View Full Version : Click.GiftLoad :-(
Hi,
unfortunately I also found this malware in my PC and cannot get rid of it. Thank u for ur help in advance.
I´ve already backed up the registry.
I´ve only tried to remove it with the help of AdAware and Spybot
Symptoms:
- svchost running crazy using 200 000 kb
- firefox redirects to different sites
- sometimes limited connectivity
- and the last one which happened few minutes ago - I couldnt log in to windows using my password. I had to smile to lenovo Veriface in order to log in.
Here is the the log:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Peto at 21:37:51,40 on p* 13.05.2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.476 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\QSTART.SYS\config\DVMExportService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\BisonC07\BisonM07.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Documents and Settings\Peto\Plocha\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.sk/
uInternet Connection Wizard,ShellNext = hxxp://lenovo.live.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mWinlogon: Taskman=c:\documents and settings\peto\ctfmon.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BisonMnt] c:\windows\bisonc07\BisonM07.exe
mRun: [VeriFaceManager] c:\program files\lenovo\verifaceiii\PManage.exe
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\blueto~1.lnk - c:\program files\lenovo\bluetooth software\BTTray.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\lenovo\bluetooth software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.lenovo.com
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: autobazar.eu
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264672677421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: PicNotify - PicNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\peto\dataap~1\mozilla\firefox\profiles\uwaa8407.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 192.168.1.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\peto\data aplikacă*\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\peto\data aplikacă*\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\peto\local settings\data aplikacă*\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-3-11 165264]
R1 MpKsl802fbf1e;MpKsl802fbf1e;c:\documents and settings\all users\data aplikací\microsoft\microsoft antimalware\definition updates\{8ffaa301-90a2-4bd9-b452-44a2bdd01c23}\MpKsl802fbf1e.sys [2011-5-13 28752]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [2011-3-7 51072]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\qstart.sys\config\DVMExportService.exe [2009-3-26 315392]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-1-31 88176]
R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\lenovo\onekey app\system repair\UpdateMonitor.exe [2009-9-28 430080]
R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2009-9-28 48192]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2009-12-20 9472]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2008-4-14 69120]
S1 MpKsl70f9fc5b;MpKsl70f9fc5b;\??\c:\documents and settings\all users\data aplikací\microsoft\microsoft antimalware\definition updates\{00727e7b-4480-48b1-bacf-dd1a13116f19}\mpksl70f9fc5b.sys --> c:\documents and settings\all users\data aplikací\microsoft\microsoft antimalware\definition updates\{00727e7b-4480-48b1-bacf-dd1a13116f19}\MpKsl70f9fc5b.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-9-28 1684736]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-19 136176]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 2146496]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15232]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-28 165888]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2009-9-28 81192]
.
=============== Created Last 30 ================
.
2011-05-13 19:33:03 28752 ----a-w- c:\docume~1\alluse~1\dataap~1\microsoft\microsoft antimalware\definition updates\{8ffaa301-90a2-4bd9-b452-44a2bdd01c23}\MpKsl802fbf1e.sys
2011-05-13 19:27:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-11 11:25:47 -------- d-----w- c:\windows\Snapshot
2011-05-09 18:33:57 7071056 ----a-w- c:\docume~1\alluse~1\dataap~1\microsoft\microsoft antimalware\definition updates\{8ffaa301-90a2-4bd9-b452-44a2bdd01c23}\mpengine.dll
2011-05-02 19:16:20 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-02 19:16:20 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-29 18:50:15 -------- d-----w- c:\program files\Veetle
.
==================== Find3M ====================
.
2011-05-13 19:27:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-18 10:23:39 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-07 18:51:15 405 ----a-w- c:\windows\system32\ANGELDOS.SYS
2011-03-07 18:51:15 20480 ----a-w- c:\windows\system32\ANGELVDD.DLL
2011-03-07 05:33:34 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36:57 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53:33 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08:04 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08:03 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:54:06 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 21:40:52,78 ===============
Hi,
the problem is getting worse I think. Every day I remove up to 5 Trojans through nod32 online scanner (my MS Security Essentials doesn't detect anything) and 20 malware softs through AdAware.
Despite that Windows doesn't launch properly, Firefox barely moves and redirects continuously. Here is a fresh DDS log. Hopefully u ll help me to get rid of it. Thanx :thanks:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Peto at 17:58:13,95 on po 16.05.2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.74 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\QSTART.SYS\config\DVMExportService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\BisonC07\BisonM07.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
C:\Documents and Settings\Peto\Plocha\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.sk/
uInternet Connection Wizard,ShellNext = hxxp://lenovo.live.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mWinlogon: Taskman=c:\documents and settings\peto\ctfmon.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BisonMnt] c:\windows\bisonc07\BisonM07.exe
mRun: [VeriFaceManager] c:\program files\lenovo\verifaceiii\PManage.exe
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\blueto~1.lnk - c:\program files\lenovo\bluetooth software\BTTray.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\lenovo\bluetooth software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.lenovo.com
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\lenovo\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: autobazar.eu
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264672677421
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: PicNotify - PicNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\peto\dataap~1\mozilla\firefox\profiles\uwaa8407.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 192.168.1.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\peto\data aplikacă*\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\peto\data aplikacă*\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\peto\local settings\data aplikacă*\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-3-11 165264]
R1 MpKsl16239681;MpKsl16239681;c:\documents and settings\all users\data aplikací\microsoft\microsoft antimalware\definition updates\{ae992952-4ccf-4384-93b5-bc54b6845cbb}\MpKsl16239681.sys [2011-5-16 28752]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [2011-3-7 51072]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\qstart.sys\config\DVMExportService.exe [2009-3-26 315392]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-1-31 88176]
R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\lenovo\onekey app\system repair\UpdateMonitor.exe [2009-9-28 430080]
R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2009-9-28 48192]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2009-12-20 9472]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 2146496]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15232]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2008-4-14 69120]
S1 MpKsl70f9fc5b;MpKsl70f9fc5b;\??\c:\documents and settings\all users\data aplikací\microsoft\microsoft antimalware\definition updates\{00727e7b-4480-48b1-bacf-dd1a13116f19}\mpksl70f9fc5b.sys --> c:\documents and settings\all users\data aplikací\microsoft\microsoft antimalware\definition updates\{00727e7b-4480-48b1-bacf-dd1a13116f19}\MpKsl70f9fc5b.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-9-28 1684736]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-19 136176]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-28 165888]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2009-9-28 81192]
.
=============== Created Last 30 ================
.
2011-05-16 12:38:38 28752 ----a-w- c:\docume~1\alluse~1\dataap~1\microsoft\microsoft antimalware\definition updates\{ae992952-4ccf-4384-93b5-bc54b6845cbb}\MpKsl16239681.sys
2011-05-16 12:38:09 7071056 ----a-w- c:\docume~1\alluse~1\dataap~1\microsoft\microsoft antimalware\definition updates\{ae992952-4ccf-4384-93b5-bc54b6845cbb}\mpengine.dll
2011-05-14 17:26:48 -------- d-----w- c:\program files\ESET
2011-05-13 19:27:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-11 11:25:47 -------- d-----w- c:\windows\Snapshot
2011-05-02 19:16:20 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-02 19:16:20 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-29 18:50:15 -------- d-----w- c:\program files\Veetle
.
==================== Find3M ====================
.
2011-05-13 19:27:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-18 10:23:39 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-07 18:51:15 405 ----a-w- c:\windows\system32\ANGELDOS.SYS
2011-03-07 18:51:15 20480 ----a-w- c:\windows\system32\ANGELVDD.DLL
2011-03-07 05:33:34 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36:57 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53:33 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08:04 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08:03 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:54:06 5632 ----a-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 18:01:41,34 ===============
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Sorry for the delay but a bit of a mix up with your posts. You need to reply to this thread only and please do not start any new topics
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1 (http://jpshortstuff.247fixes.com/GooredFix.exe)
Download Mirror #2 (http://downloads.securitycadets.com/GooredFix.exe)
Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
Hi Ken 545,
Thank you for your time.
GooredFix downloaded, run and log is below (hopefully I did it right because it took only like 3 seconds to produce that log with firefox closed).
Malwarebytes also downloaded, installed, updated but it didnt find anything, log attached.
Quick update about situation here. In the morning, I run Spybot but for the first time it didnt find ANYTHING, also nod32 onlinescanner didnt recognize any Trojans. AdAware though, found usual 20 tracking cookies, like every day. Running all of them was necessary, otherwise my netbook wouldnt even move, since svchost still utilizes lots of RAM and sometimes uses 98 percent of cpu. Firefox still redirects and Windows update doesnt work. Seems like infection got deeper :-/
GooredFix by jpshortstuff (03.07.10.1)
Log created at 23:19 on 18/05/2011 (Peto)
Firefox version 4.0.1 (en-US)
========== GooredScan ==========
========== GooredLog ==========
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [10:05 10/05/2011]
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [09:04 01/04/2010]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [13:32 23/04/2010]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [06:23 09/08/2010]
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [20:09 05/11/2010]
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [19:27 13/05/2011]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [19:36 27/01/2010]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [21:17 31/01/2010]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [19:27 13/05/2011]
-=E.O.F=-
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6612
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
18.5.2011 23:31:39
mbam-log-2011-05-18 (23-31-39).txt
Scan type: Quick scan
Objects scanned: 153623
Time elapsed: 9 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
How is Firefox behaving now, still redirects ?
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Hi again :thanks:,
I visited sites that usually got redirected (wikipedia and youtube) and they seem to run clean and neat :-) Entire pc (especially when booting and shutting down), as well as Firefox seems faster as before (I might be only paranoid)
Combofix log below:
P.S. I will probably carry out your next advise in the morning since it is after midnight already.
