 18:55:38 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008.11.07 18:08:20 | 000,362,029 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2008.09.01 14:07:47 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.09.01 14:06:25 | 000,305,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.09.01 12:20:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.09.01 12:14:26 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.07.22 04:30:37 | 000,001,650 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008.04.14 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 14:00:00 | 000,434,452 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 14:00:00 | 000,431,420 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2008.04.14 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 14:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2008.04.14 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 14:00:00 | 000,079,708 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2008.04.14 14:00:00 | 000,069,024 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 14:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2008.04.14 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002.11.06 12:16:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\angel32.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001.10.10 09:36:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.10.10 09:35:30 | 000,004,492 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.09.13 20:59:12 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\mejlovani.dll
[1999.02.11 15:34:14 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\Kernel.dll

< End of report >

**verko1** · 2011-05-19, 10:18

OTL Extras logfile created on: 19.5.2011 9:38:30 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Peto\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1*014,00 Mb Total Physical Memory | 431,00 Mb Available Physical Memory | 43,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105,10 Gb Total Space | 83,01 Gb Free Space | 78,99% Space Free | Partition Type: NTFS
Drive D: | 29,19 Gb Total Space | 2,55 Gb Free Space | 8,73% Space Free | Partition Type: NTFS

Computer Name: LENOVO-PV | User Name: Peto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1125204742-4262373417-1560341529-1008\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe -- (ICQ, LLC.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe -- (ICQ, LLC.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Kalkulacky\DR\Deutscher Ring Calculator SK.exe" = C:\Program Files\Kalkulacky\DR\Deutscher Ring Calculator SK.exe:*:Enabled:Deutscher Ring Calculator SK -- ()
"C:\Documents and Settings\Peto\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Peto\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{357B11ED-5417-4CF3-8EB2-386299BC30E0}" = Lenovo Quick Start
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{37C5A56A-00EA-347B-B7A1-5628BED56702}" = Google Talk Plugin
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}" = ACDSee Pro 2
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69E369F1-6A92-47B5-86D5-474A7E06B3DC}" = ALFA 17.11.00
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom WLAN
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90A40405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Součásti připojení sady Microsoft Office Small Business
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.2 - Czech
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Balíček ovladače systému Windows - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Balíček ovladače systému Windows - Nokia Modem (06/01/2009 7.01.0.4)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AMSLICO projekčný software_is1" = EURO 6
"CsobApp" = WinPonuka
"Deutscher Ring Calculator SK_is1" = Calculator SK 2.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Standard)
"Lexicon 4.0" = Lingea Lexicon 2002
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NetSetMan_is1" = NetSetMan 3.0.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"Picasa 3" = Picasa 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"VeriFace III" = VeriFace III
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

**verko1** · 2011-05-19, 10:21

Sorry had to put it to attachment, because it did not let me send it - site always said: connection reset

Thread: Click.GiftLoad :-(

Thread Tools

Display

Click.GiftLoad :-(

Posting Permissions