Thank you
ComboFix 11-05-17.03 - Peto 19.05.2011 0:29.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.476 [GMT 2:00]
Spuštěný z: c:\documents and settings\Peto\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-18 do 2011-05-18 )))))))))))))))))))))))))))))))
.
.
2011-05-18 22:19 . 2011-05-18 22:19 28752 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{602BA0BE-0473-429A-A134-0DA9D87044D6}\MpKsl1165510f.sys
2011-05-18 22:19 . 2011-04-18 07:15 7071056 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{602BA0BE-0473-429A-A134-0DA9D87044D6}\mpengine.dll
2011-05-18 21:21 . 2011-05-18 21:21 -------- d-----w- c:\documents and settings\Peto\Data aplikací\Malwarebytes
2011-05-18 21:21 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-18 21:21 . 2011-05-18 21:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-05-18 21:21 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-18 21:21 . 2011-05-18 21:21 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2011-05-17 14:04 . 2011-05-17 14:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-14 18:31 . 2011-05-14 18:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Adobe
2011-05-14 17:26 . 2011-05-14 17:26 -------- d-----w- c:\program files\ESET
2011-05-13 20:08 . 2011-05-13 20:08 -------- d-----w- c:\program files\ERUNT
2011-05-13 19:27 . 2011-05-13 19:27 -------- d-----w- c:\program files\Common Files\Java
2011-05-13 19:27 . 2011-05-13 19:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-13 19:27 . 2011-05-13 19:27 -------- d-----w- c:\program files\Java
2011-05-11 11:25 . 2011-05-11 11:25 -------- d-----w- c:\windows\Snapshot
2011-05-02 19:16 . 2011-05-02 19:16 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-02 19:11 . 2011-05-02 19:11 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-05-01 16:26 . 2011-05-02 19:15 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\Thunderbird
2011-05-01 16:26 . 2011-05-01 16:26 -------- d-----r- c:\documents and settings\NetworkService\Oblíbené položky
2011-04-29 18:50 . 2011-05-02 19:15 -------- d-----w- c:\program files\Veetle
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-13 19:27 . 2010-04-23 13:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-18 10:23 . 2010-10-21 19:07 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-18 07:15 . 2010-01-28 11:43 7071056 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-07 18:51 . 2011-03-07 18:51 51072 ----a-w- c:\windows\system32\drivers\ANGELNT.SYS
2011-03-07 18:51 . 2011-03-07 18:51 20480 ----a-w- c:\windows\system32\ANGELVDD.DLL
2011-03-07 18:51 . 2011-03-07 18:51 11520 ----a-w- c:\windows\system32\drivers\angelusb.sys
2011-03-07 05:33 . 2008-09-01 10:14 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2008-04-14 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2008-04-14 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-14 16:26 . 2011-05-10 10:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2009-12-19 23:00 241752 ----a-w- c:\windows\system32\IcnOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"RTHDCPL"="RTHDCPL.EXE" [2009-07-20 18670592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"BisonMnt"="c:\windows\BisonC07\BisonM07.exe" [2009-05-05 36864]
"VeriFaceManager"="c:\program files\Lenovo\VeriFaceIII\PManage.exe" [2009-12-19 323584]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-01-04 4462464]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2008-12-26 1277952]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-1-16 604776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PicNotify]
2009-12-19 23:00 1167360 ----a-w- c:\windows\system32\PicNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\Peto\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"googletalk"=c:\program files\Google\Google Talk\googletalk.exe /autostart
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Kalkulacky\\DR\\Deutscher Ring Calculator SK.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Peto\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.4.2010 9:46 691696]
R1 MpKsl1165510f;MpKsl1165510f;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{602BA0BE-0473-429A-A134-0DA9D87044D6}\MpKsl1165510f.sys [19.5.2011 0:19 28752]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [7.3.2011 20:51 51072]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\qstart.sys\config\DVMExportService.exe [26.3.2009 10:20 315392]
R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [28.9.2009 3:09 430080]
R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [28.9.2009 3:09 48192]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [20.12.2009 1:08 9472]
S1 MpKsl16239681;MpKsl16239681;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{AE992952-4CCF-4384-93B5-BC54B6845CBB}\MpKsl16239681.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{AE992952-4CCF-4384-93B5-BC54B6845CBB}\MpKsl16239681.sys [?]
S1 MpKsl70f9fc5b;MpKsl70f9fc5b;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{00727E7B-4480-48B1-BACF-DD1A13116F19}\MpKsl70f9fc5b.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{00727E7B-4480-48B1-BACF-DD1A13116F19}\MpKsl70f9fc5b.sys [?]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [31.1.2010 23:17 88176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28.9.2009 3:03 1684736]
S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19.10.2010 9:58 136176]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12.8.2010 14:15 2146496]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12.8.2010 14:15 15232]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [28.9.2009 3:04 165888]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [28.9.2009 3:09 81192]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL1165510F
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 15:14]
.
2011-05-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
uInternet Connection Wizard,ShellNext = hxxp://lenovo.live.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
Trusted Zone: autobazar.eu
FF - ProfilePath - c:\documents and settings\Peto\Data aplikací\Mozilla\Firefox\Profiles\uwaa8407.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 192.168.1.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-19 00:44
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BisonMnt = c:\windows\BisonC07\BisonM07.exe?????????????????????????????????????????????????????????????????????????????????P??????????????????????????????????????????|???x????????????v?|????????x???????????|????????x?|????? Q?????|???$??????|????????|???8????X?w???
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\PicNotify.dll
c:\windows\system32\FaceVerify.dll
c:\windows\system32\MainOp.dll
c:\windows\system32\VideoOp.dll
c:\windows\system32\Image.dll
c:\windows\system32\Momo.dll
c:\windows\system32\Apblend.dll
c:\windows\system32\SetDev.dll
c:\windows\system32\FunFrm.dll
c:\windows\system32\facev.dll
.
Celkový čas: 2011-05-19 00:50:27
ComboFix-quarantined-files.txt 2011-05-18 22:50
.
Před spuštěním: Volných bajtů: 88*919*552*000
Po spuštění: Volných bajtů: 89*112*014*848
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[Boot Loader]
Timeout=2
Default=c:\$win_nt$.~bt\BOOTSECT.DAT
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
c:\$win_nt$.~bt\BOOTSECT.DAT="Microsoft Windows XP Professional - instalace"
.
- - End Of File - - E6C626229B2E1FFB418DD73586B7C5D2
Right as I posted the reply a new Firefox window opened with 6 tabs full of advertisement. :sad:
BisonM07.exe <--What can you tell me about this program, is it something you installed and use ?
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png
On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Hi Im back,
BisonM07 - i can only tell you what google says: "one of the most infamous and toughest computer error which is closely tied with BisonM07.exe file. BisonM07.exe file is one of an important Dynamic-link library file playing a crucial role in the Microsoft Windows"
- in other words it is not something I installed, or intend to use. On the other side I am almost sure it has been there since I bought the PC.
Situation update: winupdate not working, computer runs much faster, firefox redirects, after rebooting svchost uses minimum memory, but as I start firefox it starts consuming more, eventually reaching 260 000kb after few hours. And one more thing, I am not sure if it is connected to my problem, but it did not happen before. When I start Firefox, nothing happens - firefox process pops up in task manager using like 8000kb but thats all. I gotta click 2-5 times to really open it and then kill other firefox processes. And it sometimes happens to explorer as well (not internet explorer) on start up of the PC - so i have to kill explorer and start new task in order to start pc.
Now back to logs:
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-19 09:34:30
-----------------------------
09:34:30.578 OS Version: Windows 5.1.2600 Service Pack 3
09:34:30.578 Number of processors: 2 586 0x1C02
09:34:30.578 ComputerName: LENOVO-PV UserName: Peto
09:34:32.437 Initialize success
09:35:38.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
09:35:38.296 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
09:35:38.296 Disk 0 MBR read error 0
09:35:38.296 Disk 0 MBR scan
09:35:38.296 Disk 0 unknown MBR code
09:35:38.312 MBR BIOS signature not found 0
09:35:38.312 Disk 0 scanning sectors +312581808
09:35:38.328 Disk 0 scanning C:\WINDOWS\system32\drivers
09:35:44.343 Service scanning
09:35:45.953 Disk 0 trace - called modules:
09:35:45.953 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x865524f0]<<
09:35:45.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f27030]
09:35:45.968 3 CLASSPNP.SYS[f78bdfd7] -> nt!IofCallDriver -> \Device\00000075[0x86eeda28]
09:35:45.984 5 ACPI.sys[f7729620] -> nt!IofCallDriver -> [0x86f28028]
09:35:46.000 \Driver\iaStor[0x86f48290] -> IRP_MJ_CREATE -> 0x865524f0
09:35:46.015 Scan finished successfully
09:36:44.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Peto\Plocha\MBR.dat"
09:36:44.593 The log file has been saved successfully to "C:\Documents and Settings\Peto\Plocha\aswMBR.txt"
OTL logfile created on: 19.5.2011 9:38:30 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Peto\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1*014,00 Mb Total Physical Memory | 431,00 Mb Available Physical Memory | 43,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105,10 Gb Total Space | 83,01 Gb Free Space | 78,99% Space Free | Partition Type: NTFS
Drive D: | 29,19 Gb Total Space | 2,55 Gb Free Space | 8,73% Space Free | Partition Type: NTFS
Computer Name: LENOVO-PV | User Name: Peto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Peto\Plocha\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\WINDOWS\BisonC07\BisonM07.exe ()
PRC - C:\QSTART.SYS\config\DVMExportService.exe (DeviceVM)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
PRC - C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
PRC - C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Peto\Plocha\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)
========== Win32 Services (SafeList) ==========
SRV - (WLTRYSVC) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (DvmMDES) -- C:\QSTART.SYS\config\DVMExportService.exe (DeviceVM)
SRV - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (System_Repair_UpdateMonitor) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (Lenovo Group Limited)
========== Driver Services (SafeList) ==========
DRV - (MpKsl5fef053f) -- c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{2F4F7EF3-A454-434F-BB15-71F1D9F1A68C}\MpKsl5fef053f.sys (Microsoft Corporation)
DRV - (Angelnt) -- C:\WINDOWS\System32\Drivers\ANGELNT.SYS (Identcode Ltd.)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (Cam5607) -- C:\WINDOWS\system32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (tvtumon) -- C:\WINDOWS\system32\drivers\tvtumon.sys (Lenovo)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (ACPIVPC) -- C:\WINDOWS\system32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (WSVD) -- C:\WINDOWS\system32\drivers\WSVD.sys (CyberLink)
DRV - (WimFltr) -- C:\WINDOWS\system32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com
IE - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
IE - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: sk@dictionaries.addons.mozilla.org:2.03.2
FF - prefs.js..network.proxy.http: "192.168.1.1"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011.05.18 14:50:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.10 12:05:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.10 11:37:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.05.11 11:47:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2010.01.31 22:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Extensions
[2010.01.31 22:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.05.02 21:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Firefox\Profiles\uwaa8407.default\extensions
[2010.10.09 11:15:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Firefox\Profiles\uwaa8407.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.12 21:47:24 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Firefox\Profiles\uwaa8407.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.02.22 21:19:06 | 000,000,000 | ---D | M] (SlovnĂ*ky slovenskĂ©ho pravopisu) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Firefox\Profiles\uwaa8407.default\extensions\sk@dictionaries.addons.mozilla.org
[2010.10.09 11:15:54 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Firefox\Profiles\uwaa8407.default\extensions\youtube2mp3@mondayx.de
[2011.05.13 21:27:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.23 15:32:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.09 08:23:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.05 22:09:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.05.13 21:27:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PETO\DATA APLIKACĂ*\MOZILLA\FIREFOX\PROFILES\UWAA8407.DEFAULT\EXTENSIONS\DE-DE@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PETO\DATA APLIKACĂ*\MOZILLA\FIREFOX\PROFILES\UWAA8407.DEFAULT\EXTENSIONS\SK@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PETO\DATA APLIKACĂ*\MOZILLA\FIREFOX\PROFILES\UWAA8407.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE
[2011.05.13 21:27:09 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.05.18 14:50:17 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011.04.14 18:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011.05.13 21:27:07 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011.05.12 10:09:40 | 000,434,210 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 14947 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [BisonMnt] C:\WINDOWS\BisonC07\BisonM07.exe ()
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
O4 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk = C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O15 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\..Trusted Domains: autobazar.eu ([]* in Důvěryhodné servery)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264672677421 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PicNotify: DllName - PicNotify.dll - C:\WINDOWS\System32\PicNotify.dll ()
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\WALLPAPER\LENOVO1.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\WALLPAPER\LENOVO1.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.09.01 12:17:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.05.19 09:33:59 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Peto\Plocha\OTL.exe
[2011.05.19 09:30:01 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Peto\Plocha\aswMBR.exe
[2011.05.19 00:26:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.05.19 00:22:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.05.19 00:22:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.05.19 00:22:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.05.19 00:22:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.05.19 00:16:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.05.18 23:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peto\Data aplikací\Malwarebytes
[2011.05.18 23:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2011.05.18 23:21:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.05.18 23:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2011.05.18 23:21:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.05.18 23:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2011.05.18 23:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peto\Plocha\GooredFix Backups
[2011.05.18 23:17:50 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Peto\Plocha\mbam-setup-1.50.1.1100.exe
[2011.05.18 23:16:36 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Peto\Plocha\GooredFix.exe
[2011.05.17 16:04:52 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.05.14 20:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Adobe
[2011.05.14 19:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.05.13 22:09:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.05.13 22:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\ERUNT
[2011.05.13 22:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011.05.13 21:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.05.13 21:27:24 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.05.13 21:27:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.05.13 21:27:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.05.13 21:27:24 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011.05.13 21:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.05.13 19:40:34 | 004,614,888 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Peto\Plocha\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[2011.05.13 18:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peto\Plocha\gmer
[2011.05.13 13:16:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peto\Plocha\intsall_files
[2011.05.13 13:04:24 | 002,074,384 | ---- | C] (Hewlett-Packard ) -- C:\Documents and Settings\Peto\Plocha\HPTool.exe
[2011.05.12 23:54:44 | 000,471,688 | ---- | C] (Lenovo Group Limited ) -- C:\Documents and Settings\Peto\Plocha\6iim10ww.exe
[2011.05.11 13:25:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Snapshot
[2011.05.10 11:42:45 | 012,521,992 | ---- | C] (Mozilla) -- C:\Documents and Settings\Peto\Plocha\Firefox Setup 4.0.1.exe
[2011.05.01 18:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Data aplikací\Thunderbird
[2011.04.30 17:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Data aplikací\Sun
[2011.04.30 17:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Data aplikací\Macromedia
[2011.04.30 17:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Data aplikací\Adobe
[2011.04.29 20:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2011.04.23 17:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peto\Plocha\DP33-50
[2011.04.20 10:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peto\Plocha\DP16-32
[2011.04.19 19:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peto\Plocha\DP1-15
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.05.19 09:36:44 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\MBR.dat
[2011.05.19 09:34:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Peto\Plocha\OTL.exe
[2011.05.19 09:32:36 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2011.05.19 09:30:09 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Peto\Plocha\aswMBR.exe
[2011.05.19 09:27:39 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.05.19 09:22:35 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo
[2011.05.19 09:22:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.05.19 09:22:00 | 1063,202,816 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.19 00:26:54 | 000,000,390 | RHS- | M] () -- C:\boot.ini
[2011.05.19 00:21:24 | 004,351,251 | R--- | M] () -- C:\Documents and Settings\Peto\Plocha\ComboFix.exe
[2011.05.18 23:21:28 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.05.18 23:18:03 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Peto\Plocha\mbam-setup-1.50.1.1100.exe
[2011.05.18 23:16:39 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Peto\Plocha\GooredFix.exe
[2011.05.18 22:27:08 | 000,088,576 | ---- | M] () -- C:\Documents and Settings\Peto\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.18 13:14:55 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011.05.18 13:03:35 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\userinit.exe
[2011.05.18 00:28:35 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011.05.18 00:28:35 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011.05.17 16:04:52 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.05.17 12:15:24 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2011.05.16 20:22:14 | 000,029,151 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\Snímek 005.jpg
[2011.05.16 20:21:24 | 000,030,420 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\Snímek 004.jpg
[2011.05.14 09:55:34 | 000,434,452 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.05.14 09:55:34 | 000,431,420 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2011.05.14 09:55:34 | 000,079,708 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2011.05.14 09:55:34 | 000,069,024 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.05.13 22:10:19 | 000,003,849 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\Attach.zip
[2011.05.13 22:08:30 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\ERUNT.lnk
[2011.05.13 21:27:05 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.05.13 21:27:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.05.13 21:27:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.05.13 21:27:05 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011.05.13 21:27:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011.05.13 19:40:45 | 004,614,888 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Peto\Plocha\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[2011.05.13 18:23:36 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\dds.scr
[2011.05.13 13:16:16 | 000,074,006 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\intsall.htm
[2011.05.13 13:13:45 | 003,402,105 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\WinSetupFromUSB_0-2-2.exe
[2011.05.13 13:04:29 | 002,074,384 | ---- | M] (Hewlett-Packard ) -- C:\Documents and Settings\Peto\Plocha\HPTool.exe
[2011.05.12 23:54:57 | 000,471,688 | ---- | M] (Lenovo Group Limited ) -- C:\Documents and Settings\Peto\Plocha\6iim10ww.exe
[2011.05.12 10:09:40 | 000,434,210 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.05.10 14:50:47 | 002,631,789 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\PV_CH1.tif
[2011.05.10 12:10:45 | 000,000,273 | ---- | M] () -- C:\Boot.bak
[2011.05.10 11:43:05 | 012,521,992 | ---- | M] (Mozilla) -- C:\Documents and Settings\Peto\Plocha\Firefox Setup 4.0.1.exe
[2011.05.09 07:40:13 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.05.02 22:08:59 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.05.02 21:43:29 | 000,433,404 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110512-100940.backup
[2011.05.01 20:53:00 | 000,029,417 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\SRO_vyssia.htm
[2011.05.01 20:52:44 | 000,029,417 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\SRO_nizka.htm
[2011.05.01 11:08:16 | 000,433,404 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110502-214329.backup
[2011.04.25 21:48:12 | 000,117,693 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\Nemcina.pdf
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.05.19 09:36:44 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\MBR.dat
[2011.05.19 00:26:49 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2011.05.19 00:22:59 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.05.19 00:22:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.05.19 00:22:59 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.05.19 00:22:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.05.19 00:22:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.05.18 23:21:28 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.05.16 20:22:14 | 000,029,151 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\Snímek 005.jpg
[2011.05.16 20:21:24 | 000,030,420 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\Snímek 004.jpg
[2011.05.13 22:10:19 | 000,003,849 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\Attach.zip
[2011.05.13 22:08:30 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\ERUNT.lnk
[2011.05.13 19:54:38 | 004,351,251 | R--- | C] () -- C:\Documents and Settings\Peto\Plocha\ComboFix.exe
[2011.05.13 18:23:21 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\dds.scr
[2011.05.13 13:16:12 | 000,074,006 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\intsall.htm
[2011.05.13 13:12:34 | 003,402,105 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\WinSetupFromUSB_0-2-2.exe
[2011.05.10 14:47:13 | 002,631,789 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\PV_CH1.tif
[2011.05.09 22:09:34 | 000,000,273 | ---- | C] () -- C:\Boot.bak
[2011.05.09 22:09:33 | 000,467,439 | R--- | C] () -- C:\txtsetup.sif
[2011.05.09 22:09:33 | 000,261,328 | R--- | C] () -- C:\old_$LDR$
[2011.05.02 22:20:13 | 1063,202,816 | -HS- | C] () -- C:\hiberfil.sys
[2011.05.01 20:52:57 | 000,029,417 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\SRO_vyssia.htm
[2011.05.01 20:52:43 | 000,029,417 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\SRO_nizka.htm
[2011.05.01 10:52:14 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011.05.01 10:52:14 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011.04.25 21:48:12 | 000,117,693 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\Nemcina.pdf
[2011.03.07 20:51:15 | 000,000,405 | ---- | C] () -- C:\WINDOWS\System32\ANGELDOS.SYS
[2010.10.21 21:07:00 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010.10.10 20:10:54 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.02.01 15:18:28 | 000,026,112 | R--- | C] () -- C:\WINDOWS\LgUninst.exe
[2010.01.31 21:49:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.01.28 16:35:19 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.01.28 15:58:36 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.01.27 23:53:34 | 000,088,576 | ---- | C] () -- C:\Documents and Settings\Peto\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.20 01:14:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.12.20 01:00:59 | 009,338,880 | ---- | C] () -- C:\WINDOWS\System32\Facev.dll
[2009.12.20 01:00:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\image.dll
[2009.12.20 01:00:57 | 000,655,360 | ---- | C] () -- C:\WINDOWS\System32\EncIcons.dll
[2009.12.20 01:00:57 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
[2009.12.20 01:00:57 | 000,241,752 | ---- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll
[2009.12.20 01:00:57 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SetDev.dll
[2009.12.20 01:00:57 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\VideoOp.dll
[2009.12.20 01:00:57 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FunFrm.dll
[2009.12.20 01:00:56 | 009,502,720 | ---- | C] () -- C:\WINDOWS\System32\FaceVerify.dll
[2009.12.20 01:00:56 | 001,564,672 | ---- | C] () -- C:\WINDOWS\System32\MainOp.dll
[2009.12.20 01:00:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DevFilt.dll
[2009.12.20 01:00:54 | 001,974,272 | ---- | C] () -- C:\WINDOWS\System32\Imagereog.dll
[2009.12.20 01:00:54 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\PicNotify.dll
[2009.12.20 01:00:54 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\Apblend.dll
[2009.12.20 01:00:54 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Momo.dll
[2009.12.20 01:00:52 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll
[2009.12.20 00:58:22 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009.09.28 04:03:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.09.28 03:04:19 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009.01.16 18:55:38 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008.11.07 18:08:20 | 000,362,029 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2008.09.01 14:07:47 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.09.01 14:06:25 | 000,305,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.09.01 12:20:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.09.01 12:14:26 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.07.22 04:30:37 | 000,001,650 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008.04.14 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 14:00:00 | 000,434,452 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 14:00:00 | 000,431,420 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2008.04.14 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 14:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2008.04.14 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 14:00:00 | 000,079,708 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2008.04.14 14:00:00 | 000,069,024 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 14:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2008.04.14 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002.11.06 12:16:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\angel32.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001.10.10 09:36:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.10.10 09:35:30 | 000,004,492 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.09.13 20:59:12 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\mejlovani.dll
[1999.02.11 15:34:14 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\Kernel.dll
< End of report >
OTL Extras logfile created on: 19.5.2011 9:38:30 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Peto\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1*014,00 Mb Total Physical Memory | 431,00 Mb Available Physical Memory | 43,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105,10 Gb Total Space | 83,01 Gb Free Space | 78,99% Space Free | Partition Type: NTFS
Drive D: | 29,19 Gb Total Space | 2,55 Gb Free Space | 8,73% Space Free | Partition Type: NTFS
Computer Name: LENOVO-PV | User Name: Peto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1125204742-4262373417-1560341529-1008\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe -- (ICQ, LLC.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe -- (ICQ, LLC.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Kalkulacky\DR\Deutscher Ring Calculator SK.exe" = C:\Program Files\Kalkulacky\DR\Deutscher Ring Calculator SK.exe:*:Enabled:Deutscher Ring Calculator SK -- ()
"C:\Documents and Settings\Peto\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Peto\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{357B11ED-5417-4CF3-8EB2-386299BC30E0}" = Lenovo Quick Start
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{37C5A56A-00EA-347B-B7A1-5628BED56702}" = Google Talk Plugin
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}" = ACDSee Pro 2
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69E369F1-6A92-47B5-86D5-474A7E06B3DC}" = ALFA 17.11.00
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom WLAN
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90A40405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Součásti připojení sady Microsoft Office Small Business
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.2 - Czech
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Balíček ovladače systému Windows - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Balíček ovladače systému Windows - Nokia Modem (06/01/2009 7.01.0.4)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AMSLICO projekčný software_is1" = EURO 6
"CsobApp" = WinPonuka
"Deutscher Ring Calculator SK_is1" = Calculator SK 2.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Standard)
"Lexicon 4.0" = Lingea Lexicon 2002
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NetSetMan_is1" = NetSetMan 3.0.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"Picasa 3" = Picasa 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"VeriFace III" = VeriFace III
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
Sorry had to put it to attachment, because it did not let me send it - site always said: connection reset
Lets run this tool , meanwhile I will look over your logs
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
Done.
It found something - malicious cured, suspected skipped:
2011/05/19 10:38:00.0696 2520 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/19 10:38:00.0868 2520 ================================================================================
2011/05/19 10:38:00.0868 2520 SystemInfo:
2011/05/19 10:38:00.0868 2520
2011/05/19 10:38:00.0868 2520 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/19 10:38:00.0868 2520 Product type: Workstation
2011/05/19 10:38:00.0868 2520 ComputerName: LENOVO-PV
2011/05/19 10:38:00.0868 2520 UserName: Peto
2011/05/19 10:38:00.0868 2520 Windows directory: C:\WINDOWS
2011/05/19 10:38:00.0868 2520 System windows directory: C:\WINDOWS
2011/05/19 10:38:00.0868 2520 Processor architecture: Intel x86
2011/05/19 10:38:00.0868 2520 Number of processors: 2
2011/05/19 10:38:00.0868 2520 Page size: 0x1000
2011/05/19 10:38:00.0868 2520 Boot type: Normal boot
2011/05/19 10:38:00.0868 2520 ================================================================================
2011/05/19 10:38:02.0337 2520 Initialize success
2011/05/19 10:38:18.0886 3588 ================================================================================
2011/05/19 10:38:18.0886 3588 Scan started
2011/05/19 10:38:18.0886 3588 Mode: Manual;
2011/05/19 10:38:18.0886 3588 ================================================================================
2011/05/19 10:38:19.0261 3588 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/05/19 10:38:19.0339 3588 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/19 10:38:19.0370 3588 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/05/19 10:38:19.0448 3588 ACPIVPC (5508e9f55799c6551d54dfbc4a068b68) C:\WINDOWS\system32\DRIVERS\AcpiVpc.sys
2011/05/19 10:38:19.0511 3588 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/05/19 10:38:19.0573 3588 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/19 10:38:19.0636 3588 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/19 10:38:19.0683 3588 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/19 10:38:19.0745 3588 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/05/19 10:38:19.0792 3588 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/05/19 10:38:19.0823 3588 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/05/19 10:38:19.0870 3588 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/05/19 10:38:19.0948 3588 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/19 10:38:19.0995 3588 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/05/19 10:38:20.0089 3588 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/05/19 10:38:20.0167 3588 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/05/19 10:38:20.0214 3588 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/05/19 10:38:20.0277 3588 Angelnt (4a8cb8fea9dcb6f93017f413e2646001) C:\WINDOWS\System32\Drivers\ANGELNT.SYS
2011/05/19 10:38:20.0323 3588 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/05/19 10:38:20.0355 3588 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/05/19 10:38:20.0402 3588 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/05/19 10:38:20.0480 3588 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/19 10:38:20.0558 3588 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/19 10:38:20.0652 3588 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/19 10:38:20.0745 3588 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/19 10:38:20.0855 3588 BCM43XX (cc03987ee5d0f956706b40d2f91f9e4f) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/05/19 10:38:20.0949 3588 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/19 10:38:21.0027 3588 btaudio (4b43dfe1c1fbb305a1dc5504ef9bb34e) C:\WINDOWS\system32\drivers\btaudio.sys
2011/05/19 10:38:21.0105 3588 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/05/19 10:38:21.0214 3588 BTKRNL (cf47c53d294abcb5159b02b68b37ba89) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/05/19 10:38:21.0308 3588 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/05/19 10:38:21.0355 3588 BTWUSB (6b622612fe21b59faee2ca4385959778) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/05/19 10:38:21.0449 3588 Cam5607 (e2944c0354a7e59ee31208639e4142b6) C:\WINDOWS\system32\Drivers\BisonC07.sys
2011/05/19 10:38:21.0683 3588 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/05/19 10:38:21.0730 3588 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/19 10:38:21.0808 3588 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/19 10:38:21.0855 3588 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/05/19 10:38:21.0902 3588 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/19 10:38:21.0964 3588 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/19 10:38:22.0011 3588 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/19 10:38:22.0121 3588 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/19 10:38:22.0183 3588 CmdIde (964d0f042aca51d5644779eb9d9ee40f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/05/19 10:38:22.0214 3588 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/19 10:38:22.0292 3588 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/05/19 10:38:22.0355 3588 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/05/19 10:38:22.0402 3588 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/05/19 10:38:22.0449 3588 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/19 10:38:22.0527 3588 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/19 10:38:22.0605 3588 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/19 10:38:22.0652 3588 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/19 10:38:22.0730 3588 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/19 10:38:22.0808 3588 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/05/19 10:38:22.0855 3588 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/19 10:38:22.0996 3588 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/19 10:38:23.0058 3588 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/19 10:38:23.0105 3588 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/19 10:38:23.0136 3588 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/19 10:38:23.0183 3588 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/19 10:38:23.0230 3588 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/19 10:38:23.0277 3588 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/19 10:38:23.0339 3588 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/19 10:38:23.0418 3588 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/19 10:38:23.0496 3588 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/19 10:38:23.0574 3588 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/05/19 10:38:23.0636 3588 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/19 10:38:23.0714 3588 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/19 10:38:23.0777 3588 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/05/19 10:38:23.0840 3588 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/19 10:38:24.0074 3588 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/05/19 10:38:24.0308 3588 iaStor (baabb0301949774a66b955c65319635a) C:\WINDOWS\system32\drivers\iaStor.sys
2011/05/19 10:38:24.0402 3588 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/19 10:38:24.0496 3588 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/05/19 10:38:24.0746 3588 IntcAzAudAddService (3a3a539d7db808fad3b55740474a6d02) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/05/19 10:38:24.0965 3588 IntelIde (57d928e548b38502abba7a77a6eb7312) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/19 10:38:25.0012 3588 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/19 10:38:25.0074 3588 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/19 10:38:25.0105 3588 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/19 10:38:25.0168 3588 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/19 10:38:25.0215 3588 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/19 10:38:25.0308 3588 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/19 10:38:25.0355 3588 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/19 10:38:25.0449 3588 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/19 10:38:25.0527 3588 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/19 10:38:25.0574 3588 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/19 10:38:25.0637 3588 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/19 10:38:25.0808 3588 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/05/19 10:38:25.0933 3588 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/19 10:38:26.0012 3588 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/19 10:38:26.0105 3588 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/05/19 10:38:26.0199 3588 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/19 10:38:26.0262 3588 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/19 10:38:26.0340 3588 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/19 10:38:26.0402 3588 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/05/19 10:38:26.0621 3588 MpKsl5fef053f (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{2F4F7EF3-A454-434F-BB15-71F1D9F1A68C}\MpKsl5fef053f.sys
2011/05/19 10:38:26.0746 3588 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/05/19 10:38:26.0777 3588 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/19 10:38:26.0855 3588 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/19 10:38:26.0934 3588 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/19 10:38:27.0012 3588 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/19 10:38:27.0059 3588 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/19 10:38:27.0090 3588 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/19 10:38:27.0152 3588 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/19 10:38:27.0199 3588 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/19 10:38:27.0231 3588 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/19 10:38:27.0293 3588 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/19 10:38:27.0387 3588 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/19 10:38:27.0434 3588 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/19 10:38:27.0496 3588 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/19 10:38:27.0527 3588 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/19 10:38:27.0559 3588 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/19 10:38:27.0637 3588 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/19 10:38:27.0684 3588 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/19 10:38:27.0746 3588 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/19 10:38:27.0887 3588 nmwcd (357ddb51e03cae598c096d95497373d0) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/05/19 10:38:27.0934 3588 nmwcdc (7cd443f9d36c80e152fadb274089577a) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/05/19 10:38:27.0965 3588 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/19 10:38:28.0059 3588 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/19 10:38:28.0121 3588 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/19 10:38:28.0184 3588 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/19 10:38:28.0231 3588 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/19 10:38:28.0309 3588 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\drivers\Parport.sys
2011/05/19 10:38:28.0340 3588 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/19 10:38:28.0403 3588 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/19 10:38:28.0465 3588 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/05/19 10:38:28.0496 3588 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/19 10:38:28.0590 3588 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/19 10:38:28.0637 3588 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/19 10:38:28.0887 3588 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/05/19 10:38:28.0918 3588 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/05/19 10:38:29.0090 3588 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/19 10:38:29.0137 3588 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/19 10:38:29.0184 3588 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/19 10:38:29.0246 3588 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/05/19 10:38:29.0293 3588 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/05/19 10:38:29.0324 3588 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/05/19 10:38:29.0356 3588 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/05/19 10:38:29.0403 3588 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/05/19 10:38:29.0465 3588 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/19 10:38:29.0512 3588 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/19 10:38:29.0559 3588 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/19 10:38:29.0606 3588 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/19 10:38:29.0668 3588 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/19 10:38:29.0731 3588 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/19 10:38:29.0793 3588 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/19 10:38:29.0871 3588 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/19 10:38:29.0950 3588 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/19 10:38:30.0012 3588 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/05/19 10:38:30.0106 3588 RSUSBSTOR (4be76679d800f95c26a23ef0d15a31b2) C:\WINDOWS\system32\Drivers\RtsUStor.sys
2011/05/19 10:38:30.0184 3588 RTLE8023xp (6fc7ddf3b8d94fba7ac664452d6478d4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/05/19 10:38:30.0293 3588 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/19 10:38:30.0371 3588 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\drivers\Serial.sys
2011/05/19 10:38:30.0465 3588 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/19 10:38:30.0606 3588 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/05/19 10:38:30.0653 3588 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/19 10:38:30.0715 3588 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/05/19 10:38:30.0778 3588 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/19 10:38:30.0887 3588 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/05/19 10:38:30.0887 3588 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/05/19 10:38:30.0903 3588 sptd - detected LockedFile.Multi.Generic (1)
2011/05/19 10:38:30.0965 3588 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/19 10:38:31.0043 3588 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/19 10:38:31.0122 3588 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/19 10:38:31.0184 3588 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/19 10:38:31.0231 3588 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/19 10:38:31.0278 3588 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/05/19 10:38:31.0325 3588 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/05/19 10:38:31.0372 3588 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/05/19 10:38:31.0418 3588 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/05/19 10:38:31.0465 3588 SynTP (8e25a1dbb8527b2074af9b682f818768) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/05/19 10:38:31.0528 3588 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/19 10:38:31.0637 3588 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/19 10:38:31.0747 3588 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/19 10:38:31.0778 3588 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/19 10:38:31.0840 3588 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/19 10:38:31.0934 3588 TosIde (fd4fd7d6fda5c019ed86025d7be1510f) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/05/19 10:38:32.0012 3588 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/05/19 10:38:32.0090 3588 tvtumon (3385d48304443d0ee42af5dbf89634b6) C:\WINDOWS\system32\DRIVERS\tvtumon.sys
2011/05/19 10:38:32.0122 3588 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/19 10:38:32.0169 3588 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/05/19 10:38:32.0231 3588 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/19 10:38:32.0309 3588 upperdev (15629e4d65f97ab5432d6d9597cf6a33) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/05/19 10:38:32.0387 3588 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/19 10:38:32.0497 3588 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/19 10:38:32.0559 3588 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/19 10:38:32.0653 3588 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/19 10:38:32.0715 3588 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
2011/05/19 10:38:32.0762 3588 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/19 10:38:32.0840 3588 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/19 10:38:32.0872 3588 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/05/19 10:38:32.0934 3588 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/19 10:38:32.0997 3588 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/05/19 10:38:33.0044 3588 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/19 10:38:33.0091 3588 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/19 10:38:33.0169 3588 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/19 10:38:33.0231 3588 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/05/19 10:38:33.0341 3588 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/19 10:38:33.0403 3588 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\WINDOWS\system32\DRIVERS\wimfltr.sys
2011/05/19 10:38:33.0637 3588 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/19 10:38:33.0700 3588 WSVD (5d0a08ebf9660e07865907fb1ab022b5) C:\WINDOWS\system32\drivers\WSVD.sys
2011/05/19 10:38:33.0778 3588 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/19 10:38:33.0841 3588 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/19 10:38:33.0981 3588 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/19 10:38:33.0997 3588 ================================================================================
2011/05/19 10:38:33.0997 3588 Scan finished
2011/05/19 10:38:33.0997 3588 ================================================================================
2011/05/19 10:38:34.0028 1796 Detected object count: 2
2011/05/19 10:42:20.0600 1796 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/05/19 10:42:20.0615 1796 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/19 10:42:20.0615 1796 \HardDisk0 - ok
2011/05/19 10:42:20.0615 1796 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/19 10:42:28.0241 3768 Deinitialize success
That SPTD may be infected, run aswMBR to scan and post a new log please
btw, svchost acts normal so far - no high memory usage
Log:
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-19 12:42:13
-----------------------------
12:42:13.500 OS Version: Windows 5.1.2600 Service Pack 3
12:42:13.500 Number of processors: 2 586 0x1C02
12:42:13.500 ComputerName: LENOVO-PV UserName: Peto
12:42:14.718 Initialize success
12:42:21.906 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:42:21.906 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
12:42:21.921 Disk 0 MBR read error 0
12:42:21.921 Disk 0 MBR scan
12:42:21.921 Disk 0 unknown MBR code
12:42:21.921 MBR BIOS signature not found 0
12:42:21.937 Disk 0 scanning sectors +312581808
12:42:21.937 Disk 0 scanning C:\WINDOWS\system32\drivers
12:42:27.921 Service scanning
12:42:29.390 Disk 0 trace - called modules:
12:42:29.437 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys spwe.sys >>UNKNOWN [0x86f89938]<<
12:42:29.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f46030]
12:42:29.453 3 CLASSPNP.SYS[f78bdfd7] -> nt!IofCallDriver -> \Device\00000075[0x86ef5320]
12:42:29.453 5 ACPI.sys[f7729620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86f3c028]
12:42:29.468 Scan finished successfully
12:42:53.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Peto\Plocha\MBR.dat"
12:42:53.453 The log file has been saved successfully to "C:\Documents and Settings\Peto\Plocha\aswMBR1.txt"
I think your ok so far, but this garbage most times brings friends along for a ride
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
...hmmm..u re right with that garbage. That is the reason I usually reinstall the whole system when i get infected (once in 2-3 years). But this time I m abroad for few months and I am not equipped for that :-/
Here is the log, and I gotta run to University now... I ll get back in the evening....thank u
ComboFix 11-05-17.03 - Peto 19.05.2011 13:25:47.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.510 [GMT 2:00]
Spuštěný z: c:\documents and settings\Peto\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-19 do 2011-05-19 )))))))))))))))))))))))))))))))
.
.
2011-05-19 11:21 . 2011-05-19 11:21 28752 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{3FD6A0C6-F131-4B44-9814-DF977B7C47BF}\MpKslac1f77d5.sys
2011-05-19 11:20 . 2011-05-09 20:46 6962000 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{3FD6A0C6-F131-4B44-9814-DF977B7C47BF}\mpengine.dll
2011-05-18 21:21 . 2011-05-18 21:21 -------- d-----w- c:\documents and settings\Peto\Data aplikací\Malwarebytes
2011-05-18 21:21 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-18 21:21 . 2011-05-18 21:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-05-18 21:21 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-18 21:21 . 2011-05-18 21:21 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2011-05-17 14:04 . 2011-05-17 14:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-14 18:31 . 2011-05-14 18:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Adobe
2011-05-14 17:26 . 2011-05-14 17:26 -------- d-----w- c:\program files\ESET
2011-05-13 20:08 . 2011-05-13 20:08 -------- d-----w- c:\program files\ERUNT
2011-05-13 19:27 . 2011-05-13 19:27 -------- d-----w- c:\program files\Common Files\Java
2011-05-13 19:27 . 2011-05-13 19:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-13 19:27 . 2011-05-13 19:27 -------- d-----w- c:\program files\Java
2011-05-11 11:25 . 2011-05-11 11:25 -------- d-----w- c:\windows\Snapshot
2011-05-02 19:16 . 2011-05-02 19:16 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-02 19:11 . 2011-05-02 19:11 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-05-01 16:26 . 2011-05-02 19:15 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\Thunderbird
2011-05-01 16:26 . 2011-05-01 16:26 -------- d-----r- c:\documents and settings\NetworkService\Oblíbené položky
2011-04-29 18:50 . 2011-05-02 19:15 -------- d-----w- c:\program files\Veetle
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-13 19:27 . 2010-04-23 13:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-18 10:23 . 2010-10-21 19:07 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-18 07:15 . 2010-01-28 11:43 7071056 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-07 18:51 . 2011-03-07 18:51 51072 ----a-w- c:\windows\system32\drivers\ANGELNT.SYS
2011-03-07 18:51 . 2011-03-07 18:51 20480 ----a-w- c:\windows\system32\ANGELVDD.DLL
2011-03-07 18:51 . 2011-03-07 18:51 11520 ----a-w- c:\windows\system32\drivers\angelusb.sys
2011-03-07 05:33 . 2008-09-01 10:14 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2008-04-14 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2008-04-14 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-14 16:26 . 2011-05-10 10:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-18_22.44.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-19 08:44 . 2011-05-19 08:44 16384 c:\windows\Temp\Perflib_Perfdata_188.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2009-12-19 23:00 241752 ----a-w- c:\windows\system32\IcnOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"RTHDCPL"="RTHDCPL.EXE" [2009-07-20 18670592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"BisonMnt"="c:\windows\BisonC07\BisonM07.exe" [2009-05-05 36864]
"VeriFaceManager"="c:\program files\Lenovo\VeriFaceIII\PManage.exe" [2009-12-19 323584]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-01-04 4462464]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2008-12-26 1277952]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-1-16 604776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PicNotify]
2009-12-19 23:00 1167360 ----a-w- c:\windows\system32\PicNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\Peto\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"googletalk"=c:\program files\Google\Google Talk\googletalk.exe /autostart
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Kalkulacky\\DR\\Deutscher Ring Calculator SK.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Peto\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.4.2010 9:46 691696]
R1 MpKslac1f77d5;MpKslac1f77d5;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{3FD6A0C6-F131-4B44-9814-DF977B7C47BF}\MpKslac1f77d5.sys [19.5.2011 13:21 28752]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [7.3.2011 20:51 51072]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\qstart.sys\config\DVMExportService.exe [26.3.2009 10:20 315392]
R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [28.9.2009 3:09 430080]
R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [28.9.2009 3:09 48192]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [20.12.2009 1:08 9472]
S1 MpKsl16239681;MpKsl16239681;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{AE992952-4CCF-4384-93B5-BC54B6845CBB}\MpKsl16239681.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{AE992952-4CCF-4384-93B5-BC54B6845CBB}\MpKsl16239681.sys [?]
S1 MpKsl70f9fc5b;MpKsl70f9fc5b;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{00727E7B-4480-48B1-BACF-DD1A13116F19}\MpKsl70f9fc5b.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{00727E7B-4480-48B1-BACF-DD1A13116F19}\MpKsl70f9fc5b.sys [?]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [31.1.2010 23:17 88176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28.9.2009 3:03 1684736]
S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19.10.2010 9:58 136176]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12.8.2010 14:15 2146496]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12.8.2010 14:15 15232]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [28.9.2009 3:04 165888]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [28.9.2009 3:09 81192]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSLAC1F77D5
*Deregistered* - aswMBR
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 15:14]
.
2011-05-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
uInternet Connection Wizard,ShellNext = hxxp://lenovo.live.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
Trusted Zone: autobazar.eu
FF - ProfilePath - c:\documents and settings\Peto\Data aplikací\Mozilla\Firefox\Profiles\uwaa8407.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 192.168.1.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-19 13:35
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BisonMnt = c:\windows\BisonC07\BisonM07.exe?????????????????????????????????????????????????????????????????????????????????P??????????????????????????????????????????|???x????????????v?|????????x???????????|????????x?|????? Q?????|???$??????|????????|???8????X?w???
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\PicNotify.dll
c:\windows\system32\FaceVerify.dll
c:\windows\system32\MainOp.dll
c:\windows\system32\VideoOp.dll
c:\windows\system32\Image.dll
c:\windows\system32\Momo.dll
c:\windows\system32\Apblend.dll
c:\windows\system32\SetDev.dll
c:\windows\system32\FunFrm.dll
c:\windows\system32\facev.dll
.
- - - - - - - > 'explorer.exe'(3748)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\IcnOvrly.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
Celkový čas: 2011-05-19 13:39:15
ComboFix-quarantined-files.txt 2011-05-19 11:39
ComboFix2.txt 2011-05-18 22:50
.
Před spuštěním: Volných bajtů: 88*874*430*464
Po spuštění: Volných bajtů: 88*871*260*160
.
- - End Of File - - 690E462CDB7CFC86DCC864B71BFF30BB
Yep, sometimes with the seriousness of these threats it is a good option to wipe it clean and do a reinstall
You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)
Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again
c:\windows\system32\IcnOvrly.dll<--This file
If the site is busy you can try this one
http://virusscan.jotti.org/en
Both sites report no malware. Here is the log from VirusTotal. (I always wonder what the hell u guys see in those logs :-D I see numbers and letter that make absolutely no sense:-)
Anyway the log...
Additional information
MD5 : dcdec498688092defd9f1729f23e472a
SHA1 : db0f893e518938a0427188deeaed3700d169b6d6
SHA256: 87482be07bf850e91b3bd7e084413250be99b200bbb2c335ee749ca929bd6fdc
ssdeep: 1536:EStVZrmaJfNBWSWjdgtd5bd18ffx9YZGldeNSHyHCcSWuBePo3puFlkrVrNT3lXp:rtVhx
SSWjdgeL0Po3polQVrNT3lXnp
File size : 241752 bytes
First seen: 2009-04-09 17:53:27
Last seen : 2011-05-19 18:41:15
TrID:
Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x2FC0
timedatestamp....: 0x4613A78B (Wed Apr 04 13:26:35 2007)
machinetype......: 0x14c (I386)
[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x2B330, 0x2C000, 4.08, 46b8d358ea0ed773f17ab4fde76b01c2
.rdata, 0x2D000, 0x3606, 0x4000, 4.34, db82d5a543df4a5e32c0fd310324d743
.data, 0x31000, 0x416C, 0x3000, 1.83, 0dfaf030cb7405c146d1a5951b2577d6
.idata, 0x36000, 0xD79, 0x1000, 3.81, 9d9e1f93d86efd017ae273fcee7ed8e6
.rsrc, 0x37000, 0x3359, 0x4000, 1.98, c7dfe5a81ee0eccf6eebbebd9813fe66
.reloc, 0x3B000, 0x17B6, 0x2000, 4.97, f17d5067d5af88d0e49e5c5b1408d1fc
[[ 5 import(s) ]]
KERNEL32.dll: MultiByteToWideChar, lstrlenW, CompareStringW, CompareStringA, WideCharToMultiByte, lstrlenA, GetVersionExA, lstrcpynA, IsBadWritePtr, GetModuleFileNameA, lstrcmpiA, GetLocaleInfoW, GetTimeZoneInformation, CloseHandle, GetUserDefaultLCID, EnumSystemLocalesA, RtlUnwind, GetCommandLineA, GetVersion, IsBadReadPtr, HeapValidate, DebugBreak, GetStdHandle, WriteFile, InterlockedDecrement, OutputDebugStringA, GetProcAddress, LoadLibraryA, InterlockedIncrement, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, ExitProcess, FatalAppExitA, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, SetLastError, TlsGetValue, GetLastError, GetCurrentThread, TerminateProcess, GetCurrentProcess, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, HeapDestroy, HeapCreate, HeapFree, VirtualFree, HeapAlloc, HeapReAlloc, VirtualAlloc, SetConsoleCtrlHandler, SetUnhandledExceptionFilter, IsBadCodePtr, UnhandledExceptionFilter, GetCPInfo, GetACP, GetOEMCP, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, SetFilePointer, SetStdHandle, Sleep, FlushFileBuffers, IsValidLocale, IsValidCodePage, GetLocaleInfoA, SetEnvironmentVariableA
USER32.dll: wsprintfA
ADVAPI32.dll: RegDeleteKeyA, RegOpenKeyExA, RegDeleteValueA, RegCreateKeyExA, RegSetValueExA, RegCloseKey, RegEnumKeyExA
ole32.dll: CoGetMalloc, StringFromIID
SHLWAPI.dll: PathFindExtensionA
[[ 4 export(s) ]]
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
ExifTool:
file metadata
CodeSize: 180224
EntryPoint: 0x2fc0
FileSize: 236 kB
FileType: Win32 DLL
ImageVersion: 0.0
InitializedDataSize: 65536
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
PEType: PE32
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2007:04:04 15:26:35+02:00
UninitializedDataSize: 0
Well, I was pretty sure the file was related to Lenovo but just wanted to make sure.
How are things running now, any redirects or unwanted pop up windows ?
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
No redirects, no pop ups so far, everything runs fast, and I can tell even faster than before infection, PC uses less memory than ever before - hopefully it s not the beginning of the end :-)
One question though, at the very beginning I tried to reinstall Windows, but it didnt work since I didnt make the USB bootable. Still, it copied some files and changed booting sequence on PC start up. What shall I do to get rid of it? Somewhere on this forum I saw that I should delete one command in C:boot.ini.....yeah but which one :-/ ? (no need to answer i can google as well)
Since everything seems right, may I uninstall combofix, gooredfix, OTL, TDSSKiller and aswMBR? or shall I keep some of them for later use?
Here is the log from Malwarebytes.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6619
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
20.5.2011 11:16:32
mbam-log-2011-05-20 (11-16-32).txt
Scan type: Quick scan
Objects scanned: 144518
Time elapsed: 8 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
I would like to Thank you for your valuable time that you could have invested otherwise (cooking Italian food :-) ) :thanks:
P.S. yesterday I found out that driver for Lenovo webcamera is called BISONcam so that Bison07 file is probably it.
Hi,
Glad all is well, yep, cant live without my Italian food :)
You can change the boot sequence through the BIOS, most are different to access from different manufactures , what I would do is post here in there windows folder, give them the make and model of your computer and they can run you though it, its not difficult .
http://forums.whatthetech.com/index.php?showforum=119
Part of the cleaning is to clean out all your temp files and other garbage and to also reset your hosts file back to default. I will instruct you on how to remove all we have used when where done
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
:Services
:Reg
:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
This should be logs from killing processes, cleaning and scanning:
All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /release /c >
Konfigurace protokolu IP systému Windows
Na zařízení Připojení k místní síti nelze provést žádnou operaci, dokud je médium tohoto zařízení odpojeno.
Adaptér sítě Ethernet Připojení k místní síti:
Stav média . . . . . . . . . . . : odpojeno
Adaptér sítě Ethernet Bezdrátové připojení k síti:
Přípona DNS podle připojení . . . :
Adresa IP . . . . . . . . . . . . : 0.0.0.0
Maska podsítě . . . . . . . . . . : 0.0.0.0
Výchozí brána . . . . . . . . . . :
C:\Documents and Settings\Peto\Plocha\cmd.bat deleted successfully.
C:\Documents and Settings\Peto\Plocha\cmd.txt deleted successfully.
< ipconfig /renew /c >
Konfigurace protokolu IP systému Windows
Na zařízení Připojení k místní síti nelze provést žádnou operaci, dokud je médium tohoto zařízení odpojeno.
Adaptér sítě Ethernet Připojení k místní síti:
Stav média . . . . . . . . . . . : odpojeno
Adaptér sítě Ethernet Bezdrátové připojení k síti:
Přípona DNS podle připojení . . . :
Adresa IP . . . . . . . . . . . . : 192.168.1.2
Maska podsítě . . . . . . . . . . : 255.255.255.0
Výchozí brána . . . . . . . . . . : 192.168.1.1
C:\Documents and Settings\Peto\Plocha\cmd.bat deleted successfully.
C:\Documents and Settings\Peto\Plocha\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Konfigurace protokolu IP systému Windows
Mezipaměť překládání DNS byla úspěšně vyprázdněna.
C:\Documents and Settings\Peto\Plocha\cmd.bat deleted successfully.
C:\Documents and Settings\Peto\Plocha\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 7498 bytes
->Temporary Internet Files folder emptied: 4538502 bytes
->Java cache emptied: 659 bytes
->Flash cache emptied: 8442 bytes
User: Peto
->Temp folder emptied: 1757331 bytes
->Temporary Internet Files folder emptied: 10191953 bytes
->Java cache emptied: 5328395 bytes
->FireFox cache emptied: 658074999 bytes
->Flash cache emptied: 64212 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2351732 bytes
%systemroot%\System32 .tmp files removed: 2775496 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6626 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 8087262 bytes
Total Files Cleaned = 661,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 05202011_145053
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
OTL logfile created on: 20.5.2011 15:02:44 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Peto\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1*014,00 Mb Total Physical Memory | 464,00 Mb Available Physical Memory | 46,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105,10 Gb Total Space | 84,40 Gb Free Space | 80,30% Space Free | Partition Type: NTFS
Drive D: | 29,19 Gb Total Space | 3,17 Gb Free Space | 10,85% Space Free | Partition Type: NTFS
Computer Name: LENOVO-PV | User Name: Peto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Peto\Plocha\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\WINDOWS\BisonC07\BisonM07.exe ()
PRC - C:\QSTART.SYS\config\DVMExportService.exe (DeviceVM)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
PRC - C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
PRC - C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Peto\Plocha\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)
========== Win32 Services (SafeList) ==========
SRV - (WLTRYSVC) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (DvmMDES) -- C:\QSTART.SYS\config\DVMExportService.exe (DeviceVM)
SRV - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (System_Repair_UpdateMonitor) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (Lenovo Group Limited)
========== Driver Services (SafeList) ==========
DRV - (MpKsl77bf053c) -- c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{8E7BA440-8789-41B1-AD43-394456BF4934}\MpKsl77bf053c.sys (Microsoft Corporation)
DRV - (MpKsl757ac69e) -- c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{8E7BA440-8789-41B1-AD43-394456BF4934}\MpKsl757ac69e.sys (Microsoft Corporation)
DRV - (Angelnt) -- C:\WINDOWS\System32\Drivers\ANGELNT.SYS (Identcode Ltd.)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (Cam5607) -- C:\WINDOWS\system32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (tvtumon) -- C:\WINDOWS\system32\drivers\tvtumon.sys (Lenovo)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (ACPIVPC) -- C:\WINDOWS\system32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (WSVD) -- C:\WINDOWS\system32\drivers\WSVD.sys (CyberLink)
DRV - (WimFltr) -- C:\WINDOWS\system32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com
IE - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
IE - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: sk@dictionaries.addons.mozilla.org:2.03.2
FF - prefs.js..network.proxy.http: "192.168.1.1"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011.05.18 14:50:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.10 12:05:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.10 11:37:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.05.11 11:47:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2010.01.31 22:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Extensions
[2010.01.31 22:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.05.19 22:25:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Firefox\Profiles\uwaa8407.default\extensions
[2010.10.09 11:15:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Firefox\Profiles\uwaa8407.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.12 21:47:24 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Firefox\Profiles\uwaa8407.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.02.22 21:19:06 | 000,000,000 | ---D | M] (SlovnĂ*ky slovenskĂ©ho pravopisu) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Firefox\Profiles\uwaa8407.default\extensions\sk@dictionaries.addons.mozilla.org
[2010.10.09 11:15:54 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Documents and Settings\Peto\Data aplikací\Mozilla\Firefox\Profiles\uwaa8407.default\extensions\youtube2mp3@mondayx.de
[2011.05.13 21:27:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.23 15:32:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.09 08:23:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.05 22:09:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.05.13 21:27:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PETO\DATA APLIKACĂ*\MOZILLA\FIREFOX\PROFILES\UWAA8407.DEFAULT\EXTENSIONS\{CF47767D-5F3A-4E32-9FCE-5D79565C9702}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PETO\DATA APLIKACĂ*\MOZILLA\FIREFOX\PROFILES\UWAA8407.DEFAULT\EXTENSIONS\DE-DE@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PETO\DATA APLIKACĂ*\MOZILLA\FIREFOX\PROFILES\UWAA8407.DEFAULT\EXTENSIONS\SK@DICTIONARIES.ADDONS.MOZILLA.ORG
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PETO\DATA APLIKACĂ*\MOZILLA\FIREFOX\PROFILES\UWAA8407.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE
[2011.05.13 21:27:09 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.04.14 18:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011.05.13 21:27:07 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011.05.20 14:51:07 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [BisonMnt] C:\WINDOWS\BisonC07\BisonM07.exe ()
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
O4 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk = C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O15 - HKU\S-1-5-21-1125204742-4262373417-1560341529-1008\..Trusted Domains: autobazar.eu ([]* in Důvěryhodné servery)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264672677421 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PicNotify: DllName - PicNotify.dll - C:\WINDOWS\System32\PicNotify.dll ()
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\WALLPAPER\LENOVO1.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\WALLPAPER\LENOVO1.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.09.01 12:17:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.05.20 14:50:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.05.19 21:15:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011.05.19 21:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peto\Plocha\Virus+MS
[2011.05.19 09:33:59 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Peto\Plocha\OTL.exe
[2011.05.19 00:26:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.05.18 23:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peto\Data aplikací\Malwarebytes
[2011.05.18 23:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2011.05.18 23:21:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.05.18 23:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2011.05.18 23:21:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.05.18 23:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2011.05.18 23:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peto\Plocha\GooredFix Backups
[2011.05.18 23:16:36 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Peto\Plocha\GooredFix.exe
[2011.05.17 16:04:52 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.05.14 20:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Adobe
[2011.05.14 19:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.05.13 22:09:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.05.13 22:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\ERUNT
[2011.05.13 22:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011.05.13 21:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.05.13 21:27:24 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.05.13 21:27:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.05.13 21:27:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.05.13 21:27:24 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011.05.13 21:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.05.11 13:25:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Snapshot
[2011.05.01 18:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Data aplikací\Thunderbird
[2011.04.30 17:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Data aplikací\Sun
[2011.04.30 17:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Data aplikací\Macromedia
[2011.04.30 17:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Data aplikací\Adobe
[2011.04.29 20:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2011.04.23 17:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peto\Plocha\DP33-50
========== Files - Modified Within 30 Days ==========
[2011.05.20 15:03:35 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011.05.20 14:58:43 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo
[2011.05.20 14:58:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.05.20 14:58:11 | 1063,202,816 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.20 14:51:10 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011.05.20 14:51:07 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011.05.20 14:50:59 | 000,434,452 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.05.20 14:50:59 | 000,431,420 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2011.05.20 14:50:59 | 000,079,708 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2011.05.20 14:50:59 | 000,069,024 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.05.20 14:42:29 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2011.05.20 10:52:33 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\Malwarebytes.lnk
[2011.05.20 10:50:55 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2011.05.19 23:19:37 | 000,088,576 | ---- | M] () -- C:\Documents and Settings\Peto\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.19 21:55:48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.05.19 12:42:53 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\MBR.dat
[2011.05.19 09:34:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Peto\Plocha\OTL.exe
[2011.05.19 00:26:54 | 000,000,390 | RHS- | M] () -- C:\boot.ini
[2011.05.18 23:16:39 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Peto\Plocha\GooredFix.exe
[2011.05.18 13:03:35 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\userinit.exe
[2011.05.18 00:28:35 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011.05.18 00:28:35 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011.05.17 16:04:52 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.05.16 20:22:14 | 000,029,151 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\Snímek 005.jpg
[2011.05.16 20:21:24 | 000,030,420 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\Snímek 004.jpg
[2011.05.13 22:08:30 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\ERUNT.lnk
[2011.05.13 21:27:05 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.05.13 21:27:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.05.13 21:27:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.05.13 21:27:05 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011.05.13 21:27:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011.05.12 10:09:40 | 000,434,210 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110519-212222.backup
[2011.05.10 14:50:47 | 002,631,789 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\PV_CH1.tif
[2011.05.10 12:10:45 | 000,000,273 | ---- | M] () -- C:\Boot.bak
[2011.05.02 22:08:59 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.05.02 21:43:29 | 000,433,404 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110512-100940.backup
[2011.05.01 20:53:00 | 000,029,417 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\SRO_vyssia.htm
[2011.05.01 20:52:44 | 000,029,417 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\SRO_nizka.htm
[2011.05.01 11:08:16 | 000,433,404 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110502-214329.backup
[2011.04.25 21:48:12 | 000,117,693 | ---- | M] () -- C:\Documents and Settings\Peto\Plocha\Nemcina.pdf
========== Files Created - No Company Name ==========
[2011.05.20 10:52:33 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\Malwarebytes.lnk
[2011.05.19 09:36:44 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\MBR.dat
[2011.05.19 00:26:49 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2011.05.16 20:22:14 | 000,029,151 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\Snímek 005.jpg
[2011.05.16 20:21:24 | 000,030,420 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\Snímek 004.jpg
[2011.05.13 22:08:30 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\ERUNT.lnk
[2011.05.10 14:47:13 | 002,631,789 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\PV_CH1.tif
[2011.05.09 22:09:34 | 000,000,273 | ---- | C] () -- C:\Boot.bak
[2011.05.09 22:09:33 | 000,467,439 | R--- | C] () -- C:\txtsetup.sif
[2011.05.09 22:09:33 | 000,261,328 | R--- | C] () -- C:\old_$LDR$
[2011.05.02 22:20:13 | 1063,202,816 | -HS- | C] () -- C:\hiberfil.sys
[2011.05.01 20:52:57 | 000,029,417 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\SRO_vyssia.htm
[2011.05.01 20:52:43 | 000,029,417 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\SRO_nizka.htm
[2011.05.01 10:52:14 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011.05.01 10:52:14 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011.04.25 21:48:12 | 000,117,693 | ---- | C] () -- C:\Documents and Settings\Peto\Plocha\Nemcina.pdf
[2011.03.07 20:51:15 | 000,000,405 | ---- | C] () -- C:\WINDOWS\System32\ANGELDOS.SYS
[2010.10.21 21:07:00 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010.10.10 20:10:54 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.02.01 15:18:28 | 000,026,112 | R--- | C] () -- C:\WINDOWS\LgUninst.exe
[2010.01.31 21:49:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.01.28 16:35:19 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.01.28 15:58:36 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.01.27 23:53:34 | 000,088,576 | ---- | C] () -- C:\Documents and Settings\Peto\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.20 01:14:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.12.20 01:00:59 | 009,338,880 | ---- | C] () -- C:\WINDOWS\System32\Facev.dll
[2009.12.20 01:00:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\image.dll
[2009.12.20 01:00:57 | 000,655,360 | ---- | C] () -- C:\WINDOWS\System32\EncIcons.dll
[2009.12.20 01:00:57 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
[2009.12.20 01:00:57 | 000,241,752 | ---- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll
[2009.12.20 01:00:57 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SetDev.dll
[2009.12.20 01:00:57 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\VideoOp.dll
[2009.12.20 01:00:57 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FunFrm.dll
[2009.12.20 01:00:56 | 009,502,720 | ---- | C] () -- C:\WINDOWS\System32\FaceVerify.dll
[2009.12.20 01:00:56 | 001,564,672 | ---- | C] () -- C:\WINDOWS\System32\MainOp.dll
[2009.12.20 01:00:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DevFilt.dll
[2009.12.20 01:00:54 | 001,974,272 | ---- | C] () -- C:\WINDOWS\System32\Imagereog.dll
[2009.12.20 01:00:54 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\PicNotify.dll
[2009.12.20 01:00:54 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\Apblend.dll
[2009.12.20 01:00:54 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Momo.dll
[2009.12.20 01:00:52 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll
[2009.12.20 00:58:22 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009.09.28 04:03:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.09.28 03:04:19 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009.01.16 18:55:38 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008.11.07 18:08:20 | 000,362,029 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2008.09.01 14:07:47 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.09.01 14:06:25 | 000,305,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.09.01 12:20:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.09.01 12:14:26 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.07.22 04:30:37 | 000,001,650 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008.04.14 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 14:00:00 | 000,434,452 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 14:00:00 | 000,431,420 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2008.04.14 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 14:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2008.04.14 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 14:00:00 | 000,079,708 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2008.04.14 14:00:00 | 000,069,024 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 14:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2008.04.14 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002.11.06 12:16:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\angel32.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001.10.10 09:36:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.10.10 09:35:30 | 000,004,492 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.09.13 20:59:12 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\mejlovani.dll
[1999.02.11 15:34:14 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\Kernel.dll
< End of report >
:bigthumb:
All is well ???
PC starts fast, windows update fully functional, firefox behaves as before (which is great because those ads were killing me), no pop ups, svchost not killing the pc anymore....I can say everything looks just as perfect here :) Greaaaaat :thanks:
:bigthumb:
Malwarebytes is the free version and yours to keep, any tools that OTL does not remove can be just dragged to the trash, no sense in keeping them as they are updated on a regular basis
Lets update your Java to make your system more secure
Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 6 Update 25, if not proceed with the instructions.
Download the latest version Here (http://java.sun.com/javase/downloads/index.jsp) save it, do not install it yet.
Java SE Runtime Environment (JRE)JRE 6 Update 25 <--The wording is confusing but this is what you need
Go to your Add Remove Programs in the Control Panel and uninstall any previous versions of Java
Reboot your computer
Install the latest version
You can verify the installation Here (http://www.java.com/en/download/help/testvm.xml)
System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7 operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure. Old restore points can be a source of re-infection.
Please follow the steps below to create a clean restore point:
Click Start > Run > copy and paste the following into the run box:
%SystemRoot%\System32\restore\rstrui.exe
Press OK. Choose Create a Restore Point then click Next.
Name it (something you'll remember) and click Create.
When the confirmation screen shows the restore point has been created click Close.
Then remove all previous Restore Points
Click Start > Run > copy and paste the following into the run box:
cleanmgr
Choose to scan drive C:\ (if C:\ is your main drive).
At the top, click on More Options tab. Click the Clean up... button in the System Restore box.
Click on the Yes button.
When finished, click on Cancel button to exit.
Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
Java was up to date, restore point created and old points deleted, combo uninstalled and now it s time to read those hints :-)
One more big thank you and good bye. :)
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.